No. Time Source Destination Protocol Length Info 1 0.000000 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 1: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.746819000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.746819000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1dd6 (7638) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79f8 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1, Ack: 1, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3951497563 [Next Sequence Number: 44 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xe81f [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000000000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021585c4b173213fb1b6fd074eb80ffe71db04ffaebf2369c5f2b2a03af40… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 2 0.007424 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX,AOA Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.754243000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.754243000 seconds [Time delta from previous captured frame: 0.007424000 seconds] [Time delta from previous displayed frame: 0.007424000 seconds] [Time since reference or first frame: 0.007424000 seconds] Frame Number: 2 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 44 Identification: 0x1dd7 (7639) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xba13 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 24 Checksum: 0xd811 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (16 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb101c13e ReceiveWindowSize: 11863 Flags: 0x73e0, CN, CWR, Ack of Acks, Syn lossy, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0f03 .... ...1 = Version info: True Version: Unknown (0x2c17) snResetSeqNum: 0x64200a00 No. Time Source Destination Protocol Length Info 3 0.018435 134.188.170.175 134.188.170.174 RDPUDP 164 CORRELATIONID,AOA Frame 3: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.765254000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.765254000 seconds [Time delta from previous captured frame: 0.011011000 seconds] [Time delta from previous displayed frame: 0.011011000 seconds] [Time since reference or first frame: 0.018435000 seconds] Frame Number: 3 Frame Length: 164 bytes (1312 bits) Capture Length: 164 bytes (1312 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 150 Identification: 0xda9e (55966) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 130 Checksum: 0x636a [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.011011000 seconds] [Time since previous frame: 0.011011000 seconds] UDP payload (122 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c03f ReceiveWindowSize: 11871 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303006e00000000000028bad9ecd535 snResetSeqNum: 0x865b9fae No. Time Source Destination Protocol Length Info 4 0.024482 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 4: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.771301000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.771301000 seconds [Time delta from previous captured frame: 0.006047000 seconds] [Time delta from previous displayed frame: 0.006047000 seconds] [Time since reference or first frame: 0.024482000 seconds] Frame Number: 4 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1dd8 (7640) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e8 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 44, Ack: 1, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 44 (relative sequence number) Sequence Number (raw): 3951497606 [Next Sequence Number: 101 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xc41a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.024482000 seconds] [Time since previous frame in this TCP stream: 0.024482000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 000000000000215918814dfd5da8bd8ebe098af6e0c52b6a9e8e4a06f755e8016811d203… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 5 0.024527 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=101 Win=63185 Len=0 Frame 5: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.771346000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.771346000 seconds [Time delta from previous captured frame: 0.000045000 seconds] [Time delta from previous displayed frame: 0.000045000 seconds] [Time since reference or first frame: 0.024527000 seconds] Frame Number: 5 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xda9f (55967) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 101, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 101 (relative ack number) Acknowledgment number (raw): 3951497663 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63185 [Calculated window size: 63185] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.024527000 seconds] [Time since previous frame in this TCP stream: 0.000045000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.000045000 seconds] No. Time Source Destination Protocol Length Info 6 0.032024 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 6: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.778843000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.778843000 seconds [Time delta from previous captured frame: 0.007497000 seconds] [Time delta from previous displayed frame: 0.007497000 seconds] [Time since reference or first frame: 0.032024000 seconds] Frame Number: 6 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1dd9 (7641) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79f5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 101, Ack: 1, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 101 (relative sequence number) Sequence Number (raw): 3951497663 [Next Sequence Number: 144 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x48ac [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.032024000 seconds] [Time since previous frame in this TCP stream: 0.007497000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000215a58d594fa90cf3f0074d9974706145952ee44d7c92bdf7ede65413cb4… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 7 0.037385 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.784204000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.784204000 seconds [Time delta from previous captured frame: 0.005361000 seconds] [Time delta from previous displayed frame: 0.005361000 seconds] [Time since reference or first frame: 0.037385000 seconds] Frame Number: 7 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1dda (7642) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xba16 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0x55e2 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.029961000 seconds] [Time since previous frame: 0.018950000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb101c03f ReceiveWindowSize: 11980 Flags: 0x8de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 8 0.048729 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 8: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.795548000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.795548000 seconds [Time delta from previous captured frame: 0.011344000 seconds] [Time delta from previous displayed frame: 0.011344000 seconds] [Time since reference or first frame: 0.048729000 seconds] Frame Number: 8 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1ddb (7643) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79ec [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 144, Ack: 1, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 144 (relative sequence number) Sequence Number (raw): 3951497706 [Next Sequence Number: 194 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x9070 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.048729000 seconds] [Time since previous frame in this TCP stream: 0.016705000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000215b7531f47a5d3d1370cafd761aeea69f3b6c975ca03709425d74ad5a10… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 9 0.048754 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=194 Win=63092 Len=0 Frame 9: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.795573000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.795573000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.000025000 seconds] [Time since reference or first frame: 0.048754000 seconds] Frame Number: 9 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaa0 (55968) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 194, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 194 (relative ack number) Acknowledgment number (raw): 3951497756 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63092 [Calculated window size: 63092] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.048754000 seconds] [Time since previous frame in this TCP stream: 0.000025000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 8] [The RTT to ACK the segment was: 0.000025000 seconds] No. Time Source Destination Protocol Length Info 10 0.064019 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 10: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.810838000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.810838000 seconds [Time delta from previous captured frame: 0.015265000 seconds] [Time delta from previous displayed frame: 0.015265000 seconds] [Time since reference or first frame: 0.064019000 seconds] Frame Number: 10 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1ddc (7644) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79eb [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 194, Ack: 1, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 194 (relative sequence number) Sequence Number (raw): 3951497756 [Next Sequence Number: 244 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xcb68 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.064019000 seconds] [Time since previous frame in this TCP stream: 0.015265000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000215ce8ba751b0cf9e384e4de432ba5dc64fb848cdc35a69ab08b4985aff5… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 11 0.080015 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 11: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.826834000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.826834000 seconds [Time delta from previous captured frame: 0.015996000 seconds] [Time delta from previous displayed frame: 0.015996000 seconds] [Time since reference or first frame: 0.080015000 seconds] Frame Number: 11 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1ddd (7645) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79ea [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 244, Ack: 1, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 244 (relative sequence number) Sequence Number (raw): 3951497806 [Next Sequence Number: 294 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x6299 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.080015000 seconds] [Time since previous frame in this TCP stream: 0.015996000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000215d0de79afd74f11059aa7921a847c16afaf71d984595006f3ecd168a88… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 12 0.080041 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=294 Win=62992 Len=0 Frame 12: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.826860000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.826860000 seconds [Time delta from previous captured frame: 0.000026000 seconds] [Time delta from previous displayed frame: 0.000026000 seconds] [Time since reference or first frame: 0.080041000 seconds] Frame Number: 12 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaa1 (55969) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 294, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 294 (relative ack number) Acknowledgment number (raw): 3951497856 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62992 [Calculated window size: 62992] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.080041000 seconds] [Time since previous frame in this TCP stream: 0.000026000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 11] [The RTT to ACK the segment was: 0.000026000 seconds] No. Time Source Destination Protocol Length Info 13 0.087726 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 13: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.834545000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.834545000 seconds [Time delta from previous captured frame: 0.007685000 seconds] [Time delta from previous displayed frame: 0.007685000 seconds] [Time since reference or first frame: 0.087726000 seconds] Frame Number: 13 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1dde (7646) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79f0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 294, Ack: 1, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 294 (relative sequence number) Sequence Number (raw): 3951497856 [Next Sequence Number: 337 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xbb52 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.087726000 seconds] [Time since previous frame in this TCP stream: 0.007685000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000215e711366c134fbb111527aa0b4804fb8745286442b5b6fbd641bed7d0d… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 14 0.112029 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 14: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.858848000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.858848000 seconds [Time delta from previous captured frame: 0.024303000 seconds] [Time delta from previous displayed frame: 0.024303000 seconds] [Time since reference or first frame: 0.112029000 seconds] Frame Number: 14 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1ddf (7647) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 337, Ack: 1, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 337 (relative sequence number) Sequence Number (raw): 3951497899 [Next Sequence Number: 394 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x114c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.112029000 seconds] [Time since previous frame in this TCP stream: 0.024303000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 000000000000215fa2b16e45a71a08e2678b70a7a25ed274b0cfea9fe67ab3121fc988b9… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 15 0.112053 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=394 Win=62892 Len=0 Frame 15: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.858872000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.858872000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 0.112053000 seconds] Frame Number: 15 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaa2 (55970) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 394, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 394 (relative ack number) Acknowledgment number (raw): 3951497956 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62892 [Calculated window size: 62892] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.112053000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 14] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 16 0.128990 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 16: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.875809000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.875809000 seconds [Time delta from previous captured frame: 0.016937000 seconds] [Time delta from previous displayed frame: 0.016937000 seconds] [Time since reference or first frame: 0.128990000 seconds] Frame Number: 16 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1de0 (7648) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e7 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 394, Ack: 1, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 394 (relative sequence number) Sequence Number (raw): 3951497956 [Next Sequence Number: 444 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x3f5b [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.128990000 seconds] [Time since previous frame in this TCP stream: 0.016937000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002160020e0337c8bd0b8814f2a762733a6e39622d07a4115fda45dbb50de8… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 17 0.143954 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 17: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.890773000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.890773000 seconds [Time delta from previous captured frame: 0.014964000 seconds] [Time delta from previous displayed frame: 0.014964000 seconds] [Time since reference or first frame: 0.143954000 seconds] Frame Number: 17 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1de1 (7649) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e6 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 444, Ack: 1, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 444 (relative sequence number) Sequence Number (raw): 3951498006 [Next Sequence Number: 494 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xde42 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.143954000 seconds] [Time since previous frame in this TCP stream: 0.014964000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000216158e188d957f6a3aa4822c21a6fc4232774009e221535df28aee98f5b… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 18 0.143991 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=494 Win=62792 Len=0 Frame 18: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.890810000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.890810000 seconds [Time delta from previous captured frame: 0.000037000 seconds] [Time delta from previous displayed frame: 0.000037000 seconds] [Time since reference or first frame: 0.143991000 seconds] Frame Number: 18 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaa3 (55971) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 494, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 494 (relative ack number) Acknowledgment number (raw): 3951498056 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62792 [Calculated window size: 62792] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.143991000 seconds] [Time since previous frame in this TCP stream: 0.000037000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 17] [The RTT to ACK the segment was: 0.000037000 seconds] No. Time Source Destination Protocol Length Info 19 0.159549 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 19: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.906368000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.906368000 seconds [Time delta from previous captured frame: 0.015558000 seconds] [Time delta from previous displayed frame: 0.015558000 seconds] [Time since reference or first frame: 0.159549000 seconds] Frame Number: 19 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1de2 (7650) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 494, Ack: 1, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 494 (relative sequence number) Sequence Number (raw): 3951498056 [Next Sequence Number: 544 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xec61 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.159549000 seconds] [Time since previous frame in this TCP stream: 0.015558000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002162c2eec50e0a7f70cf0f7754952b327ae957d1e88fcee1751ce1bfcbb6… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 20 0.167686 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 20: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.914505000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.914505000 seconds [Time delta from previous captured frame: 0.008137000 seconds] [Time delta from previous displayed frame: 0.008137000 seconds] [Time since reference or first frame: 0.167686000 seconds] Frame Number: 20 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1de3 (7651) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79eb [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 544, Ack: 1, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 544 (relative sequence number) Sequence Number (raw): 3951498106 [Next Sequence Number: 587 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x3bd0 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.167686000 seconds] [Time since previous frame in this TCP stream: 0.008137000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021637d80cd70b6962d5ebec40b6017df5faf66d1220ce4c726e13ca58e83… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 21 0.167726 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=587 Win=62699 Len=0 Frame 21: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.914545000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.914545000 seconds [Time delta from previous captured frame: 0.000040000 seconds] [Time delta from previous displayed frame: 0.000040000 seconds] [Time since reference or first frame: 0.167726000 seconds] Frame Number: 21 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaa4 (55972) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 587, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 587 (relative ack number) Acknowledgment number (raw): 3951498149 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62699 [Calculated window size: 62699] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.167726000 seconds] [Time since previous frame in this TCP stream: 0.000040000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 20] [The RTT to ACK the segment was: 0.000040000 seconds] No. Time Source Destination Protocol Length Info 22 0.191953 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 22: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.938772000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.938772000 seconds [Time delta from previous captured frame: 0.024227000 seconds] [Time delta from previous displayed frame: 0.024227000 seconds] [Time since reference or first frame: 0.191953000 seconds] Frame Number: 22 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1de4 (7652) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79dc [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 587, Ack: 1, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 587 (relative sequence number) Sequence Number (raw): 3951498149 [Next Sequence Number: 644 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xc1ab [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.191953000 seconds] [Time since previous frame in this TCP stream: 0.024227000 seconds] [SEQ/ACK analysis] [Bytes in flight: 57] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 0000000000002164a5e227055bc7d8c21c91d5b3adee6a031115dbb1d671cc00f561c677… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 23 0.199928 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 23: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.946747000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.946747000 seconds [Time delta from previous captured frame: 0.007975000 seconds] [Time delta from previous displayed frame: 0.007975000 seconds] [Time since reference or first frame: 0.199928000 seconds] Frame Number: 23 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1de5 (7653) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 644, Ack: 1, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 644 (relative sequence number) Sequence Number (raw): 3951498206 [Next Sequence Number: 687 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x85ab [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.199928000 seconds] [Time since previous frame in this TCP stream: 0.007975000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 0000000000002165ccd9a48e99a321f99253592099d62f02037693ca3b1adfa1db76a4c8… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 24 0.199973 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=687 Win=62599 Len=0 Frame 24: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.946792000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.946792000 seconds [Time delta from previous captured frame: 0.000045000 seconds] [Time delta from previous displayed frame: 0.000045000 seconds] [Time since reference or first frame: 0.199973000 seconds] Frame Number: 24 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaa5 (55973) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 687, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 687 (relative ack number) Acknowledgment number (raw): 3951498249 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62599 [Calculated window size: 62599] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.199973000 seconds] [Time since previous frame in this TCP stream: 0.000045000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 23] [The RTT to ACK the segment was: 0.000045000 seconds] No. Time Source Destination Protocol Length Info 25 0.224001 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 25: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.970820000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.970820000 seconds [Time delta from previous captured frame: 0.024028000 seconds] [Time delta from previous displayed frame: 0.024028000 seconds] [Time since reference or first frame: 0.224001000 seconds] Frame Number: 25 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1de6 (7654) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79da [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 687, Ack: 1, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 687 (relative sequence number) Sequence Number (raw): 3951498249 [Next Sequence Number: 744 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x4a08 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.224001000 seconds] [Time since previous frame in this TCP stream: 0.024028000 seconds] [SEQ/ACK analysis] [Bytes in flight: 57] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 0000000000002166dcbc274cd109a2249f690f8fd44025885b537b123f0eb7bc09646a72… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 26 0.240028 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 26: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.986847000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.986847000 seconds [Time delta from previous captured frame: 0.016027000 seconds] [Time delta from previous displayed frame: 0.016027000 seconds] [Time since reference or first frame: 0.240028000 seconds] Frame Number: 26 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1de7 (7655) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 744, Ack: 1, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 744 (relative sequence number) Sequence Number (raw): 3951498306 [Next Sequence Number: 794 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1607889351 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x167d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.240028000 seconds] [Time since previous frame in this TCP stream: 0.016027000 seconds] [SEQ/ACK analysis] [Bytes in flight: 107] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002167f306bf368b982637f3daf1779e3dc62ef601c8281d85c13fca9c7f74… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 27 0.240112 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=1 Ack=794 Win=64000 Len=0 Frame 27: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.986931000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.986931000 seconds [Time delta from previous captured frame: 0.000084000 seconds] [Time delta from previous displayed frame: 0.000084000 seconds] [Time since reference or first frame: 0.240112000 seconds] Frame Number: 27 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaa6 (55974) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 794, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 794 (relative ack number) Acknowledgment number (raw): 3951498356 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 64000 [Calculated window size: 64000] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.240112000 seconds] [Time since previous frame in this TCP stream: 0.000084000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 26] [The RTT to ACK the segment was: 0.000084000 seconds] No. Time Source Destination Protocol Length Info 28 0.251721 134.188.170.175 134.188.170.174 TLSv1.2 105 Application Data Frame 28: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.998540000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.998540000 seconds [Time delta from previous captured frame: 0.011609000 seconds] [Time delta from previous displayed frame: 0.011609000 seconds] [Time since reference or first frame: 0.251721000 seconds] Frame Number: 28 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0xdaa7 (55975) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 1, Ack: 794, Len: 51 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 51] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1607889351 [Next Sequence Number: 52 (relative sequence number)] Acknowledgment Number: 794 (relative ack number) Acknowledgment number (raw): 3951498356 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 64000 [Calculated window size: 64000] [Window size scaling factor: -1 (unknown)] Checksum: 0x6324 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.251721000 seconds] [Time since previous frame in this TCP stream: 0.011609000 seconds] [SEQ/ACK analysis] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] TCP payload (51 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 46 Encrypted Application Data: 00000000000016593db0629ec76c129d74ee879e78b2ba918ad35d59c70e6f34ece60c83… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 29 0.251875 134.188.170.175 134.188.170.174 RDPUDP 576 CORRELATIONID,AOA Frame 29: 576 bytes on wire (4608 bits), 576 bytes captured (4608 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:36.998694000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010656.998694000 seconds [Time delta from previous captured frame: 0.000154000 seconds] [Time delta from previous displayed frame: 0.000154000 seconds] [Time since reference or first frame: 0.251875000 seconds] Frame Number: 29 Frame Length: 576 bytes (4608 bits) Capture Length: 576 bytes (4608 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 562 Identification: 0xdaa8 (55976) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 542 Checksum: 0x6506 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.244451000 seconds] [Time since previous frame: 0.214490000 seconds] UDP payload (534 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c040 ReceiveWindowSize: 11872 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303020a00000000000028bb3fc96122 snResetSeqNum: 0x885a4eda No. Time Source Destination Protocol Length Info 30 0.260664 134.188.170.1 224.0.0.18 VRRP 60 Announcement (v2) Frame 30: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.007483000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.007483000 seconds [Time delta from previous captured frame: 0.008789000 seconds] [Time delta from previous displayed frame: 0.008789000 seconds] [Time since reference or first frame: 0.260664000 seconds] Frame Number: 30 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:vrrp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: IPv4mcast_12 (01:00:5e:00:00:12) Destination: IPv4mcast_12 (01:00:5e:00:00:12) Address: IPv4mcast_12 (01:00:5e:00:00:12) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.18 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0000 (0) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 255 Protocol: VRRP (112) Header Checksum: 0xa9d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.18 Virtual Router Redundancy Protocol Version 2, Packet type 1 (Advertisement) 0010 .... = VRRP protocol version: 2 .... 0001 = VRRP packet type: Advertisement (1) Virtual Rtr ID: 170 Priority: 255 (This VRRP router owns the virtual router's IP address(es)) Addr Count: 1 Auth Type: No Authentication (0) Adver Int: 1 Checksum: 0xae94 [correct] [Checksum Status: Good] IP Address: 134.188.170.1 No. Time Source Destination Protocol Length Info 31 0.267434 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX[Malformed Packet] Frame 31: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.014253000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.014253000 seconds [Time delta from previous captured frame: 0.006770000 seconds] [Time delta from previous displayed frame: 0.006770000 seconds] [Time since reference or first frame: 0.267434000 seconds] Frame Number: 31 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1de8 (7656) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xba08 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0x7407 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.260010000 seconds] [Time since previous frame: 0.015559000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb201c040 ReceiveWindowSize: 11942 Flags: 0x71e0, CN, CWR, Ack of Acks, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0f00 .... ...0 = Version info: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 32 0.284267 134.188.170.175 134.188.170.174 RDPUDP 202 CORRELATIONID,AOA Frame 32: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.031086000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.031086000 seconds [Time delta from previous captured frame: 0.016833000 seconds] [Time delta from previous displayed frame: 0.016833000 seconds] [Time since reference or first frame: 0.284267000 seconds] Frame Number: 32 Frame Length: 202 bytes (1616 bits) Capture Length: 202 bytes (1616 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 188 Identification: 0xdaa9 (55977) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 168 Checksum: 0x6390 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.276843000 seconds] [Time since previous frame: 0.016833000 seconds] UDP payload (160 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c041 ReceiveWindowSize: 11873 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303009400000000000028bc840dff36 snResetSeqNum: 0xa9942782 No. Time Source Destination Protocol Length Info 33 0.297143 134.188.170.174 134.188.170.175 TCP 60 52728 → 3389 [ACK] Seq=794 Ack=52 Win=8212 Len=0 Frame 33: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.043962000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.043962000 seconds [Time delta from previous captured frame: 0.012876000 seconds] [Time delta from previous displayed frame: 0.012876000 seconds] [Time since reference or first frame: 0.297143000 seconds] Frame Number: 33 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1de9 (7657) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7a10 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 794, Ack: 52, Len: 0 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 794 (relative sequence number) Sequence Number (raw): 3951498356 [Next Sequence Number: 794 (relative sequence number)] Acknowledgment Number: 52 (relative ack number) Acknowledgment number (raw): 1607889402 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x7fe7 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.297143000 seconds] [Time since previous frame in this TCP stream: 0.045422000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 28] [The RTT to ACK the segment was: 0.045422000 seconds] No. Time Source Destination Protocol Length Info 34 0.297528 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX[Malformed Packet] Frame 34: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.044347000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.044347000 seconds [Time delta from previous captured frame: 0.000385000 seconds] [Time delta from previous displayed frame: 0.000385000 seconds] [Time since reference or first frame: 0.297528000 seconds] Frame Number: 34 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1dea (7658) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xba06 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0x56fb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.290104000 seconds] [Time since previous frame: 0.013261000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb201c041 ReceiveWindowSize: 11953 Flags: 0x91e0, CN, CWR, Ack of Acks, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0c00 .... ...0 = Version info: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 35 0.424711 ProCurve_ae:14:2e Spanning-tree-(for-bridges)_00 STP 119 MST. Root = 32768/0/00:1b:3f:59:00:00 Cost = 1 Port = 0x80d2 Frame 35: 119 bytes on wire (952 bits), 119 bytes captured (952 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.171530000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.171530000 seconds [Time delta from previous captured frame: 0.127183000 seconds] [Time delta from previous displayed frame: 0.127183000 seconds] [Time since reference or first frame: 0.424711000 seconds] Frame Number: 35 Frame Length: 119 bytes (952 bits) Capture Length: 119 bytes (952 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:llc:stp] [Coloring Rule Name: Broadcast] [Coloring Rule String: eth[0] & 1] IEEE 802.3 Ethernet Destination: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) Address: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) Address: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Length: 105 Logical-Link Control DSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = IG Bit: Individual SSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = CR Bit: Command Control field: U, func=UI (0x03) 000. 00.. = Command: Unnumbered Information (0x00) .... ..11 = Frame type: Unnumbered frame (0x3) Spanning Tree Protocol Protocol Identifier: Spanning Tree Protocol (0x0000) Protocol Version Identifier: Multiple Spanning Tree (3) BPDU Type: Rapid/Multiple Spanning Tree (0x02) BPDU flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated 0... .... = Topology Change Acknowledgment: No .1.. .... = Agreement: Yes ..1. .... = Forwarding: Yes ...1 .... = Learning: Yes .... 11.. = Port Role: Designated (3) .... ..0. = Proposal: No .... ...0 = Topology Change: No Root Identifier: 32768 / 0 / 00:1b:3f:59:00:00 Root Bridge Priority: 32768 Root Bridge System ID Extension: 0 Root Bridge System ID: ProCurve_59:00:00 (00:1b:3f:59:00:00) Root Path Cost: 1 Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 Bridge Priority: 32768 Bridge System ID Extension: 0 Bridge System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) Port identifier: 0x80d2 Message Age: 1 Max Age: 20 Hello Time: 2 Forward Delay: 15 Version 1 Length: 0 Version 3 Length: 64 MST Extension MST Config ID format selector: 0 MST Config name: 001b3fae0400 MST Config revision: 0 MST Config digest: ac36177f50283cd4b83821d8ab26de62 CIST Internal Root Path Cost: 0 CIST Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 CIST Bridge Priority: 32768 CIST Bridge Identifier System ID Extension: 0 CIST Bridge Identifier System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) CIST Remaining hops: 20 No. Time Source Destination Protocol Length Info 36 0.427152 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 36: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.173971000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.173971000 seconds [Time delta from previous captured frame: 0.002441000 seconds] [Time delta from previous displayed frame: 0.002441000 seconds] [Time since reference or first frame: 0.427152000 seconds] Frame Number: 36 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1deb (7659) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e3 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 794, Ack: 52, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 794 (relative sequence number) Sequence Number (raw): 3951498356 [Next Sequence Number: 837 (relative sequence number)] Acknowledgment Number: 52 (relative ack number) Acknowledgment number (raw): 1607889402 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xa3f7 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.427152000 seconds] [Time since previous frame in this TCP stream: 0.130009000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021688a20e675bcfca2ab3c468bf074e82eaf167b13a32ad9723d5f2796fe… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 37 0.439029 134.188.170.175 134.188.170.174 RDPUDP 388 CORRELATIONID,AOA Frame 37: 388 bytes on wire (3104 bits), 388 bytes captured (3104 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.185848000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.185848000 seconds [Time delta from previous captured frame: 0.011877000 seconds] [Time delta from previous displayed frame: 0.011877000 seconds] [Time since reference or first frame: 0.439029000 seconds] Frame Number: 37 Frame Length: 388 bytes (3104 bits) Capture Length: 388 bytes (3104 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 374 Identification: 0xdaaa (55978) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 354 Checksum: 0x644a [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.431605000 seconds] [Time since previous frame: 0.141501000 seconds] UDP payload (346 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c042 ReceiveWindowSize: 11874 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303014e00000000000028bd1d683547 snResetSeqNum: 0x9b00eda3 No. Time Source Destination Protocol Length Info 38 0.453194 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 38: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.200013000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.200013000 seconds [Time delta from previous captured frame: 0.014165000 seconds] [Time delta from previous displayed frame: 0.014165000 seconds] [Time since reference or first frame: 0.453194000 seconds] Frame Number: 38 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1dec (7660) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xba04 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0xbddc [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.445770000 seconds] [Time since previous frame: 0.014165000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb301c042 ReceiveWindowSize: 11983 Flags: 0x28e0, CN, CWR, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 39 0.467544 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=52 Ack=837 Win=63957 Len=0 Frame 39: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.214363000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.214363000 seconds [Time delta from previous captured frame: 0.014350000 seconds] [Time delta from previous displayed frame: 0.014350000 seconds] [Time since reference or first frame: 0.467544000 seconds] Frame Number: 39 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaab (55979) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 52, Ack: 837, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 52 (relative sequence number) Sequence Number (raw): 1607889402 [Next Sequence Number: 52 (relative sequence number)] Acknowledgment Number: 837 (relative ack number) Acknowledgment number (raw): 3951498399 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63957 [Calculated window size: 63957] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.467544000 seconds] [Time since previous frame in this TCP stream: 0.040392000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 36] [The RTT to ACK the segment was: 0.040392000 seconds] No. Time Source Destination Protocol Length Info 40 0.469571 134.188.170.175 134.188.170.174 RDPUDP 117 CORRELATIONID,AOA Frame 40: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.216390000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.216390000 seconds [Time delta from previous captured frame: 0.002027000 seconds] [Time delta from previous displayed frame: 0.002027000 seconds] [Time since reference or first frame: 0.469571000 seconds] Frame Number: 40 Frame Length: 117 bytes (936 bits) Capture Length: 117 bytes (936 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 103 Identification: 0xdaac (55980) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 83 Checksum: 0x633b [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.462147000 seconds] [Time since previous frame: 0.016377000 seconds] UDP payload (75 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c043 ReceiveWindowSize: 11875 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303003f00000000000028be336b9df4 snResetSeqNum: 0xccb5d9df No. Time Source Destination Protocol Length Info 41 0.483390 134.188.170.174 134.188.170.175 RDPUDP 60 Frame 41: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.230209000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.230209000 seconds [Time delta from previous captured frame: 0.013819000 seconds] [Time delta from previous displayed frame: 0.013819000 seconds] [Time since reference or first frame: 0.483390000 seconds] Frame Number: 41 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1ded (7661) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xba03 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0xa03b [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.475966000 seconds] [Time since previous frame: 0.013819000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb301c043 ReceiveWindowSize: 11887 Flags: 0x46e0, CN, CWR, Syn lossy, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 42 0.496006 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 42: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.242825000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.242825000 seconds [Time delta from previous captured frame: 0.012616000 seconds] [Time delta from previous displayed frame: 0.012616000 seconds] [Time since reference or first frame: 0.496006000 seconds] Frame Number: 42 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1dee (7662) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 837, Ack: 52, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 837 (relative sequence number) Sequence Number (raw): 3951498399 [Next Sequence Number: 880 (relative sequence number)] Acknowledgment Number: 52 (relative ack number) Acknowledgment number (raw): 1607889402 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x5e7b [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.496006000 seconds] [Time since previous frame in this TCP stream: 0.028462000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 0000000000002169aaace8334a278ab056332723afb35bcfd638ba1a04366ba508d6d586… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 43 0.532044 134.188.170.175 134.188.170.174 RDPUDP 106 CORRELATIONID,AOA Frame 43: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.278863000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.278863000 seconds [Time delta from previous captured frame: 0.036038000 seconds] [Time delta from previous displayed frame: 0.036038000 seconds] [Time since reference or first frame: 0.532044000 seconds] Frame Number: 43 Frame Length: 106 bytes (848 bits) Capture Length: 106 bytes (848 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 92 Identification: 0xdaad (55981) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 72 Checksum: 0x6330 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.524620000 seconds] [Time since previous frame: 0.048654000 seconds] UDP payload (64 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c044 ReceiveWindowSize: 11876 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303003400000000000028bf6ab473be snResetSeqNum: 0x793aa9c8 No. Time Source Destination Protocol Length Info 44 0.534233 134.188.170.174 134.188.170.175 RDPUDP 292 AOA Frame 44: 292 bytes on wire (2336 bits), 292 bytes captured (2336 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.281052000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.281052000 seconds [Time delta from previous captured frame: 0.002189000 seconds] [Time delta from previous displayed frame: 0.002189000 seconds] [Time since reference or first frame: 0.534233000 seconds] Frame Number: 44 Frame Length: 292 bytes (2336 bits) Capture Length: 292 bytes (2336 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 278 Identification: 0x1def (7663) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb911 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 258 Checksum: 0x6c47 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.526809000 seconds] [Time since previous frame: 0.002189000 seconds] UDP payload (250 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb345c044 ReceiveWindowSize: 11948 Flags: 0x83e0, CN, CWR, Ack of Acks, Syn lossy .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False snResetSeqNum: 0x010005a1 No. Time Source Destination Protocol Length Info 45 0.545671 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=52 Ack=880 Win=63914 Len=0 Frame 45: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.292490000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.292490000 seconds [Time delta from previous captured frame: 0.011438000 seconds] [Time delta from previous displayed frame: 0.011438000 seconds] [Time since reference or first frame: 0.545671000 seconds] Frame Number: 45 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdaae (55982) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 52, Ack: 880, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 52 (relative sequence number) Sequence Number (raw): 1607889402 [Next Sequence Number: 52 (relative sequence number)] Acknowledgment Number: 880 (relative ack number) Acknowledgment number (raw): 3951498442 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63914 [Calculated window size: 63914] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.545671000 seconds] [Time since previous frame in this TCP stream: 0.049665000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 42] [The RTT to ACK the segment was: 0.049665000 seconds] No. Time Source Destination Protocol Length Info 46 0.545875 134.188.170.175 134.188.170.174 RDPUDP 53 [Malformed Packet] Frame 46: 53 bytes on wire (424 bits), 53 bytes captured (424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.292694000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.292694000 seconds [Time delta from previous captured frame: 0.000204000 seconds] [Time delta from previous displayed frame: 0.000204000 seconds] [Time since reference or first frame: 0.545875000 seconds] Frame Number: 46 Frame Length: 53 bytes (424 bits) Capture Length: 53 bytes (424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0xdaaf (55983) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 19 Checksum: 0x62fb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.538451000 seconds] [Time since previous frame: 0.011642000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb441c0a1 ReceiveWindowSize: 4196 Flags: 0x68e0, CN, CWR, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 47 0.603440 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 47: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.350259000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.350259000 seconds [Time delta from previous captured frame: 0.057565000 seconds] [Time delta from previous displayed frame: 0.057565000 seconds] [Time since reference or first frame: 0.603440000 seconds] Frame Number: 47 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdab0 (55984) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.596016000 seconds] [Time since previous frame: 0.057565000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c045 ReceiveWindowSize: 11877 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028c096aea2f2 snResetSeqNum: 0x241d94df No. Time Source Destination Protocol Length Info 48 0.603479 134.188.170.175 134.188.170.174 RDPUDP 1282 Frame 48: 1282 bytes on wire (10256 bits), 1282 bytes captured (10256 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.350298000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.350298000 seconds [Time delta from previous captured frame: 0.000039000 seconds] [Time delta from previous displayed frame: 0.000039000 seconds] [Time since reference or first frame: 0.603479000 seconds] Frame Number: 48 Frame Length: 1282 bytes (10256 bits) Capture Length: 1282 bytes (10256 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1268 Identification: 0xdab1 (55985) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1248 Checksum: 0x67c8 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.596055000 seconds] [Time since previous frame: 0.000039000 seconds] UDP payload (1240 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c1e9 ReceiveWindowSize: 2560 Flags: 0x46e0, CN, CWR, Syn lossy, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 49 0.603543 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 49: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.350362000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.350362000 seconds [Time delta from previous captured frame: 0.000064000 seconds] [Time delta from previous displayed frame: 0.000064000 seconds] [Time since reference or first frame: 0.603543000 seconds] Frame Number: 49 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdab2 (55986) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.596119000 seconds] [Time since previous frame: 0.000064000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x3004c047 ReceiveWindowSize: 11879 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: df2e1ed3c262e1fa59f2c8669865ff9c snResetSeqNum: 0xc7609858 No. Time Source Destination Protocol Length Info 50 0.603560 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 50: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.350379000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.350379000 seconds [Time delta from previous captured frame: 0.000017000 seconds] [Time delta from previous displayed frame: 0.000017000 seconds] [Time since reference or first frame: 0.603560000 seconds] Frame Number: 50 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdab3 (55987) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.596136000 seconds] [Time since previous frame: 0.000017000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0804c048 ReceiveWindowSize: 11880 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 7c4490e249271ea52bd9607efa9cd440 snResetSeqNum: 0x0546c4fe No. Time Source Destination Protocol Length Info 51 0.603579 134.188.170.175 134.188.170.174 RDPUDP 191 CORRELATIONID,AOA Frame 51: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.350398000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.350398000 seconds [Time delta from previous captured frame: 0.000019000 seconds] [Time delta from previous displayed frame: 0.000019000 seconds] [Time since reference or first frame: 0.603579000 seconds] Frame Number: 51 Frame Length: 191 bytes (1528 bits) Capture Length: 191 bytes (1528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 177 Identification: 0xdab4 (55988) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 157 Checksum: 0x6385 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.596155000 seconds] [Time since previous frame: 0.000019000 seconds] UDP payload (149 bytes) UDP Remote Desktop Protocol snSourceAck: 0x9004c049 ReceiveWindowSize: 11881 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: cc30f0a3b6388e9f45dc3e86177a04bd snResetSeqNum: 0x32b2904a No. Time Source Destination Protocol Length Info 52 0.604615 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 52: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.351434000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.351434000 seconds [Time delta from previous captured frame: 0.001036000 seconds] [Time delta from previous displayed frame: 0.001036000 seconds] [Time since reference or first frame: 0.604615000 seconds] Frame Number: 52 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdab5 (55989) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.597191000 seconds] [Time since previous frame: 0.001036000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c04a ReceiveWindowSize: 11882 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028c4c7960edb snResetSeqNum: 0x4dd71194 No. Time Source Destination Protocol Length Info 53 0.604645 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 53: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.351464000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.351464000 seconds [Time delta from previous captured frame: 0.000030000 seconds] [Time delta from previous displayed frame: 0.000030000 seconds] [Time since reference or first frame: 0.604645000 seconds] Frame Number: 53 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdab6 (55990) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.597221000 seconds] [Time since previous frame: 0.000030000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x8b04c04b ReceiveWindowSize: 11883 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 29645e39b28e6eaa2c7704bfd249a33a snResetSeqNum: 0x0a1e76bc No. Time Source Destination Protocol Length Info 54 0.604667 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 54: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.351486000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.351486000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.000022000 seconds] [Time since reference or first frame: 0.604667000 seconds] Frame Number: 54 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdab7 (55991) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.597243000 seconds] [Time since previous frame: 0.000022000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xf304c04c ReceiveWindowSize: 11884 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 469cfcdfa0085a8c3c77c96e9f0e1ab1 snResetSeqNum: 0x3d673eed No. Time Source Destination Protocol Length Info 55 0.604688 134.188.170.175 134.188.170.174 RDPUDP 385 CORRELATIONID,AOA Frame 55: 385 bytes on wire (3080 bits), 385 bytes captured (3080 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.351507000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.351507000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 0.604688000 seconds] Frame Number: 55 Frame Length: 385 bytes (3080 bits) Capture Length: 385 bytes (3080 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 371 Identification: 0xdab8 (55992) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 351 Checksum: 0x6447 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.597264000 seconds] [Time since previous frame: 0.000021000 seconds] UDP payload (343 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb804c04d ReceiveWindowSize: 11885 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 3848cc13205ee196fa45af705c6ce434 snResetSeqNum: 0x8c651fd2 No. Time Source Destination Protocol Length Info 56 0.604960 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 56: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.351779000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.351779000 seconds [Time delta from previous captured frame: 0.000272000 seconds] [Time delta from previous displayed frame: 0.000272000 seconds] [Time since reference or first frame: 0.604960000 seconds] Frame Number: 56 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdab9 (55993) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.597536000 seconds] [Time since previous frame: 0.000272000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c04e ReceiveWindowSize: 11886 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028c7e5537df5 snResetSeqNum: 0x1f61741a No. Time Source Destination Protocol Length Info 57 0.604988 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 57: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.351807000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.351807000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 0.604988000 seconds] Frame Number: 57 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaba (55994) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.597564000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6904c04f ReceiveWindowSize: 11887 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: dab2c345339503521e48e930cf910bb6 snResetSeqNum: 0xade2fd33 No. Time Source Destination Protocol Length Info 58 0.605008 134.188.170.175 134.188.170.174 RDPUDP 549 CORRELATIONID,AOA Frame 58: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.351827000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.351827000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 0.605008000 seconds] Frame Number: 58 Frame Length: 549 bytes (4392 bits) Capture Length: 549 bytes (4392 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 535 Identification: 0xdabb (55995) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 515 Checksum: 0x64eb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.597584000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (507 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6704c050 ReceiveWindowSize: 11888 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: bf064f1bad08cf4e734b630ee93270c2 snResetSeqNum: 0xd7aee9fd No. Time Source Destination Protocol Length Info 59 0.616399 134.188.170.174 134.188.170.175 RDPUDP 63 [Malformed Packet] Frame 59: 63 bytes on wire (504 bits), 63 bytes captured (504 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.363218000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.363218000 seconds [Time delta from previous captured frame: 0.011391000 seconds] [Time delta from previous displayed frame: 0.011391000 seconds] [Time since reference or first frame: 0.616399000 seconds] Frame Number: 59 Frame Length: 63 bytes (504 bits) Capture Length: 63 bytes (504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 49 Identification: 0x1df0 (7664) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9f5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 29 Checksum: 0xc57b [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.608975000 seconds] [Time since previous frame: 0.011391000 seconds] UDP payload (21 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb301c050 ReceiveWindowSize: 11944 Flags: 0xcae0, CN, CWR, Syn lossy, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 60 0.733593 134.188.170.175 134.188.143.108 NBNS 110 Refresh NB OCEVENLO<00> Frame 60: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.480412000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.480412000 seconds [Time delta from previous captured frame: 0.117194000 seconds] [Time delta from previous displayed frame: 0.117194000 seconds] [Time since reference or first frame: 0.733593000 seconds] Frame Number: 60 Frame Length: 110 bytes (880 bits) Capture Length: 110 bytes (880 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:nbns] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || netbios] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.143.108 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 96 Identification: 0xf638 (63032) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.143.108 User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Length: 76 Checksum: 0x47f2 [unverified] [Checksum Status: Unverified] [Stream index: 1] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (68 bytes) NetBIOS Name Service Transaction ID: 0xf282 Flags: 0x4000, Opcode: Refresh 0... .... .... .... = Response: Message is a query .100 0... .... .... = Opcode: Refresh (8) .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... ...0 .... = Broadcast: Not a broadcast packet Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries OCEVENLO<00>: type NB, class IN Name: OCEVENLO<00> (Workstation/Redirector) Type: NB (32) Class: IN (1) Additional records OCEVENLO<00>: type NB, class IN Name: OCEVENLO<00> (Workstation/Redirector) Type: NB (32) Class: IN (1) Time to live: 3 days, 11 hours, 20 minutes Data length: 6 Name flags: 0xe000, Name type, ONT: Unknown (H-node, group) 1... .... .... .... = Name type: Group name .11. .... .... .... = ONT: Unknown (3) Addr: 134.188.170.175 No. Time Source Destination Protocol Length Info 61 0.896185 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 61: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.643004000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.643004000 seconds [Time delta from previous captured frame: 0.162592000 seconds] [Time delta from previous displayed frame: 0.162592000 seconds] [Time since reference or first frame: 0.896185000 seconds] Frame Number: 61 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1df1 (7665) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79dd [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 880, Ack: 52, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 880 (relative sequence number) Sequence Number (raw): 3951498442 [Next Sequence Number: 923 (relative sequence number)] Acknowledgment Number: 52 (relative ack number) Acknowledgment number (raw): 1607889402 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x5353 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.896185000 seconds] [Time since previous frame in this TCP stream: 0.350514000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000216a8378d11f6737461ecd8c7678be37e80b6e579cf0f93b6b72d57571da… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 62 0.936497 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=52 Ack=923 Win=63871 Len=0 Frame 62: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.683316000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.683316000 seconds [Time delta from previous captured frame: 0.040312000 seconds] [Time delta from previous displayed frame: 0.040312000 seconds] [Time since reference or first frame: 0.936497000 seconds] Frame Number: 62 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdabc (55996) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 52, Ack: 923, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 52 (relative sequence number) Sequence Number (raw): 1607889402 [Next Sequence Number: 52 (relative sequence number)] Acknowledgment Number: 923 (relative ack number) Acknowledgment number (raw): 3951498485 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63871 [Calculated window size: 63871] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.936497000 seconds] [Time since previous frame in this TCP stream: 0.040312000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 61] [The RTT to ACK the segment was: 0.040312000 seconds] No. Time Source Destination Protocol Length Info 63 0.944115 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 63: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.690934000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.690934000 seconds [Time delta from previous captured frame: 0.007618000 seconds] [Time delta from previous displayed frame: 0.007618000 seconds] [Time since reference or first frame: 0.944115000 seconds] Frame Number: 63 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1df2 (7666) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79dc [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 923, Ack: 52, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 923 (relative sequence number) Sequence Number (raw): 3951498485 [Next Sequence Number: 966 (relative sequence number)] Acknowledgment Number: 52 (relative ack number) Acknowledgment number (raw): 1607889402 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xbd54 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.944115000 seconds] [Time since previous frame in this TCP stream: 0.007618000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000216bab653696bf8fa88fd58a9b989deaa7576d7bd64df2fbd85c35ccb3ff… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 64 0.998916 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=52 Ack=966 Win=63828 Len=0 Frame 64: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.745735000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.745735000 seconds [Time delta from previous captured frame: 0.054801000 seconds] [Time delta from previous displayed frame: 0.054801000 seconds] [Time since reference or first frame: 0.998916000 seconds] Frame Number: 64 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdabd (55997) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 52, Ack: 966, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 52 (relative sequence number) Sequence Number (raw): 1607889402 [Next Sequence Number: 52 (relative sequence number)] Acknowledgment Number: 966 (relative ack number) Acknowledgment number (raw): 3951498528 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63828 [Calculated window size: 63828] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.998916000 seconds] [Time since previous frame in this TCP stream: 0.054801000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 63] [The RTT to ACK the segment was: 0.054801000 seconds] No. Time Source Destination Protocol Length Info 65 1.215976 134.188.170.174 134.188.170.175 TLSv1.2 92 Application Data Frame 65: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.962795000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.962795000 seconds [Time delta from previous captured frame: 0.217060000 seconds] [Time delta from previous displayed frame: 0.217060000 seconds] [Time since reference or first frame: 1.215976000 seconds] Frame Number: 65 Frame Length: 92 bytes (736 bits) Capture Length: 92 bytes (736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 78 Identification: 0x1df3 (7667) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 966, Ack: 52, Len: 38 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 38] Sequence Number: 966 (relative sequence number) Sequence Number (raw): 3951498528 [Next Sequence Number: 1004 (relative sequence number)] Acknowledgment Number: 52 (relative ack number) Acknowledgment number (raw): 1607889402 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x85d6 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 1.215976000 seconds] [Time since previous frame in this TCP stream: 0.217060000 seconds] [SEQ/ACK analysis] [Bytes in flight: 38] [Bytes sent since last PSH flag: 38] TCP payload (38 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 33 Encrypted Application Data: 000000000000216c0dbf17fe8625f857d50b615f333787366afbe53a422760e08a [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 66 1.218000 134.188.170.175 134.188.170.174 RDPUDP 90 CORRELATIONID,AOA Frame 66: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.964819000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.964819000 seconds [Time delta from previous captured frame: 0.002024000 seconds] [Time delta from previous displayed frame: 0.002024000 seconds] [Time since reference or first frame: 1.218000000 seconds] Frame Number: 66 Frame Length: 90 bytes (720 bits) Capture Length: 90 bytes (720 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0xdabe (55998) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 56 Checksum: 0x6320 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.210576000 seconds] [Time since previous frame: 0.601601000 seconds] UDP payload (48 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c051 ReceiveWindowSize: 11889 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303002400000000000028c900cf807e snResetSeqNum: 0x2aa449b3 No. Time Source Destination Protocol Length Info 67 1.219556 134.188.170.174 134.188.170.175 RDPUDP 141 AOA Frame 67: 141 bytes on wire (1128 bits), 141 bytes captured (1128 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.966375000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.966375000 seconds [Time delta from previous captured frame: 0.001556000 seconds] [Time delta from previous displayed frame: 0.001556000 seconds] [Time since reference or first frame: 1.219556000 seconds] Frame Number: 67 Frame Length: 141 bytes (1128 bits) Capture Length: 141 bytes (1128 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 127 Identification: 0x1df4 (7668) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9a3 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 107 Checksum: 0x6a94 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.212132000 seconds] [Time since previous frame: 0.001556000 seconds] UDP payload (99 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb605c051 ReceiveWindowSize: 11907 Flags: 0x21e0, CN, CWR, Ack of Acks .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False snResetSeqNum: 0x0000a210 No. Time Source Destination Protocol Length Info 68 1.220827 134.188.170.174 134.188.170.175 RDPUDP 94 CORRELATIONID,AOA Frame 68: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.967646000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.967646000 seconds [Time delta from previous captured frame: 0.001271000 seconds] [Time delta from previous displayed frame: 0.001271000 seconds] [Time since reference or first frame: 1.220827000 seconds] Frame Number: 68 Frame Length: 94 bytes (752 bits) Capture Length: 94 bytes (752 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 80 Identification: 0x1df5 (7669) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9d1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 60 Checksum: 0x09c3 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.213403000 seconds] [Time since previous frame: 0.001271000 seconds] UDP payload (52 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0a3 ReceiveWindowSize: 4293 Flags: 0x0fe0, CN, CWR, Ack of Acks, Syn lossy, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 03030028000000000000102b6cccbc41 snResetSeqNum: 0x08614c8e No. Time Source Destination Protocol Length Info 69 1.222609 134.188.170.175 134.188.170.174 RDPUDP 1288 Frame 69: 1288 bytes on wire (10304 bits), 1288 bytes captured (10304 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.969428000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.969428000 seconds [Time delta from previous captured frame: 0.001782000 seconds] [Time delta from previous displayed frame: 0.001782000 seconds] [Time since reference or first frame: 1.222609000 seconds] Frame Number: 69 Frame Length: 1288 bytes (10304 bits) Capture Length: 1288 bytes (10304 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1274 Identification: 0xdabf (55999) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1254 Checksum: 0x67ce [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.215185000 seconds] [Time since previous frame: 0.001782000 seconds] UDP payload (1246 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb745c0a3 ReceiveWindowSize: 4325 Flags: 0x06e0, CN, CWR, Syn lossy, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 70 1.222640 134.188.170.175 134.188.170.174 RDPUDP 1100 CORRELATIONID,AOA Frame 70: 1100 bytes on wire (8800 bits), 1100 bytes captured (8800 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.969459000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.969459000 seconds [Time delta from previous captured frame: 0.000031000 seconds] [Time delta from previous displayed frame: 0.000031000 seconds] [Time since reference or first frame: 1.222640000 seconds] Frame Number: 70 Frame Length: 1100 bytes (8800 bits) Capture Length: 1100 bytes (8800 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1086 Identification: 0xdac0 (56000) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1066 Checksum: 0x6712 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.215216000 seconds] [Time since previous frame: 0.000031000 seconds] UDP payload (1058 bytes) UDP Remote Desktop Protocol snSourceAck: 0x4004c053 ReceiveWindowSize: 11891 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 15dddf40e8f17cc067abf84fcb9c0f10 snResetSeqNum: 0x505068bb No. Time Source Destination Protocol Length Info 71 1.236536 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 71: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.983355000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.983355000 seconds [Time delta from previous captured frame: 0.013896000 seconds] [Time delta from previous displayed frame: 0.013896000 seconds] [Time since reference or first frame: 1.236536000 seconds] Frame Number: 71 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1df6 (7670) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9f9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0x0ebf [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.229112000 seconds] [Time since previous frame: 0.013896000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb601c053 ReceiveWindowSize: 11992 Flags: 0x25e0, CN, CWR, Ack of Acks, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 72 1.251843 134.188.170.175 134.188.170.174 RDPUDP 430 CORRELATIONID,AOA Frame 72: 430 bytes on wire (3440 bits), 430 bytes captured (3440 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:37.998662000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010657.998662000 seconds [Time delta from previous captured frame: 0.015307000 seconds] [Time delta from previous displayed frame: 0.015307000 seconds] [Time since reference or first frame: 1.251843000 seconds] Frame Number: 72 Frame Length: 430 bytes (3440 bits) Capture Length: 430 bytes (3440 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 416 Identification: 0xdac1 (56001) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 396 Checksum: 0x6474 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.244419000 seconds] [Time since previous frame: 0.015307000 seconds] UDP payload (388 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c054 ReceiveWindowSize: 11892 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303017800000000000028ccd5376e43 snResetSeqNum: 0xff42c928 No. Time Source Destination Protocol Length Info 73 1.260659 134.188.170.1 224.0.0.18 VRRP 60 Announcement (v2) Frame 73: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.007478000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.007478000 seconds [Time delta from previous captured frame: 0.008816000 seconds] [Time delta from previous displayed frame: 0.008816000 seconds] [Time since reference or first frame: 1.260659000 seconds] Frame Number: 73 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:vrrp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: IPv4mcast_12 (01:00:5e:00:00:12) Destination: IPv4mcast_12 (01:00:5e:00:00:12) Address: IPv4mcast_12 (01:00:5e:00:00:12) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.18 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0000 (0) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 255 Protocol: VRRP (112) Header Checksum: 0xa9d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.18 Virtual Router Redundancy Protocol Version 2, Packet type 1 (Advertisement) 0010 .... = VRRP protocol version: 2 .... 0001 = VRRP packet type: Advertisement (1) Virtual Rtr ID: 170 Priority: 255 (This VRRP router owns the virtual router's IP address(es)) Addr Count: 1 Auth Type: No Authentication (0) Adver Int: 1 Checksum: 0xae94 [correct] [Checksum Status: Good] IP Address: 134.188.170.1 No. Time Source Destination Protocol Length Info 74 1.264421 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=52 Ack=1004 Win=63790 Len=0 Frame 74: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.011240000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.011240000 seconds [Time delta from previous captured frame: 0.003762000 seconds] [Time delta from previous displayed frame: 0.003762000 seconds] [Time since reference or first frame: 1.264421000 seconds] Frame Number: 74 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdac2 (56002) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 52, Ack: 1004, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 52 (relative sequence number) Sequence Number (raw): 1607889402 [Next Sequence Number: 52 (relative sequence number)] Acknowledgment Number: 1004 (relative ack number) Acknowledgment number (raw): 3951498566 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63790 [Calculated window size: 63790] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 1.264421000 seconds] [Time since previous frame in this TCP stream: 0.048445000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 65] [The RTT to ACK the segment was: 0.048445000 seconds] No. Time Source Destination Protocol Length Info 75 1.266875 134.188.170.175 134.188.170.174 TLSv1.2 105 Application Data Frame 75: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.013694000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.013694000 seconds [Time delta from previous captured frame: 0.002454000 seconds] [Time delta from previous displayed frame: 0.002454000 seconds] [Time since reference or first frame: 1.266875000 seconds] Frame Number: 75 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0xdac3 (56003) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 52, Ack: 1004, Len: 51 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 51] Sequence Number: 52 (relative sequence number) Sequence Number (raw): 1607889402 [Next Sequence Number: 103 (relative sequence number)] Acknowledgment Number: 1004 (relative ack number) Acknowledgment number (raw): 3951498566 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 63790 [Calculated window size: 63790] [Window size scaling factor: -1 (unknown)] Checksum: 0x6324 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 1.266875000 seconds] [Time since previous frame in this TCP stream: 0.002454000 seconds] [SEQ/ACK analysis] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] TCP payload (51 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 46 Encrypted Application Data: 000000000000165a0f8c5decd926eab574aadff58413131679be08dbb8e27d8d6fd8b62f… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 76 1.266984 134.188.170.174 134.188.170.175 RDPUDP 60 Frame 76: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.013803000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.013803000 seconds [Time delta from previous captured frame: 0.000109000 seconds] [Time delta from previous displayed frame: 0.000109000 seconds] [Time since reference or first frame: 1.266984000 seconds] Frame Number: 76 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1df7 (7671) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9f9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0xa07c [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.259560000 seconds] [Time since previous frame: 0.015141000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb601c054 ReceiveWindowSize: 11805 Flags: 0x42e0, CN, CWR, Syn lossy .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 77 1.267045 134.188.170.175 134.188.170.174 RDPUDP 90 CORRELATIONID,AOA Frame 77: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.013864000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.013864000 seconds [Time delta from previous captured frame: 0.000061000 seconds] [Time delta from previous displayed frame: 0.000061000 seconds] [Time since reference or first frame: 1.267045000 seconds] Frame Number: 77 Frame Length: 90 bytes (720 bits) Capture Length: 90 bytes (720 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0xdac4 (56004) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 56 Checksum: 0x6320 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.259621000 seconds] [Time since previous frame: 0.000061000 seconds] UDP payload (48 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c055 ReceiveWindowSize: 11893 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303002400000000000028cd745a4911 snResetSeqNum: 0x4af1082d No. Time Source Destination Protocol Length Info 78 1.268773 134.188.170.174 134.188.170.175 RDPUDP 97 SYNEX Frame 78: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.015592000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.015592000 seconds [Time delta from previous captured frame: 0.001728000 seconds] [Time delta from previous displayed frame: 0.001728000 seconds] [Time since reference or first frame: 1.268773000 seconds] Frame Number: 78 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1df8 (7672) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9cb [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 63 Checksum: 0x7701 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.261349000 seconds] [Time since previous frame: 0.001728000 seconds] UDP payload (55 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb605c055 ReceiveWindowSize: 12029 Flags: 0x50e0, CN, CWR, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0100 .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 79 1.280229 134.188.170.175 134.188.170.174 RDPUDP 56 SYNEX,AOA Frame 79: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.027048000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.027048000 seconds [Time delta from previous captured frame: 0.011456000 seconds] [Time delta from previous displayed frame: 0.011456000 seconds] [Time since reference or first frame: 1.280229000 seconds] Frame Number: 79 Frame Length: 56 bytes (448 bits) Capture Length: 56 bytes (448 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 42 Identification: 0xdac5 (56005) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 22 Checksum: 0x62fe [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.272805000 seconds] [Time since previous frame: 0.011456000 seconds] UDP payload (14 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb741c1a4 ReceiveWindowSize: 4272 Flags: 0x35e0, CN, CWR, Ack of Acks, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0b00 .... ...0 = Version info: False snResetSeqNum: 0x0ce90a00 No. Time Source Destination Protocol Length Info 80 1.303923 134.188.170.174 134.188.170.175 TLSv1.2 92 Application Data Frame 80: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.050742000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.050742000 seconds [Time delta from previous captured frame: 0.023694000 seconds] [Time delta from previous displayed frame: 0.023694000 seconds] [Time since reference or first frame: 1.303923000 seconds] Frame Number: 80 Frame Length: 92 bytes (736 bits) Capture Length: 92 bytes (736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 78 Identification: 0x1df9 (7673) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79da [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1004, Ack: 103, Len: 38 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 38] Sequence Number: 1004 (relative sequence number) Sequence Number (raw): 3951498566 [Next Sequence Number: 1042 (relative sequence number)] Acknowledgment Number: 103 (relative ack number) Acknowledgment number (raw): 1607889453 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xad25 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 1.303923000 seconds] [Time since previous frame in this TCP stream: 0.037048000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 75] [The RTT to ACK the segment was: 0.037048000 seconds] [Bytes in flight: 38] [Bytes sent since last PSH flag: 38] TCP payload (38 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 33 Encrypted Application Data: 000000000000216da5c086237e0c96c3fba88df33cbe456beac0036abfdabea8b1 [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 81 1.317760 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 81: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.064579000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.064579000 seconds [Time delta from previous captured frame: 0.013837000 seconds] [Time delta from previous displayed frame: 0.013837000 seconds] [Time since reference or first frame: 1.317760000 seconds] Frame Number: 81 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdac6 (56006) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.310336000 seconds] [Time since previous frame: 0.037531000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c056 ReceiveWindowSize: 11894 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028cef4ea3ec1 snResetSeqNum: 0x82afba83 No. Time Source Destination Protocol Length Info 82 1.317806 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 82: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.064625000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.064625000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000046000 seconds] [Time since reference or first frame: 1.317806000 seconds] Frame Number: 82 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdac7 (56007) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.310382000 seconds] [Time since previous frame: 0.000046000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xf704c057 ReceiveWindowSize: 11895 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 789593c067805867d8c190e19652cd57 snResetSeqNum: 0x9a9bcdb1 No. Time Source Destination Protocol Length Info 83 1.317825 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 83: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.064644000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.064644000 seconds [Time delta from previous captured frame: 0.000019000 seconds] [Time delta from previous displayed frame: 0.000019000 seconds] [Time since reference or first frame: 1.317825000 seconds] Frame Number: 83 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdac8 (56008) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.310401000 seconds] [Time since previous frame: 0.000019000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x4904c058 ReceiveWindowSize: 11896 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 63671fb1eb901cebecbbb696afaa1a47 snResetSeqNum: 0x03c7e706 No. Time Source Destination Protocol Length Info 84 1.317845 134.188.170.175 134.188.170.174 RDPUDP 344 CORRELATIONID,AOA Frame 84: 344 bytes on wire (2752 bits), 344 bytes captured (2752 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.064664000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.064664000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 1.317845000 seconds] Frame Number: 84 Frame Length: 344 bytes (2752 bits) Capture Length: 344 bytes (2752 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 330 Identification: 0xdac9 (56009) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 310 Checksum: 0x641e [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.310421000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (302 bytes) UDP Remote Desktop Protocol snSourceAck: 0xf904c059 ReceiveWindowSize: 11897 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 200c7974b049570a21e7ebdc07fc9e77 snResetSeqNum: 0x5bcd2ba8 No. Time Source Destination Protocol Length Info 85 1.318534 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 85: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.065353000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.065353000 seconds [Time delta from previous captured frame: 0.000689000 seconds] [Time delta from previous displayed frame: 0.000689000 seconds] [Time since reference or first frame: 1.318534000 seconds] Frame Number: 85 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaca (56010) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.311110000 seconds] [Time since previous frame: 0.000689000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c05a ReceiveWindowSize: 11898 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028d1fb2a6e73 snResetSeqNum: 0xf7ac134d No. Time Source Destination Protocol Length Info 86 1.318563 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 86: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.065382000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.065382000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 1.318563000 seconds] Frame Number: 86 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdacb (56011) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.311139000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x5004c05b ReceiveWindowSize: 11899 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 857b3dc309ddf63650b807d85b24fa00 snResetSeqNum: 0x15956267 No. Time Source Destination Protocol Length Info 87 1.318584 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 87: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.065403000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.065403000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 1.318584000 seconds] Frame Number: 87 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdacc (56012) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.311160000 seconds] [Time since previous frame: 0.000021000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6004c05c ReceiveWindowSize: 11900 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 011a4c9ad840a47f8dc644c409568432 snResetSeqNum: 0xb7208e28 No. Time Source Destination Protocol Length Info 88 1.318603 134.188.170.175 134.188.170.174 RDPUDP 1243 CORRELATIONID,AOA Frame 88: 1243 bytes on wire (9944 bits), 1243 bytes captured (9944 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.065422000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.065422000 seconds [Time delta from previous captured frame: 0.000019000 seconds] [Time delta from previous displayed frame: 0.000019000 seconds] [Time since reference or first frame: 1.318603000 seconds] Frame Number: 88 Frame Length: 1243 bytes (9944 bits) Capture Length: 1243 bytes (9944 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1229 Identification: 0xdacd (56013) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1209 Checksum: 0x67a1 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.311179000 seconds] [Time since previous frame: 0.000019000 seconds] UDP payload (1201 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbb04c05d ReceiveWindowSize: 11901 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: bbe3cd8d09cb49552292782c4e9c581b snResetSeqNum: 0xc9b580c3 No. Time Source Destination Protocol Length Info 89 1.336045 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 89: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.082864000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.082864000 seconds [Time delta from previous captured frame: 0.017442000 seconds] [Time delta from previous displayed frame: 0.017442000 seconds] [Time since reference or first frame: 1.336045000 seconds] Frame Number: 89 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1dfa (7674) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79d4 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1042, Ack: 103, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1042 (relative sequence number) Sequence Number (raw): 3951498604 [Next Sequence Number: 1085 (relative sequence number)] Acknowledgment Number: 103 (relative ack number) Acknowledgment number (raw): 1607889453 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x23be [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 1.336045000 seconds] [Time since previous frame in this TCP stream: 0.032122000 seconds] [SEQ/ACK analysis] [Bytes in flight: 81] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000216eca286c23559af5f731c9ca6a74ee5eb6ecf9dc2988d303075dc7be85… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 90 1.336092 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=103 Ack=1085 Win=63709 Len=0 Frame 90: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.082911000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.082911000 seconds [Time delta from previous captured frame: 0.000047000 seconds] [Time delta from previous displayed frame: 0.000047000 seconds] [Time since reference or first frame: 1.336092000 seconds] Frame Number: 90 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdace (56014) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 103, Ack: 1085, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 103 (relative sequence number) Sequence Number (raw): 1607889453 [Next Sequence Number: 103 (relative sequence number)] Acknowledgment Number: 1085 (relative ack number) Acknowledgment number (raw): 3951498647 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63709 [Calculated window size: 63709] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 1.336092000 seconds] [Time since previous frame in this TCP stream: 0.000047000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 89] [The RTT to ACK the segment was: 0.000047000 seconds] No. Time Source Destination Protocol Length Info 91 1.336579 134.188.170.174 134.188.170.175 RDPUDP 60 AOA Frame 91: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.083398000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.083398000 seconds [Time delta from previous captured frame: 0.000487000 seconds] [Time delta from previous displayed frame: 0.000487000 seconds] [Time since reference or first frame: 1.336579000 seconds] Frame Number: 91 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 45 Identification: 0x1dfb (7675) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9ee [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 25 Checksum: 0x2e43 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.329155000 seconds] [Time since previous frame: 0.017976000 seconds] UDP payload (17 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb601c05d ReceiveWindowSize: 11895 Flags: 0x83e0, CN, CWR, Ack of Acks, Syn lossy .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False snResetSeqNum: 0x11270b0a No. Time Source Destination Protocol Length Info 92 1.566743 134.188.170.113 134.188.170.255 GVCP 60 > DISCOVERY_CMD Frame 92: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.313562000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.313562000 seconds [Time delta from previous captured frame: 0.230164000 seconds] [Time delta from previous displayed frame: 0.230164000 seconds] [Time since reference or first frame: 1.566743000 seconds] Frame Number: 92 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:gvcp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_3c:e2:3e (90:1b:0e:3c:e2:3e), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Address: Broadcast (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: FujitsuT_3c:e2:3e (90:1b:0e:3c:e2:3e) Address: FujitsuT_3c:e2:3e (90:1b:0e:3c:e2:3e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000000000 Internet Protocol Version 4, Src: 134.188.170.113, Dst: 134.188.170.255 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 36 Identification: 0xb183 (45443) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xe65b [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.113 Destination Address: 134.188.170.255 User Datagram Protocol, Src Port: 62961, Dst Port: 3956 Source Port: 62961 Destination Port: 3956 Length: 16 Checksum: 0x557a [unverified] [Checksum Status: Unverified] [Stream index: 2] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (8 bytes) GigE Vision Control Protocol Command Header: DISCOVERY_CMD Message Key Code: 0x42 (66) Flags: 0x01 ...0 .... = Allow Broadcast Acknowledge: False .... ...1 = Acknowledge Required: True Command: DISCOVERY_CMD (0x0002) Payload Length: 0x0000 (0) Request ID: 0x0001 (1) No. Time Source Destination Protocol Length Info 93 1.766879 134.188.170.185 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 93: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.513698000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.513698000 seconds [Time delta from previous captured frame: 0.200136000 seconds] [Time delta from previous displayed frame: 0.200136000 seconds] [Time since reference or first frame: 1.766879000 seconds] Frame Number: 93 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) Address: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.185, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x00a4 (164) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x970e [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.185 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 63155, Dst Port: 1900 Source Port: 63155 Destination Port: 1900 Length: 183 Checksum: 0x5d55 [unverified] [Checksum Status: Unverified] [Stream index: 3] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.42 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 1/4] [Next request in frame: 245] No. Time Source Destination Protocol Length Info 94 1.850189 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 94: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597008000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597008000 seconds [Time delta from previous captured frame: 0.083310000 seconds] [Time delta from previous displayed frame: 0.083310000 seconds] [Time since reference or first frame: 1.850189000 seconds] Frame Number: 94 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdacf (56015) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.842765000 seconds] [Time since previous frame: 0.513610000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c05e ReceiveWindowSize: 11902 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028d4f767f98f snResetSeqNum: 0xa1af6bd6 No. Time Source Destination Protocol Length Info 95 1.850236 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 95: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597055000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597055000 seconds [Time delta from previous captured frame: 0.000047000 seconds] [Time delta from previous displayed frame: 0.000047000 seconds] [Time since reference or first frame: 1.850236000 seconds] Frame Number: 95 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdad0 (56016) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.842812000 seconds] [Time since previous frame: 0.000047000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x8e04c05f ReceiveWindowSize: 11903 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 3691ec99d506b579d41adb31f0b8a61e snResetSeqNum: 0x58770f7c No. Time Source Destination Protocol Length Info 96 1.850256 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 96: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597075000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597075000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 1.850256000 seconds] Frame Number: 96 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdad1 (56017) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.842832000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x3004c060 ReceiveWindowSize: 11904 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: f822b47301833b378e0bae4a9c887218 snResetSeqNum: 0xf16922af No. Time Source Destination Protocol Length Info 97 1.850272 134.188.170.175 134.188.170.174 RDPUDP 680 CORRELATIONID,AOA Frame 97: 680 bytes on wire (5440 bits), 680 bytes captured (5440 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597091000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597091000 seconds [Time delta from previous captured frame: 0.000016000 seconds] [Time delta from previous displayed frame: 0.000016000 seconds] [Time since reference or first frame: 1.850272000 seconds] Frame Number: 97 Frame Length: 680 bytes (5440 bits) Capture Length: 680 bytes (5440 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 666 Identification: 0xdad2 (56018) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 646 Checksum: 0x656e [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.842848000 seconds] [Time since previous frame: 0.000016000 seconds] UDP payload (638 bytes) UDP Remote Desktop Protocol snSourceAck: 0xed04c061 ReceiveWindowSize: 11905 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: c24567fe885df3303146d6b562e65373 snResetSeqNum: 0x413cac6a No. Time Source Destination Protocol Length Info 98 1.850995 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 98: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597814000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597814000 seconds [Time delta from previous captured frame: 0.000723000 seconds] [Time delta from previous displayed frame: 0.000723000 seconds] [Time since reference or first frame: 1.850995000 seconds] Frame Number: 98 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdad3 (56019) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.843571000 seconds] [Time since previous frame: 0.000723000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c062 ReceiveWindowSize: 11906 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028d71e2e949b snResetSeqNum: 0xb36c1d9d No. Time Source Destination Protocol Length Info 99 1.851023 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 99: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597842000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597842000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 1.851023000 seconds] Frame Number: 99 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdad4 (56020) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.843599000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xd204c063 ReceiveWindowSize: 11907 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: c26fb777bd84db293bf430f15ae2ad94 snResetSeqNum: 0x488fc680 No. Time Source Destination Protocol Length Info 100 1.851047 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 100: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597866000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597866000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 1.851047000 seconds] Frame Number: 100 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdad5 (56021) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.843623000 seconds] [Time since previous frame: 0.000024000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xd904c064 ReceiveWindowSize: 11908 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: eb04816d9fcc99511f8ee34e1265607e snResetSeqNum: 0x354ef868 No. Time Source Destination Protocol Length Info 101 1.851066 134.188.170.175 134.188.170.174 RDPUDP 1282 AOA Frame 101: 1282 bytes on wire (10256 bits), 1282 bytes captured (10256 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597885000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597885000 seconds [Time delta from previous captured frame: 0.000019000 seconds] [Time delta from previous displayed frame: 0.000019000 seconds] [Time since reference or first frame: 1.851066000 seconds] Frame Number: 101 Frame Length: 1282 bytes (10256 bits) Capture Length: 1282 bytes (10256 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1268 Identification: 0xdad6 (56022) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1248 Checksum: 0x67c8 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.843642000 seconds] [Time since previous frame: 0.000019000 seconds] UDP payload (1240 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c1e9 ReceiveWindowSize: 2560 Flags: 0x65e0, CN, CWR, Ack of Acks, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False snResetSeqNum: 0x852d00bc No. Time Source Destination Protocol Length Info 102 1.851093 134.188.170.175 134.188.170.174 RDPUDP 1170 CORRELATIONID,AOA Frame 102: 1170 bytes on wire (9360 bits), 1170 bytes captured (9360 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.597912000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.597912000 seconds [Time delta from previous captured frame: 0.000027000 seconds] [Time delta from previous displayed frame: 0.000027000 seconds] [Time since reference or first frame: 1.851093000 seconds] Frame Number: 102 Frame Length: 1170 bytes (9360 bits) Capture Length: 1170 bytes (9360 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1156 Identification: 0xdad7 (56023) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1136 Checksum: 0x6758 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.843669000 seconds] [Time since previous frame: 0.000027000 seconds] UDP payload (1128 bytes) UDP Remote Desktop Protocol snSourceAck: 0x4304c066 ReceiveWindowSize: 11910 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: a09127d8af64ab1880e97fe9c53d8de4 snResetSeqNum: 0xfa548cec No. Time Source Destination Protocol Length Info 103 1.851497 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 103: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.598316000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.598316000 seconds [Time delta from previous captured frame: 0.000404000 seconds] [Time delta from previous displayed frame: 0.000404000 seconds] [Time since reference or first frame: 1.851497000 seconds] Frame Number: 103 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdad8 (56024) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.844073000 seconds] [Time since previous frame: 0.000404000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c067 ReceiveWindowSize: 11911 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028db4ed31b36 snResetSeqNum: 0xc097e5e3 No. Time Source Destination Protocol Length Info 104 1.851528 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 104: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.598347000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.598347000 seconds [Time delta from previous captured frame: 0.000031000 seconds] [Time delta from previous displayed frame: 0.000031000 seconds] [Time since reference or first frame: 1.851528000 seconds] Frame Number: 104 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdad9 (56025) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.844104000 seconds] [Time since previous frame: 0.000031000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x7604c068 ReceiveWindowSize: 11912 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 6f9a1bd1d107d7a815ac32f37e0707be snResetSeqNum: 0x96af00f7 No. Time Source Destination Protocol Length Info 105 1.851550 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 105: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.598369000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.598369000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.000022000 seconds] [Time since reference or first frame: 1.851550000 seconds] Frame Number: 105 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdada (56026) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.844126000 seconds] [Time since previous frame: 0.000022000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2004c069 ReceiveWindowSize: 11913 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 477fc8a2ef0c21239895243f305189ec snResetSeqNum: 0x2a20ddb9 No. Time Source Destination Protocol Length Info 106 1.851567 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 106: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.598386000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.598386000 seconds [Time delta from previous captured frame: 0.000017000 seconds] [Time delta from previous displayed frame: 0.000017000 seconds] [Time since reference or first frame: 1.851567000 seconds] Frame Number: 106 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdadb (56027) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.844143000 seconds] [Time since previous frame: 0.000017000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xd304c06a ReceiveWindowSize: 11914 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 9f319c5ccef90419a64039920069a01c snResetSeqNum: 0x6fb0e6c4 No. Time Source Destination Protocol Length Info 107 1.851597 134.188.170.175 134.188.170.174 RDPUDP 544 CORRELATIONID,AOA Frame 107: 544 bytes on wire (4352 bits), 544 bytes captured (4352 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.598416000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.598416000 seconds [Time delta from previous captured frame: 0.000030000 seconds] [Time delta from previous displayed frame: 0.000030000 seconds] [Time since reference or first frame: 1.851597000 seconds] Frame Number: 107 Frame Length: 544 bytes (4352 bits) Capture Length: 544 bytes (4352 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 530 Identification: 0xdadc (56028) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 510 Checksum: 0x64e6 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.844173000 seconds] [Time since previous frame: 0.000030000 seconds] UDP payload (502 bytes) UDP Remote Desktop Protocol snSourceAck: 0xcc04c06b ReceiveWindowSize: 11915 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 5a4d905b997db97c7007793108da00c6 snResetSeqNum: 0x3542811f No. Time Source Destination Protocol Length Info 108 1.855879 134.188.170.174 134.188.170.175 RDPUDP 204 CORRELATIONID,AOA Frame 108: 204 bytes on wire (1632 bits), 204 bytes captured (1632 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.602698000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.602698000 seconds [Time delta from previous captured frame: 0.004282000 seconds] [Time delta from previous displayed frame: 0.004282000 seconds] [Time since reference or first frame: 1.855879000 seconds] Frame Number: 108 Frame Length: 204 bytes (1632 bits) Capture Length: 204 bytes (1632 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 190 Identification: 0x1dfc (7676) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb95c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 170 Checksum: 0xece1 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.848455000 seconds] [Time since previous frame: 0.004282000 seconds] UDP payload (162 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb805c06b ReceiveWindowSize: 12027 Flags: 0x8be0, CN, CWR, Ack of Acks, Syn lossy, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 031d0e0c1d1e911408131b6d09131fa5 snResetSeqNum: 0xb6375248 No. Time Source Destination Protocol Length Info 109 1.873976 134.188.170.175 134.188.170.174 RDPUDP 53 SYNEX[Malformed Packet] Frame 109: 53 bytes on wire (424 bits), 53 bytes captured (424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.620795000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.620795000 seconds [Time delta from previous captured frame: 0.018097000 seconds] [Time delta from previous displayed frame: 0.018097000 seconds] [Time since reference or first frame: 1.873976000 seconds] Frame Number: 109 Frame Length: 53 bytes (424 bits) Capture Length: 53 bytes (424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0xdadd (56029) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 19 Checksum: 0x62fb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 1.866552000 seconds] [Time since previous frame: 0.018097000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb941c0a5 ReceiveWindowSize: 4112 Flags: 0x73e0, CN, CWR, Ack of Acks, Syn lossy, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1100 .... ...0 = Version info: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 110 1.992234 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 110: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.739053000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.739053000 seconds [Time delta from previous captured frame: 0.118258000 seconds] [Time delta from previous displayed frame: 0.118258000 seconds] [Time since reference or first frame: 1.992234000 seconds] Frame Number: 110 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1dfd (7677) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79d1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1085, Ack: 103, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1085 (relative sequence number) Sequence Number (raw): 3951498647 [Next Sequence Number: 1128 (relative sequence number)] Acknowledgment Number: 103 (relative ack number) Acknowledgment number (raw): 1607889453 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x169d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 1.992234000 seconds] [Time since previous frame in this TCP stream: 0.656142000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000216f7d7709135fb1963de7852629b98fd01941577acab0a5aff2426c88ca… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 111 2.045770 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=103 Ack=1128 Win=63666 Len=0 Frame 111: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.792589000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.792589000 seconds [Time delta from previous captured frame: 0.053536000 seconds] [Time delta from previous displayed frame: 0.053536000 seconds] [Time since reference or first frame: 2.045770000 seconds] Frame Number: 111 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdade (56030) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 103, Ack: 1128, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 103 (relative sequence number) Sequence Number (raw): 1607889453 [Next Sequence Number: 103 (relative sequence number)] Acknowledgment Number: 1128 (relative ack number) Acknowledgment number (raw): 3951498690 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63666 [Calculated window size: 63666] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 2.045770000 seconds] [Time since previous frame in this TCP stream: 0.053536000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 110] [The RTT to ACK the segment was: 0.053536000 seconds] No. Time Source Destination Protocol Length Info 112 2.120014 134.188.170.174 134.188.170.175 TLSv1.2 92 Application Data Frame 112: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.866833000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.866833000 seconds [Time delta from previous captured frame: 0.074244000 seconds] [Time delta from previous displayed frame: 0.074244000 seconds] [Time since reference or first frame: 2.120014000 seconds] Frame Number: 112 Frame Length: 92 bytes (736 bits) Capture Length: 92 bytes (736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 78 Identification: 0x1dfe (7678) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1128, Ack: 103, Len: 38 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 38] Sequence Number: 1128 (relative sequence number) Sequence Number (raw): 3951498690 [Next Sequence Number: 1166 (relative sequence number)] Acknowledgment Number: 103 (relative ack number) Acknowledgment number (raw): 1607889453 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x51be [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 2.120014000 seconds] [Time since previous frame in this TCP stream: 0.074244000 seconds] [SEQ/ACK analysis] [Bytes in flight: 38] [Bytes sent since last PSH flag: 38] TCP payload (38 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 33 Encrypted Application Data: 000000000000217016274ebbfdcba3f4c37551aa6f53aca80f9d455b5ef21cd74d [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 113 2.128642 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 113: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.875461000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.875461000 seconds [Time delta from previous captured frame: 0.008628000 seconds] [Time delta from previous displayed frame: 0.008628000 seconds] [Time since reference or first frame: 2.128642000 seconds] Frame Number: 113 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdadf (56031) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.121218000 seconds] [Time since previous frame: 0.254666000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c06c ReceiveWindowSize: 11916 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303063800000000000028df944050de snResetSeqNum: 0xe89ecd6e No. Time Source Destination Protocol Length Info 114 2.128677 134.188.170.175 134.188.170.174 RDPUDP 416 CORRELATIONID,AOA Frame 114: 416 bytes on wire (3328 bits), 416 bytes captured (3328 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.875496000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.875496000 seconds [Time delta from previous captured frame: 0.000035000 seconds] [Time delta from previous displayed frame: 0.000035000 seconds] [Time since reference or first frame: 2.128677000 seconds] Frame Number: 114 Frame Length: 416 bytes (3328 bits) Capture Length: 416 bytes (3328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 402 Identification: 0xdae0 (56032) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 382 Checksum: 0x6466 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.121253000 seconds] [Time since previous frame: 0.000035000 seconds] UDP payload (374 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2704c06d ReceiveWindowSize: 11917 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 8474cd1caa5ea9d9efae73c990f7035f snResetSeqNum: 0xcec1778a No. Time Source Destination Protocol Length Info 115 2.147778 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 115: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.894597000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.894597000 seconds [Time delta from previous captured frame: 0.019101000 seconds] [Time delta from previous displayed frame: 0.019101000 seconds] [Time since reference or first frame: 2.147778000 seconds] Frame Number: 115 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1dff (7679) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9f0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0x05ae [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.140354000 seconds] [Time since previous frame: 0.019101000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb901c06d ReceiveWindowSize: 11983 Flags: 0x9ae0, CN, CWR, Syn lossy, Correlation id, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...1 .... .... .... = SynEx: True [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 116 2.164462 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 116: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911281000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911281000 seconds [Time delta from previous captured frame: 0.016684000 seconds] [Time delta from previous displayed frame: 0.016684000 seconds] [Time since reference or first frame: 2.164462000 seconds] Frame Number: 116 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae1 (56033) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157038000 seconds] [Time since previous frame: 0.016684000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c06e ReceiveWindowSize: 11918 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028e0b93d54b1 snResetSeqNum: 0xf153c647 No. Time Source Destination Protocol Length Info 117 2.164509 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 117: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911328000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911328000 seconds [Time delta from previous captured frame: 0.000047000 seconds] [Time delta from previous displayed frame: 0.000047000 seconds] [Time since reference or first frame: 2.164509000 seconds] Frame Number: 117 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae2 (56034) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157085000 seconds] [Time since previous frame: 0.000047000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x7a04c06f ReceiveWindowSize: 11919 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 9ec3de2a94e6c84116c5a8de39418a31 snResetSeqNum: 0x24d3c09b No. Time Source Destination Protocol Length Info 118 2.164540 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 118: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911359000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911359000 seconds [Time delta from previous captured frame: 0.000031000 seconds] [Time delta from previous displayed frame: 0.000031000 seconds] [Time since reference or first frame: 2.164540000 seconds] Frame Number: 118 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae3 (56035) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157116000 seconds] [Time since previous frame: 0.000031000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xcd04c070 ReceiveWindowSize: 11920 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 7dff22def5a708cdce6130e80da8d90b snResetSeqNum: 0x16048fa6 No. Time Source Destination Protocol Length Info 119 2.164567 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 119: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911386000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911386000 seconds [Time delta from previous captured frame: 0.000027000 seconds] [Time delta from previous displayed frame: 0.000027000 seconds] [Time since reference or first frame: 2.164567000 seconds] Frame Number: 119 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae4 (56036) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157143000 seconds] [Time since previous frame: 0.000027000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb504c071 ReceiveWindowSize: 11921 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 11f3724957676dd2e542cf94f3868de6 snResetSeqNum: 0x125a18e2 No. Time Source Destination Protocol Length Info 120 2.164658 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 120: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911477000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911477000 seconds [Time delta from previous captured frame: 0.000091000 seconds] [Time delta from previous displayed frame: 0.000091000 seconds] [Time since reference or first frame: 2.164658000 seconds] Frame Number: 120 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae5 (56037) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157234000 seconds] [Time since previous frame: 0.000091000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x5904c072 ReceiveWindowSize: 11922 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 95dcb4b20bd183019939bbeaf1b8ca08 snResetSeqNum: 0x3f5d9d36 No. Time Source Destination Protocol Length Info 121 2.164687 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 121: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911506000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911506000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 2.164687000 seconds] Frame Number: 121 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae6 (56038) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157263000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xdf04c073 ReceiveWindowSize: 11923 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: c387a946dfa786917366d2f75ab14628 snResetSeqNum: 0x01194078 No. Time Source Destination Protocol Length Info 122 2.164711 134.188.170.175 134.188.170.174 RDPUDP 1282 SYNEX Frame 122: 1282 bytes on wire (10256 bits), 1282 bytes captured (10256 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911530000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911530000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 2.164711000 seconds] Frame Number: 122 Frame Length: 1282 bytes (10256 bits) Capture Length: 1282 bytes (10256 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1268 Identification: 0xdae7 (56039) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1248 Checksum: 0x67c8 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157287000 seconds] [Time since previous frame: 0.000024000 seconds] UDP payload (1240 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c1e9 ReceiveWindowSize: 2560 Flags: 0x74e0, CN, CWR, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x942d .... ...1 = Version info: True Version: Unknown (0x9cb9) No. Time Source Destination Protocol Length Info 123 2.164744 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 123: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911563000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911563000 seconds [Time delta from previous captured frame: 0.000033000 seconds] [Time delta from previous displayed frame: 0.000033000 seconds] [Time since reference or first frame: 2.164744000 seconds] Frame Number: 123 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae8 (56040) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157320000 seconds] [Time since previous frame: 0.000033000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xab04c075 ReceiveWindowSize: 11925 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 295a6c38ab04bca4952577d7d73a7a4e snResetSeqNum: 0x722fd18d No. Time Source Destination Protocol Length Info 124 2.164766 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 124: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911585000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911585000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.000022000 seconds] [Time since reference or first frame: 2.164766000 seconds] Frame Number: 124 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdae9 (56041) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157342000 seconds] [Time since previous frame: 0.000022000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb904c076 ReceiveWindowSize: 11926 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 32208ef24031cc3aa142710ea78acc87 snResetSeqNum: 0xc455a76f No. Time Source Destination Protocol Length Info 125 2.164787 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 125: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911606000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911606000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 2.164787000 seconds] Frame Number: 125 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaea (56042) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157363000 seconds] [Time since previous frame: 0.000021000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xde04c077 ReceiveWindowSize: 11927 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 93c5e7eb2a0fbd2f2eaaccb8b0e1a88c snResetSeqNum: 0xd995c622 No. Time Source Destination Protocol Length Info 126 2.164823 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 126: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911642000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911642000 seconds [Time delta from previous captured frame: 0.000036000 seconds] [Time delta from previous displayed frame: 0.000036000 seconds] [Time since reference or first frame: 2.164823000 seconds] Frame Number: 126 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaeb (56043) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157399000 seconds] [Time since previous frame: 0.000036000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x5f04c078 ReceiveWindowSize: 11928 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 53cc560316dfee5b73748b8360e7524f snResetSeqNum: 0x7db95a05 No. Time Source Destination Protocol Length Info 127 2.164858 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 127: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911677000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911677000 seconds [Time delta from previous captured frame: 0.000035000 seconds] [Time delta from previous displayed frame: 0.000035000 seconds] [Time since reference or first frame: 2.164858000 seconds] Frame Number: 127 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaec (56044) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157434000 seconds] [Time since previous frame: 0.000035000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0f04c079 ReceiveWindowSize: 11929 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 063b10d262e54032e882ba67e0bb0ecf snResetSeqNum: 0x54112165 No. Time Source Destination Protocol Length Info 128 2.164887 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 128: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911706000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911706000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 2.164887000 seconds] Frame Number: 128 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaed (56045) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157463000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1f04c07a ReceiveWindowSize: 11930 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 389754bd66521369ab7c5067179291d6 snResetSeqNum: 0xd90e5d48 No. Time Source Destination Protocol Length Info 129 2.164940 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 129: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911759000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911759000 seconds [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.000053000 seconds] [Time since reference or first frame: 2.164940000 seconds] Frame Number: 129 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaee (56046) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157516000 seconds] [Time since previous frame: 0.000053000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb204c07b ReceiveWindowSize: 11931 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: e65d86bcf420930b326ddd4159edc0b7 snResetSeqNum: 0x35bc7c9e No. Time Source Destination Protocol Length Info 130 2.164971 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 130: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911790000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911790000 seconds [Time delta from previous captured frame: 0.000031000 seconds] [Time delta from previous displayed frame: 0.000031000 seconds] [Time since reference or first frame: 2.164971000 seconds] Frame Number: 130 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaef (56047) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157547000 seconds] [Time since previous frame: 0.000031000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x9d04c07c ReceiveWindowSize: 11932 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 9fdccb1abd72bd6dd275f43f6cf32526 snResetSeqNum: 0xaa15462b No. Time Source Destination Protocol Length Info 131 2.165017 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 131: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911836000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911836000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000046000 seconds] [Time since reference or first frame: 2.165017000 seconds] Frame Number: 131 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf0 (56048) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157593000 seconds] [Time since previous frame: 0.000046000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xa004c07d ReceiveWindowSize: 11933 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 05462ea89c5527a6aafe616248505aeb snResetSeqNum: 0xb5398bca No. Time Source Destination Protocol Length Info 132 2.165038 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 132: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911857000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911857000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 2.165038000 seconds] Frame Number: 132 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf1 (56049) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157614000 seconds] [Time since previous frame: 0.000021000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x5704c07e ReceiveWindowSize: 11934 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 9ed8298ab3bdd81eaea8b36bbe95e4be snResetSeqNum: 0x2b8fe905 No. Time Source Destination Protocol Length Info 133 2.165067 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 133: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911886000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911886000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 2.165067000 seconds] Frame Number: 133 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf2 (56050) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157643000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc504c07f ReceiveWindowSize: 11935 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: afb16cfea8ebf409c65ac3768e8ee855 snResetSeqNum: 0xa7446da4 No. Time Source Destination Protocol Length Info 134 2.165096 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 134: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911915000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911915000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 2.165096000 seconds] Frame Number: 134 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf3 (56051) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157672000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x8a04c080 ReceiveWindowSize: 11936 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 9de17af0e68cf93f31cea1ff9516b389 snResetSeqNum: 0x15f4b895 No. Time Source Destination Protocol Length Info 135 2.165116 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 135: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911935000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911935000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 2.165116000 seconds] Frame Number: 135 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf4 (56052) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157692000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xe704c081 ReceiveWindowSize: 11937 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 44433b7f89171050695cdc6d441ba4a9 snResetSeqNum: 0xdae4dba3 No. Time Source Destination Protocol Length Info 136 2.165137 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 136: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911956000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911956000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 2.165137000 seconds] Frame Number: 136 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf5 (56053) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157713000 seconds] [Time since previous frame: 0.000021000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0d04c082 ReceiveWindowSize: 11938 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 2bd390157a1241b7cc4cb2d6ef9f4b92 snResetSeqNum: 0xf56ce219 No. Time Source Destination Protocol Length Info 137 2.165171 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 137: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.911990000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.911990000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.000034000 seconds] [Time since reference or first frame: 2.165171000 seconds] Frame Number: 137 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf6 (56054) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157747000 seconds] [Time since previous frame: 0.000034000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xe004c083 ReceiveWindowSize: 11939 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 094748259e3696938ba83a6cc141cfb2 snResetSeqNum: 0x82c0dd16 No. Time Source Destination Protocol Length Info 138 2.165193 134.188.170.175 134.188.170.174 RDPUDP 1282 Frame 138: 1282 bytes on wire (10256 bits), 1282 bytes captured (10256 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.912012000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.912012000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.000022000 seconds] [Time since reference or first frame: 2.165193000 seconds] Frame Number: 138 Frame Length: 1282 bytes (10256 bits) Capture Length: 1282 bytes (10256 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1268 Identification: 0xdaf7 (56055) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1248 Checksum: 0x67c8 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157769000 seconds] [Time since previous frame: 0.000022000 seconds] UDP payload (1240 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c1e9 ReceiveWindowSize: 2560 Flags: 0x84e0, CN, CWR, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 139 2.165213 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 139: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.912032000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.912032000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 2.165213000 seconds] Frame Number: 139 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf8 (56056) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157789000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xcd04c085 ReceiveWindowSize: 11941 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: c0c6b3ad6e0e45f6c0fab92b63a9c7eb snResetSeqNum: 0xd2899327 No. Time Source Destination Protocol Length Info 140 2.165248 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 140: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.912067000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.912067000 seconds [Time delta from previous captured frame: 0.000035000 seconds] [Time delta from previous displayed frame: 0.000035000 seconds] [Time since reference or first frame: 2.165248000 seconds] Frame Number: 140 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdaf9 (56057) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157824000 seconds] [Time since previous frame: 0.000035000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1604c086 ReceiveWindowSize: 11942 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 9dcf3acf08b515823547f253377b08a2 snResetSeqNum: 0x79ec3192 No. Time Source Destination Protocol Length Info 141 2.165281 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 141: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.912100000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.912100000 seconds [Time delta from previous captured frame: 0.000033000 seconds] [Time delta from previous displayed frame: 0.000033000 seconds] [Time since reference or first frame: 2.165281000 seconds] Frame Number: 141 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdafa (56058) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157857000 seconds] [Time since previous frame: 0.000033000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6904c087 ReceiveWindowSize: 11943 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 98b615962aefee91f3563ab8747581cc snResetSeqNum: 0x265e9d86 No. Time Source Destination Protocol Length Info 142 2.165339 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 142: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.912158000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.912158000 seconds [Time delta from previous captured frame: 0.000058000 seconds] [Time delta from previous displayed frame: 0.000058000 seconds] [Time since reference or first frame: 2.165339000 seconds] Frame Number: 142 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdafb (56059) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157915000 seconds] [Time since previous frame: 0.000058000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xba04c088 ReceiveWindowSize: 11944 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 5ea01bc6588e1d0a94f5a9b83989ff84 snResetSeqNum: 0x08c87f2f No. Time Source Destination Protocol Length Info 143 2.165369 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 143: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.912188000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.912188000 seconds [Time delta from previous captured frame: 0.000030000 seconds] [Time delta from previous displayed frame: 0.000030000 seconds] [Time since reference or first frame: 2.165369000 seconds] Frame Number: 143 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdafc (56060) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157945000 seconds] [Time since previous frame: 0.000030000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xac04c089 ReceiveWindowSize: 11945 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: f1f637d1c864262e7e75f70976c0e2d0 snResetSeqNum: 0xdc9594c5 No. Time Source Destination Protocol Length Info 144 2.165412 134.188.170.175 134.188.170.174 RDPUDP 1138 CORRELATIONID,AOA Frame 144: 1138 bytes on wire (9104 bits), 1138 bytes captured (9104 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.912231000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.912231000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000043000 seconds] [Time since reference or first frame: 2.165412000 seconds] Frame Number: 144 Frame Length: 1138 bytes (9104 bits) Capture Length: 1138 bytes (9104 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1124 Identification: 0xdafd (56061) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1104 Checksum: 0x6738 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.157988000 seconds] [Time since previous frame: 0.000043000 seconds] UDP payload (1096 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6b04c08a ReceiveWindowSize: 11946 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: a12f96819387d38d4132ace876dc4e08 snResetSeqNum: 0x3cf69ed3 No. Time Source Destination Protocol Length Info 145 2.170751 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=103 Ack=1166 Win=63628 Len=0 Frame 145: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.917570000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.917570000 seconds [Time delta from previous captured frame: 0.005339000 seconds] [Time delta from previous displayed frame: 0.005339000 seconds] [Time since reference or first frame: 2.170751000 seconds] Frame Number: 145 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdafe (56062) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 103, Ack: 1166, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 103 (relative sequence number) Sequence Number (raw): 1607889453 [Next Sequence Number: 103 (relative sequence number)] Acknowledgment Number: 1166 (relative ack number) Acknowledgment number (raw): 3951498728 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63628 [Calculated window size: 63628] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 2.170751000 seconds] [Time since previous frame in this TCP stream: 0.050737000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 112] [The RTT to ACK the segment was: 0.050737000 seconds] No. Time Source Destination Protocol Length Info 146 2.171819 134.188.170.175 134.188.4.7 TCP 66 57755 → 81 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM Frame 146: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.918638000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.918638000 seconds [Time delta from previous captured frame: 0.001068000 seconds] [Time delta from previous displayed frame: 0.001068000 seconds] [Time since reference or first frame: 2.171819000 seconds] Frame Number: 146 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x8707 (34567) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 0, Len: 0 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 3881621444 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 0 Acknowledgment number (raw): 0 1000 .... = Header Length: 32 bytes (8) Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 81] [Connection establish request (SYN): server port 81] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window: 64240 [Calculated window size: 64240] Checksum: 0xbc55 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 8 (multiply by 256) Kind: Window Scale (3) Length: 3 Shift count: 8 [Multiplier: 256] TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 [Timestamps] [Time since first frame in this TCP stream: 0.000000000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] No. Time Source Destination Protocol Length Info 147 2.172404 134.188.4.7 134.188.170.175 TCP 66 81 → 57755 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM WS=4 Frame 147: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.919223000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.919223000 seconds [Time delta from previous captured frame: 0.000585000 seconds] [Time delta from previous displayed frame: 0.000585000 seconds] [Time since reference or first frame: 2.172404000 seconds] Frame Number: 147 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x0000 (0) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x8295 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 0, Ack: 1, Len: 0 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 2885609307 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3881621445 1000 .... = Header Length: 32 bytes (8) Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 81] [Connection establish acknowledge (SYN+ACK): server port 81] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window: 29200 [Calculated window size: 29200] Checksum: 0x0c5d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 2 (multiply by 4) Kind: Window Scale (3) Length: 3 Shift count: 2 [Multiplier: 4] [Timestamps] [Time since first frame in this TCP stream: 0.000585000 seconds] [Time since previous frame in this TCP stream: 0.000585000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 146] [The RTT to ACK the segment was: 0.000585000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 148 2.172457 134.188.170.175 134.188.4.7 TCP 54 57755 → 81 [ACK] Seq=1 Ack=1 Win=262656 Len=0 Frame 148: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.919276000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.919276000 seconds [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.000053000 seconds] [Time since reference or first frame: 2.172457000 seconds] Frame Number: 148 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8708 (34568) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 1, Ack: 1, Len: 0 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3881621445 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 2885609308 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000638000 seconds] [Time since previous frame in this TCP stream: 0.000053000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 147] [The RTT to ACK the segment was: 0.000053000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 149 2.172533 134.188.170.175 134.188.4.7 HTTP 137 CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1 Frame 149: 137 bytes on wire (1096 bits), 137 bytes captured (1096 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.919352000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.919352000 seconds [Time delta from previous captured frame: 0.000076000 seconds] [Time delta from previous displayed frame: 0.000076000 seconds] [Time since reference or first frame: 2.172533000 seconds] Frame Number: 149 Frame Length: 137 bytes (1096 bits) Capture Length: 137 bytes (1096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 123 Identification: 0x8709 (34569) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 1, Ack: 1, Len: 83 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 83] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3881621445 [Next Sequence Number: 84 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 2885609308 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc9c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000714000 seconds] [Time since previous frame in this TCP stream: 0.000076000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 83] [Bytes sent since last PSH flag: 83] TCP payload (83 bytes) Hypertext Transfer Protocol CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n [Expert Info (Chat/Sequence): CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n] [CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: CONNECT Request URI: ens.rest.gti.mcafee.com:443 Request Version: HTTP/1.1 Host: ens.rest.gti.mcafee.com:443\r\n \r\n [Full request URI: ens.rest.gti.mcafee.com:443] [HTTP request 1/1] [Response in frame: 154] No. Time Source Destination Protocol Length Info 150 2.173022 134.188.4.7 134.188.170.175 TCP 60 81 → 57755 [ACK] Seq=1 Ack=84 Win=29200 Len=0 Frame 150: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.919841000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.919841000 seconds [Time delta from previous captured frame: 0.000489000 seconds] [Time delta from previous displayed frame: 0.000489000 seconds] [Time since reference or first frame: 2.173022000 seconds] Frame Number: 150 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x7f5a (32602) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x0347 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 1, Ack: 84, Len: 0 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 2885609308 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 84 (relative ack number) Acknowledgment number (raw): 3881621528 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xa263 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.001203000 seconds] [Time since previous frame in this TCP stream: 0.000489000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 149] [The RTT to ACK the segment was: 0.000489000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 151 2.177224 134.188.170.174 134.188.170.175 RDPUDP 70 CORRELATIONID,SYNEX[Malformed Packet] Frame 151: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.924043000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.924043000 seconds [Time delta from previous captured frame: 0.004202000 seconds] [Time delta from previous displayed frame: 0.004202000 seconds] [Time since reference or first frame: 2.177224000 seconds] Frame Number: 151 Frame Length: 70 bytes (560 bits) Capture Length: 70 bytes (560 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 56 Identification: 0x1e00 (7680) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9de [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 36 Checksum: 0x570a [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.169800000 seconds] [Time since previous frame: 0.011812000 seconds] UDP payload (28 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb901c18a ReceiveWindowSize: 11903 Flags: 0xbee0, CN, CWR, Syn lossy, Ack delayed, Correlation id, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...1 .... .... .... = SynEx: True Correlation Id: 0b0f100f121010100e141714121b4314 [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 152 2.190014 134.188.170.175 134.188.170.174 RDPUDP 123 CORRELATIONID,AOA Frame 152: 123 bytes on wire (984 bits), 123 bytes captured (984 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.936833000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.936833000 seconds [Time delta from previous captured frame: 0.012790000 seconds] [Time delta from previous displayed frame: 0.012790000 seconds] [Time since reference or first frame: 2.190014000 seconds] Frame Number: 152 Frame Length: 123 bytes (984 bits) Capture Length: 123 bytes (984 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 109 Identification: 0xdaff (56063) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 89 Checksum: 0x6341 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.182590000 seconds] [Time since previous frame: 0.012790000 seconds] UDP payload (81 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c08b ReceiveWindowSize: 11947 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303004500000000000028f73c11f760 snResetSeqNum: 0x6222f93c No. Time Source Destination Protocol Length Info 153 2.192591 134.188.170.174 134.188.170.175 TLSv1.2 92 Application Data Frame 153: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.939410000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.939410000 seconds [Time delta from previous captured frame: 0.002577000 seconds] [Time delta from previous displayed frame: 0.002577000 seconds] [Time since reference or first frame: 2.192591000 seconds] Frame Number: 153 Frame Length: 92 bytes (736 bits) Capture Length: 92 bytes (736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 78 Identification: 0x1e01 (7681) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79d2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1166, Ack: 103, Len: 38 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 38] Sequence Number: 1166 (relative sequence number) Sequence Number (raw): 3951498728 [Next Sequence Number: 1204 (relative sequence number)] Acknowledgment Number: 103 (relative ack number) Acknowledgment number (raw): 1607889453 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0xe788 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 2.192591000 seconds] [Time since previous frame in this TCP stream: 0.021840000 seconds] [SEQ/ACK analysis] [Bytes in flight: 38] [Bytes sent since last PSH flag: 38] TCP payload (38 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 33 Encrypted Application Data: 0000000000002171c89c06e0cea21c3e48ed348ada7c68c3cf8cab6f8d820155e0 [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 154 2.193125 134.188.4.7 134.188.170.175 HTTP 93 HTTP/1.0 200 Connection established Frame 154: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.939944000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.939944000 seconds [Time delta from previous captured frame: 0.000534000 seconds] [Time delta from previous displayed frame: 0.000534000 seconds] [Time since reference or first frame: 2.193125000 seconds] Frame Number: 154 Frame Length: 93 bytes (744 bits) Capture Length: 93 bytes (744 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 79 Identification: 0x7f5b (32603) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x031f [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 1, Ack: 84, Len: 39 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 39] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 2885609308 [Next Sequence Number: 40 (relative sequence number)] Acknowledgment Number: 84 (relative ack number) Acknowledgment number (raw): 3881621528 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x987c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.021306000 seconds] [Time since previous frame in this TCP stream: 0.020103000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 39] [Bytes sent since last PSH flag: 39] TCP payload (39 bytes) Hypertext Transfer Protocol HTTP/1.0 200 Connection established\r\n [Expert Info (Chat/Sequence): HTTP/1.0 200 Connection established\r\n] [HTTP/1.0 200 Connection established\r\n] [Severity level: Chat] [Group: Sequence] Response Version: HTTP/1.0 Status Code: 200 [Status Code Description: OK] Response Phrase: Connection established \r\n [HTTP response 1/1] [Time since request: 0.020592000 seconds] [Request in frame: 149] [Request URI: ens.rest.gti.mcafee.com:443] No. Time Source Destination Protocol Length Info 155 2.193421 134.188.170.175 134.188.4.7 TLSv1.2 262 Client Hello Frame 155: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.940240000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.940240000 seconds [Time delta from previous captured frame: 0.000296000 seconds] [Time delta from previous displayed frame: 0.000296000 seconds] [Time since reference or first frame: 2.193421000 seconds] Frame Number: 155 Frame Length: 262 bytes (2096 bits) Capture Length: 262 bytes (2096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 248 Identification: 0x870a (34570) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 84, Ack: 40, Len: 208 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 208] Sequence Number: 84 (relative sequence number) Sequence Number (raw): 3881621528 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 40 (relative ack number) Acknowledgment number (raw): 2885609347 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbd19 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.021602000 seconds] [Time since previous frame in this TCP stream: 0.000296000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 154] [The RTT to ACK the segment was: 0.000296000 seconds] [iRTT: 0.000638000 seconds] [Bytes in flight: 208] [Bytes sent since last PSH flag: 208] TCP payload (208 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 203 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 199 Version: TLS 1.2 (0x0303) Random: 63999962c27cf2831fef2bc21fbf3bf92bfd0c364450119cffc0af816e3a8866 GMT Unix Time: Dec 14, 2022 10:37:38.000000000 W. Europe Standard Time Random Bytes: c27cf2831fef2bc21fbf3bf92bfd0c364450119cffc0af816e3a8866 Session ID Length: 0 Cipher Suites Length: 38 Cipher Suites (19 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 120 Extension: server_name (len=28) Type: server_name (0) Length: 28 Server Name Indication extension Server Name list length: 26 Server Name Type: host_name (0) Server Name length: 23 Server Name: ens.rest.gti.mcafee.com Extension: status_request (len=5) Type: status_request (5) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: supported_groups (len=8) Type: supported_groups (10) Length: 8 Supported Groups List Length: 6 Supported Groups (3 groups) Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018) Extension: ec_point_formats (len=2) Type: ec_point_formats (11) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms (len=26) Type: signature_algorithms (13) Length: 26 Signature Hash Algorithms Length: 24 Signature Hash Algorithms (12 algorithms) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: SM2 (4) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: SHA1 DSA (0x0202) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Extension: session_ticket (len=0) Type: session_ticket (35) Length: 0 Data (0 bytes) Extension: application_layer_protocol_negotiation (len=14) Type: application_layer_protocol_negotiation (16) Length: 14 ALPN Extension Length: 12 ALPN Protocol ALPN string length: 2 ALPN Next Protocol: h2 ALPN string length: 8 ALPN Next Protocol: http/1.1 Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 [JA3 Fullstring: 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0] [JA3: 28a2c9bd18a11de089ef85a160da29e4] No. Time Source Destination Protocol Length Info 156 2.207533 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX Frame 156: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.954352000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.954352000 seconds [Time delta from previous captured frame: 0.014112000 seconds] [Time delta from previous displayed frame: 0.014112000 seconds] [Time since reference or first frame: 2.207533000 seconds] Frame Number: 156 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1e02 (7682) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9ee [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0x06b2 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.200109000 seconds] [Time since previous frame: 0.017519000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb901c08b ReceiveWindowSize: 11952 Flags: 0xd6e0, CN, CWR, Syn lossy, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1000 .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 157 2.222558 134.188.170.175 134.188.170.174 RDPUDP 1027 CORRELATIONID,AOA Frame 157: 1027 bytes on wire (8216 bits), 1027 bytes captured (8216 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.969377000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.969377000 seconds [Time delta from previous captured frame: 0.015025000 seconds] [Time delta from previous displayed frame: 0.015025000 seconds] [Time since reference or first frame: 2.222558000 seconds] Frame Number: 157 Frame Length: 1027 bytes (8216 bits) Capture Length: 1027 bytes (8216 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1013 Identification: 0xdb00 (56064) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 993 Checksum: 0x66c9 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.215134000 seconds] [Time since previous frame: 0.015025000 seconds] UDP payload (985 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c08c ReceiveWindowSize: 11948 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 030303cd00000000000028f882816e4a snResetSeqNum: 0xba4e66d9 No. Time Source Destination Protocol Length Info 158 2.233151 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=103 Ack=1204 Win=63590 Len=0 Frame 158: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.979970000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.979970000 seconds [Time delta from previous captured frame: 0.010593000 seconds] [Time delta from previous displayed frame: 0.010593000 seconds] [Time since reference or first frame: 2.233151000 seconds] Frame Number: 158 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb01 (56065) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 103, Ack: 1204, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 103 (relative sequence number) Sequence Number (raw): 1607889453 [Next Sequence Number: 103 (relative sequence number)] Acknowledgment Number: 1204 (relative ack number) Acknowledgment number (raw): 3951498766 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63590 [Calculated window size: 63590] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 2.233151000 seconds] [Time since previous frame in this TCP stream: 0.040560000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 153] [The RTT to ACK the segment was: 0.040560000 seconds] No. Time Source Destination Protocol Length Info 159 2.233247 134.188.4.7 134.188.170.175 TCP 60 81 → 57755 [ACK] Seq=40 Ack=292 Win=29200 Len=0 Frame 159: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.980066000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.980066000 seconds [Time delta from previous captured frame: 0.000096000 seconds] [Time delta from previous displayed frame: 0.000096000 seconds] [Time since reference or first frame: 2.233247000 seconds] Frame Number: 159 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x7f5c (32604) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x0345 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 40, Ack: 292, Len: 0 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 40 (relative sequence number) Sequence Number (raw): 2885609347 [Next Sequence Number: 40 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 3881621736 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xa16c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.061428000 seconds] [Time since previous frame in this TCP stream: 0.039826000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 155] [The RTT to ACK the segment was: 0.039826000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 160 2.237634 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX Frame 160: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.984453000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.984453000 seconds [Time delta from previous captured frame: 0.004387000 seconds] [Time delta from previous displayed frame: 0.004387000 seconds] [Time since reference or first frame: 2.237634000 seconds] Frame Number: 160 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1e03 (7683) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9ed [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0xe8ec [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.230210000 seconds] [Time since previous frame: 0.015076000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb901c08c ReceiveWindowSize: 11892 Flags: 0xf6e0, CN, CWR, Syn lossy, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0e00 .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 161 2.238909 134.188.4.7 134.188.170.175 TLSv1.2 1514 Server Hello Frame 161: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.985728000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.985728000 seconds [Time delta from previous captured frame: 0.001275000 seconds] [Time delta from previous displayed frame: 0.001275000 seconds] [Time since reference or first frame: 2.238909000 seconds] Frame Number: 161 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0x7f5d (32605) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xfd8f [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 40, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 40 (relative sequence number) Sequence Number (raw): 2885609347 [Next Sequence Number: 1500 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 3881621736 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xbd1c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.067090000 seconds] [Time since previous frame in this TCP stream: 0.005662000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 1460] [Bytes sent since last PSH flag: 1460] TCP payload (1460 bytes) [Reassembled PDU in frame: 168] TCP segment data (1394 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 61 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 57 Version: TLS 1.2 (0x0303) Random: 5e0e02955af1b1074c5bace680abe642d37c7c2b4ee7626308bb745ceb5becca GMT Unix Time: Jan 2, 2020 15:47:49.000000000 W. Europe Standard Time Random Bytes: 5af1b1074c5bace680abe642d37c7c2b4ee7626308bb745ceb5becca Session ID Length: 0 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Compression Method: null (0) Extensions Length: 17 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Extension: ec_point_formats (len=4) Type: ec_point_formats (11) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: session_ticket (len=0) Type: session_ticket (35) Length: 0 Data (0 bytes) [JA3S Fullstring: 771,49200,65281-11-35] [JA3S: e35df3e00ca4ef31d42b34bebaa2f86e] No. Time Source Destination Protocol Length Info 162 2.238943 134.188.4.7 134.188.170.175 TCP 1514 81 → 57755 [ACK] Seq=1500 Ack=292 Win=29200 Len=1460 [TCP segment of a reassembled PDU] Frame 162: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.985762000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.985762000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.000034000 seconds] [Time since reference or first frame: 2.238943000 seconds] Frame Number: 162 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0x7f5e (32606) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xfd8e [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 1500, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 1500 (relative sequence number) Sequence Number (raw): 2885610807 [Next Sequence Number: 2960 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 3881621736 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xbc22 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.067124000 seconds] [Time since previous frame in this TCP stream: 0.000034000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 2920] [Bytes sent since last PSH flag: 2920] TCP payload (1460 bytes) [Reassembled PDU in frame: 168] TCP segment data (1460 bytes) No. Time Source Destination Protocol Length Info 163 2.238943 134.188.4.7 134.188.170.175 TCP 1230 81 → 57755 [PSH, ACK] Seq=2960 Ack=292 Win=29200 Len=1176 [TCP segment of a reassembled PDU] Frame 163: 1230 bytes on wire (9840 bits), 1230 bytes captured (9840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.985762000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.985762000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 2.238943000 seconds] Frame Number: 163 Frame Length: 1230 bytes (9840 bits) Capture Length: 1230 bytes (9840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1216 Identification: 0x7f5f (32607) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xfea9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 2960, Ack: 292, Len: 1176 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1176] Sequence Number: 2960 (relative sequence number) Sequence Number (raw): 2885612267 [Next Sequence Number: 4136 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 3881621736 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x6b3f [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.067124000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 4096] [Bytes sent since last PSH flag: 4096] TCP payload (1176 bytes) [Reassembled PDU in frame: 168] TCP segment data (1176 bytes) No. Time Source Destination Protocol Length Info 164 2.238966 134.188.170.175 134.188.4.7 TCP 54 57755 → 81 [ACK] Seq=292 Ack=4136 Win=262656 Len=0 Frame 164: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.985785000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.985785000 seconds [Time delta from previous captured frame: 0.000023000 seconds] [Time delta from previous displayed frame: 0.000023000 seconds] [Time since reference or first frame: 2.238966000 seconds] Frame Number: 164 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x870b (34571) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 292, Ack: 4136, Len: 0 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 3881621736 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 4136 (relative ack number) Acknowledgment number (raw): 2885613443 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.067147000 seconds] [Time since previous frame in this TCP stream: 0.000023000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 163] [The RTT to ACK the segment was: 0.000023000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 165 2.240059 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 165: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.986878000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.986878000 seconds [Time delta from previous captured frame: 0.001093000 seconds] [Time delta from previous displayed frame: 0.001093000 seconds] [Time since reference or first frame: 2.240059000 seconds] Frame Number: 165 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e04 (7684) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79ca [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1204, Ack: 103, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1204 (relative sequence number) Sequence Number (raw): 3951498766 [Next Sequence Number: 1247 (relative sequence number)] Acknowledgment Number: 103 (relative ack number) Acknowledgment number (raw): 1607889453 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 8212] [Window size scaling factor: -1 (unknown)] Checksum: 0x5edb [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 2.240059000 seconds] [Time since previous frame in this TCP stream: 0.006908000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000217239ef8b0d26bbff0bdd9d8f0eb97fe503f8e074f419a32951fbdb0d2e… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 166 2.240103 134.188.4.7 134.188.170.175 TCP 1514 81 → 57755 [ACK] Seq=4136 Ack=292 Win=29200 Len=1460 [TCP segment of a reassembled PDU] Frame 166: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.986922000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.986922000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000044000 seconds] [Time since reference or first frame: 2.240103000 seconds] Frame Number: 166 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0x7f60 (32608) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xfd8c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 4136, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 4136 (relative sequence number) Sequence Number (raw): 2885613443 [Next Sequence Number: 5596 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 3881621736 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x2dba [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.068284000 seconds] [Time since previous frame in this TCP stream: 0.001137000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 1460] [Bytes sent since last PSH flag: 1460] TCP payload (1460 bytes) [Reassembled PDU in frame: 168] TCP segment data (1460 bytes) No. Time Source Destination Protocol Length Info 167 2.240129 134.188.170.175 134.188.4.7 TCP 54 57755 → 81 [ACK] Seq=292 Ack=5596 Win=262656 Len=0 Frame 167: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.986948000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.986948000 seconds [Time delta from previous captured frame: 0.000026000 seconds] [Time delta from previous displayed frame: 0.000026000 seconds] [Time since reference or first frame: 2.240129000 seconds] Frame Number: 167 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x870c (34572) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 292, Ack: 5596, Len: 0 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 3881621736 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 5596 (relative ack number) Acknowledgment number (raw): 2885614903 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.068310000 seconds] [Time since previous frame in this TCP stream: 0.000026000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 166] [The RTT to ACK the segment was: 0.000026000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 168 2.240288 134.188.4.7 134.188.170.175 TLSv1.2 1428 Certificate, Server Key Exchange, Server Hello Done Frame 168: 1428 bytes on wire (11424 bits), 1428 bytes captured (11424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.987107000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.987107000 seconds [Time delta from previous captured frame: 0.000159000 seconds] [Time delta from previous displayed frame: 0.000159000 seconds] [Time since reference or first frame: 2.240288000 seconds] Frame Number: 168 Frame Length: 1428 bytes (11424 bits) Capture Length: 1428 bytes (11424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame [truncated]: eth:ethertype:ip:tcp:http:tls:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509ce:x509ce:x509ce:x509sat:x509sat:x509sat:x509ce:x509ce:x509ce:x509ce:pkix1implicit:x] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1414 Identification: 0x7f61 (32609) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xfde1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 5596, Ack: 292, Len: 1374 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1374] Sequence Number: 5596 (relative sequence number) Sequence Number (raw): 2885614903 [Next Sequence Number: 6970 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 3881621736 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x882d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.068469000 seconds] [Time since previous frame in this TCP stream: 0.000159000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 1374] [Bytes sent since last PSH flag: 2834] TCP payload (1374 bytes) TCP segment data (1027 bytes) [5 Reassembled TCP Segments (6517 bytes): #161(1394), #162(1460), #163(1176), #166(1460), #168(1027)] [Frame: 161, payload: 0-1393 (1394 bytes)] [Frame: 162, payload: 1394-2853 (1460 bytes)] [Frame: 163, payload: 2854-4029 (1176 bytes)] [Frame: 166, payload: 4030-5489 (1460 bytes)] [Frame: 168, payload: 5490-6516 (1027 bytes)] [Segment count: 5] [Reassembled TCP length: 6517] [Reassembled TCP Data: 16030319700b00196c0019690005a7308205a33082048ba00302010202142c3e08082e04…] Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Certificate Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 6512 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 6508 Certificates Length: 6505 Certificates (6505 bytes) Certificate Length: 1447 Certificate: 308205a33082048ba00302010202142c3e08082e0418d27bf05b81f5d99ce75167c91630… (id-at-commonName=ens.rest.gti.mcafee.com,id-at-organizationalUnitName=Enterprise,id-at-organizationName=McAfee, Inc.,id-at-stateOrProvinceName=Califo signedCertificate version: v3 (2) serialNumber: 0x2c3e08082e0418d27bf05b81f5d99ce75167c916 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B.V.,id-at-localityName=Venlo,id-at-stateOrProvinceName=Limburg,id-at RDNSequence item: 1 item (id-at-countryName=NL) RelativeDistinguishedName item (id-at-countryName=NL) Object Id: 2.5.4.6 (id-at-countryName) CountryName: NL RDNSequence item: 1 item (id-at-stateOrProvinceName=Limburg) RelativeDistinguishedName item (id-at-stateOrProvinceName=Limburg) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Limburg RDNSequence item: 1 item (id-at-localityName=Venlo) RelativeDistinguishedName item (id-at-localityName=Venlo) Object Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Venlo RDNSequence item: 1 item (id-at-organizationName=Canon Production Printing Netherlands B.V.) RelativeDistinguishedName item (id-at-organizationName=Canon Production Printing Netherlands B.V.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Canon Production Printing Netherlands B.V. RDNSequence item: 1 item (id-at-organizationalUnitName=ICS Infrastructure) RelativeDistinguishedName item (id-at-organizationalUnitName=ICS Infrastructure) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: ICS Infrastructure RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway CA) RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: McAfee Web Gateway CA validity notBefore: utcTime (0) utcTime: 2022-08-09 15:46:24 (UTC) notAfter: utcTime (0) utcTime: 2023-08-09 15:46:24 (UTC) subject: rdnSequence (0) rdnSequence: 5 items (id-at-commonName=ens.rest.gti.mcafee.com,id-at-organizationalUnitName=Enterprise,id-at-organizationName=McAfee, Inc.,id-at-stateOrProvinceName=California,id-at-countryName=US) RDNSequence item: 1 item (id-at-countryName=US) RelativeDistinguishedName item (id-at-countryName=US) Object Id: 2.5.4.6 (id-at-countryName) CountryName: US RDNSequence item: 1 item (id-at-stateOrProvinceName=California) RelativeDistinguishedName item (id-at-stateOrProvinceName=California) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: California RDNSequence item: 1 item (id-at-organizationName=McAfee, Inc.) RelativeDistinguishedName item (id-at-organizationName=McAfee, Inc.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: McAfee, Inc. RDNSequence item: 1 item (id-at-organizationalUnitName=Enterprise) RelativeDistinguishedName item (id-at-organizationalUnitName=Enterprise) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: Enterprise RDNSequence item: 1 item (id-at-commonName=ens.rest.gti.mcafee.com) RelativeDistinguishedName item (id-at-commonName=ens.rest.gti.mcafee.com) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: uTF8String (4) uTF8String: ens.rest.gti.mcafee.com subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100da9dcba890a39434019f2876d11d614a3cb65033b527229fa5220b… modulus: 0x00da9dcba890a39434019f2876d11d614a3cb65033b527229fa5220bb763a4da3ba4e5dd… publicExponent: 65537 extensions: 8 items Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) BasicConstraintsSyntax [0 length] Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 933f1819451e3e145ce4ae58d1fdc4cba75bb21f Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 9806d998332d0fc29cddbe1f5e0a6854f948f6b8 authorityCertIssuer: 1 item GeneralName: directoryName (4) directoryName: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA authorityCertSerialNumber: 0x54caff80000200001fe7 Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 5 KeyUsage: a0 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..1. .... = keyEncipherment: True ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .0.. = keyCertSign: False .... ..0. = cRLSign: False .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 1 item KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) Extension (id-ce-subjectAltName) Extension Id: 2.5.29.17 (id-ce-subjectAltName) GeneralNames: 3 items GeneralName: dNSName (2) dNSName: ens.rest.gti.mcafee.com GeneralName: dNSName (2) dNSName: *.rest.gti.mcafee.com GeneralName: dNSName (2) dNSName: rest.gti.mcafee.com Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 1 item GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://crl.mwginternal.com/crl/0/18389/8579bbc44b4fcd21e15a90745cd22bb3caf8265e/crl.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 1 item AccessDescription accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) accessLocation: 6 uniformResourceIdentifier: http://ocsp.mwginternal.com/ocsp/0/18389/8579bbc44b4fcd21e15a90745cd22bb3caf8265e algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 21c9530c1b84d65ae2d073f51161b78752c9e238b6f1464d555291727c0ce60f3cf50712… Certificate Length: 1773 Certificate: 308206e9308205d1a003020102020a54caff80000200001fe7300d06092a864886f70d01… (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B signedCertificate version: v3 (2) serialNumber: 0x54caff80000200001fe7 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA validity notBefore: utcTime (0) utcTime: 2021-10-01 11:34:04 (UTC) notAfter: utcTime (0) utcTime: 2023-10-01 11:44:04 (UTC) subject: rdnSequence (0) rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B.V.,id-at-localityName=Venlo,id-at-stateOrProvinceName=Limburg,id-at RDNSequence item: 1 item (id-at-countryName=NL) RelativeDistinguishedName item (id-at-countryName=NL) Object Id: 2.5.4.6 (id-at-countryName) CountryName: NL RDNSequence item: 1 item (id-at-stateOrProvinceName=Limburg) RelativeDistinguishedName item (id-at-stateOrProvinceName=Limburg) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Limburg RDNSequence item: 1 item (id-at-localityName=Venlo) RelativeDistinguishedName item (id-at-localityName=Venlo) Object Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Venlo RDNSequence item: 1 item (id-at-organizationName=Canon Production Printing Netherlands B.V.) RelativeDistinguishedName item (id-at-organizationName=Canon Production Printing Netherlands B.V.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Canon Production Printing Netherlands B.V. RDNSequence item: 1 item (id-at-organizationalUnitName=ICS Infrastructure) RelativeDistinguishedName item (id-at-organizationalUnitName=ICS Infrastructure) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: ICS Infrastructure RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway CA) RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: McAfee Web Gateway CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100d3e326ce455c21bf9c403538fe0604faa6aa89c8cfe5f49dfb37c7… modulus: 0x00d3e326ce455c21bf9c403538fe0604faa6aa89c8cfe5f49dfb37c75b782ad1af7b63a2… publicExponent: 65537 extensions: 9 items Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 1 item KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) Extension (id-smime-capabilities) Extension Id: 1.2.840.113549.1.9.15 (id-smime-capabilities) SMIMECapabilities: 8 items SMIMECapability rc2-cbc (128 bits) attrType: 1.2.840.113549.3.2 (rc2-cbc) RC2CBCParameters: rc2WrapParameter (0) rc2WrapParameter: 128 SMIMECapability id-alg-rc4 (128 bits) attrType: 1.2.840.113549.3.4 (id-alg-rc4) RC2CBCParameters: rc2WrapParameter (0) rc2WrapParameter: 128 SMIMECapability id-aes256-CBC attrType: 2.16.840.1.101.3.4.1.42 (id-aes256-CBC) SMIMECapability id-aes256-wrap attrType: 2.16.840.1.101.3.4.1.45 (id-aes256-wrap) SMIMECapability id-aes128-CBC attrType: 2.16.840.1.101.3.4.1.2 (id-aes128-CBC) SMIMECapability id-aes128-wrap attrType: 2.16.840.1.101.3.4.1.5 (id-aes128-wrap) SMIMECapability id-alg-des-cbc attrType: 1.3.14.3.2.7 (id-alg-des-cbc) SMIMECapability des-ede3-cbc attrType: 1.2.840.113549.3.7 (des-ede3-cbc) Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 9806d998332d0fc29cddbe1f5e0a6854f948f6b8 Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 89f7dc5ba4bbbdc4edc02858b9405171e6b157d9 Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 2 items GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Enterprise%20CA,CN=ocepki,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Enterprise%20CA.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Enterprise%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?cACertificate?base?objectClass=certificationAuthority AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Enterprise%20CA(2).crt Extension (id-ms-certificate-template-name) Extension Id: 1.3.6.1.4.1.311.20.2 (id-ms-certificate-template-name) BMPString: SubCA Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 4890c881bd785b0f5cc1dbf3ce7c1cebf8a86d9c6f5eaba4170f57e276e3c6b99e3afd09… Certificate Length: 1833 Certificate: 308207253082050da003020102020a61e38e4e000100000005300d06092a864886f70d01… (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) signedCertificate version: v3 (2) serialNumber: 0x61e38e4e000100000005 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA validity notBefore: utcTime (0) utcTime: 2016-01-14 11:51:45 (UTC) notAfter: utcTime (0) utcTime: 2026-01-14 12:01:45 (UTC) subject: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100be5cf302db1b4c47e4864d439322ff49a816fe64da5cb437ab4a80… modulus: 0x00be5cf302db1b4c47e4864d439322ff49a816fe64da5cb437ab4a8052551e49d2869d02… publicExponent: 65537 extensions: 9 items Extension (id-ms-ca-version) Extension Id: 1.3.6.1.4.1.311.21.1 (id-ms-ca-version) Integer: 2 Extension (id-ms-previous-cert-hash) Extension Id: 1.3.6.1.4.1.311.21.2 (id-ms-previous-cert-hash) OctetString: eeccbf9df7ba8cc4d2f51fd152c9816dd6ea134c Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 89f7dc5ba4bbbdc4edc02858b9405171e6b157d9 Extension (id-ms-certificate-template-name) Extension Id: 1.3.6.1.4.1.311.20.2 (id-ms-certificate-template-name) BMPString: SubCA Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 256a9ca4e229c5f38e035c1c01ae19a14094bc65 Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 2 items GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Root%20CA,CN=ocepki,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Root%20CA.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?cACertificate?base?objectClass=certificationAuthority AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Root%20CA(1).crt algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: bd7e0306f4761119f40ad71d5c02c1f44066a6d579992a6342ac9e8e3ecd1066ed9b198f… Certificate Length: 1440 Certificate: 3082059c30820384a00302010202106ba828e3411be8b546bd8b3eeb042847300d06092a… (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) signedCertificate version: v3 (2) serialNumber: 0x6ba828e3411be8b546bd8b3eeb042847 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA validity notBefore: utcTime (0) utcTime: 2004-02-20 10:59:24 (UTC) notAfter: utcTime (0) utcTime: 2036-01-14 08:26:21 (UTC) subject: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082020a0282020100defe6b966b39e9dbc96e53cd3438cc2ed8a62932f8bf9fc7e970d1… modulus: 0x00defe6b966b39e9dbc96e53cd3438cc2ed8a62932f8bf9fc7e970d1e963ecc1e48d043a… publicExponent: 65537 extensions: 5 items Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 256a9ca4e229c5f38e035c1c01ae19a14094bc65 Extension (id-ms-ca-version) Extension Id: 1.3.6.1.4.1.311.21.1 (id-ms-ca-version) Integer: 1 Extension (id-ms-previous-cert-hash) Extension Id: 1.3.6.1.4.1.311.21.2 (id-ms-previous-cert-hash) OctetString: 4a0613d3ff0a3c885ffabf5a2cf865a2d7edd1a8 algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: a817bf98035b3d463eb8c52c87bf940e51a61d9df04a1dc34c3ef54efd8a591ccfeefd35… Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 333 Handshake Protocol: Server Key Exchange Handshake Type: Server Key Exchange (12) Length: 329 EC Diffie-Hellman Server Params Curve Type: named_curve (0x03) Named Curve: secp256r1 (0x0017) Pubkey Length: 65 Pubkey: 049f6684686295b3170b1d28bb92b9acd64eb32f0a19014b26a0dbbbae965e9cbc589757… Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Length: 256 Signature: 46378c07f2ff305ea495b6256ee72983efd221bfd2ee201a839278a5a8cb91c67c45200e… TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 4 Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 No. Time Source Destination Protocol Length Info 169 2.241675 134.188.170.175 134.188.4.7 TLSv1.2 180 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message Frame 169: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.988494000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.988494000 seconds [Time delta from previous captured frame: 0.001387000 seconds] [Time delta from previous displayed frame: 0.001387000 seconds] [Time since reference or first frame: 2.241675000 seconds] Frame Number: 169 Frame Length: 180 bytes (1440 bits) Capture Length: 180 bytes (1440 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 166 Identification: 0x870d (34573) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 292, Ack: 6970, Len: 126 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 126] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 3881621736 [Next Sequence Number: 418 (relative sequence number)] Acknowledgment Number: 6970 (relative ack number) Acknowledgment number (raw): 2885616277 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1021 [Calculated window size: 261376] [Window size scaling factor: 256] Checksum: 0xbcc7 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.069856000 seconds] [Time since previous frame in this TCP stream: 0.001387000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 168] [The RTT to ACK the segment was: 0.001387000 seconds] [iRTT: 0.000638000 seconds] [Bytes in flight: 126] [Bytes sent since last PSH flag: 126] TCP payload (126 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 70 Handshake Protocol: Client Key Exchange Handshake Type: Client Key Exchange (16) Length: 66 EC Diffie-Hellman Client Params Pubkey Length: 65 Pubkey: 04cc57ba6c62b15d6b97649879dae64f361acf3b1bc4e38d1be602d22bb8df056d4ae951… TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 40 Handshake Protocol: Encrypted Handshake Message No. Time Source Destination Protocol Length Info 170 2.242100 134.188.4.7 134.188.170.175 TCP 60 81 → 57755 [ACK] Seq=6970 Ack=418 Win=29200 Len=0 Frame 170: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.988919000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.988919000 seconds [Time delta from previous captured frame: 0.000425000 seconds] [Time delta from previous displayed frame: 0.000425000 seconds] [Time since reference or first frame: 2.242100000 seconds] Frame Number: 170 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x7f62 (32610) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x033f [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 6970, Ack: 418, Len: 0 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 6970 (relative sequence number) Sequence Number (raw): 2885616277 [Next Sequence Number: 6970 (relative sequence number)] Acknowledgment Number: 418 (relative ack number) Acknowledgment number (raw): 3881621862 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x85dc [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.070281000 seconds] [Time since previous frame in this TCP stream: 0.000425000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 169] [The RTT to ACK the segment was: 0.000425000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 171 2.242703 134.188.4.7 134.188.170.175 TLSv1.2 312 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message Frame 171: 312 bytes on wire (2496 bits), 312 bytes captured (2496 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.989522000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.989522000 seconds [Time delta from previous captured frame: 0.000603000 seconds] [Time delta from previous displayed frame: 0.000603000 seconds] [Time since reference or first frame: 2.242703000 seconds] Frame Number: 171 Frame Length: 312 bytes (2496 bits) Capture Length: 312 bytes (2496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 298 Identification: 0x7f63 (32611) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x023c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 6970, Ack: 418, Len: 258 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 258] Sequence Number: 6970 (relative sequence number) Sequence Number (raw): 2885616277 [Next Sequence Number: 7228 (relative sequence number)] Acknowledgment Number: 418 (relative ack number) Acknowledgment number (raw): 3881621862 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x5031 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.070884000 seconds] [Time since previous frame in this TCP stream: 0.000603000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 258] [Bytes sent since last PSH flag: 258] TCP payload (258 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 202 Handshake Protocol: New Session Ticket Handshake Type: New Session Ticket (4) Length: 198 TLS Session Ticket Session Ticket Lifetime Hint: 300 seconds (5 minutes) Session Ticket Length: 192 Session Ticket: 567e395e5867e9cdd391821dc715057783b685f6974d7cd42d77b7607eadd96f06ed1278… TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 40 Handshake Protocol: Encrypted Handshake Message No. Time Source Destination Protocol Length Info 172 2.243232 134.188.170.175 134.188.4.7 TLSv1.2 406 Application Data Frame 172: 406 bytes on wire (3248 bits), 406 bytes captured (3248 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.990051000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.990051000 seconds [Time delta from previous captured frame: 0.000529000 seconds] [Time delta from previous displayed frame: 0.000529000 seconds] [Time since reference or first frame: 2.243232000 seconds] Frame Number: 172 Frame Length: 406 bytes (3248 bits) Capture Length: 406 bytes (3248 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 392 Identification: 0x870e (34574) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 418, Ack: 7228, Len: 352 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 352] Sequence Number: 418 (relative sequence number) Sequence Number (raw): 3881621862 [Next Sequence Number: 770 (relative sequence number)] Acknowledgment Number: 7228 (relative ack number) Acknowledgment number (raw): 2885616535 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbda9 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.071413000 seconds] [Time since previous frame in this TCP stream: 0.000529000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 171] [The RTT to ACK the segment was: 0.000529000 seconds] [iRTT: 0.000638000 seconds] [Bytes in flight: 352] [Bytes sent since last PSH flag: 352] TCP payload (352 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 347 Encrypted Application Data: 00000000000000019b3272aa6cc29216dd7590705943a1dd195ff8921ccd83e025f5640e… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 173 2.243261 134.188.170.175 134.188.4.7 TLSv1.2 335 Application Data Frame 173: 335 bytes on wire (2680 bits), 335 bytes captured (2680 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.990080000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.990080000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 2.243261000 seconds] Frame Number: 173 Frame Length: 335 bytes (2680 bits) Capture Length: 335 bytes (2680 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 321 Identification: 0x870f (34575) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 770, Ack: 7228, Len: 281 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 281] Sequence Number: 770 (relative sequence number) Sequence Number (raw): 3881622214 [Next Sequence Number: 1051 (relative sequence number)] Acknowledgment Number: 7228 (relative ack number) Acknowledgment number (raw): 2885616535 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbd62 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.071442000 seconds] [Time since previous frame in this TCP stream: 0.000029000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 633] [Bytes sent since last PSH flag: 281] TCP payload (281 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 276 Encrypted Application Data: 0000000000000002cf7167408b2e5b03ab5c9a6245563e814dfaac2d5a2b2c4b30d0498a… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 174 2.244237 134.188.4.7 134.188.170.175 TCP 60 81 → 57755 [ACK] Seq=7228 Ack=1051 Win=31344 Len=0 Frame 174: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.991056000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.991056000 seconds [Time delta from previous captured frame: 0.000976000 seconds] [Time delta from previous displayed frame: 0.000976000 seconds] [Time since reference or first frame: 2.244237000 seconds] Frame Number: 174 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x7f64 (32612) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x033d [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 7228, Ack: 1051, Len: 0 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 7228 (relative sequence number) Sequence Number (raw): 2885616535 [Next Sequence Number: 7228 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 3881622495 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x8049 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.072418000 seconds] [Time since previous frame in this TCP stream: 0.000976000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 173] [The RTT to ACK the segment was: 0.000976000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 175 2.248799 134.188.170.175 134.188.143.108 NBNS 110 Refresh NB OCEVENLO<00> Frame 175: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:38.995618000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010658.995618000 seconds [Time delta from previous captured frame: 0.004562000 seconds] [Time delta from previous displayed frame: 0.004562000 seconds] [Time since reference or first frame: 2.248799000 seconds] Frame Number: 175 Frame Length: 110 bytes (880 bits) Capture Length: 110 bytes (880 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:nbns] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || netbios] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.143.108 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 96 Identification: 0xf639 (63033) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.143.108 User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Length: 76 Checksum: 0x47f2 [unverified] [Checksum Status: Unverified] [Stream index: 1] [Timestamps] [Time since first frame: 1.515206000 seconds] [Time since previous frame: 1.515206000 seconds] UDP payload (68 bytes) NetBIOS Name Service Transaction ID: 0xf282 Flags: 0x4000, Opcode: Refresh 0... .... .... .... = Response: Message is a query .100 0... .... .... = Opcode: Refresh (8) .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... ...0 .... = Broadcast: Not a broadcast packet Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries OCEVENLO<00>: type NB, class IN Name: OCEVENLO<00> (Workstation/Redirector) Type: NB (32) Class: IN (1) Additional records OCEVENLO<00>: type NB, class IN Name: OCEVENLO<00> (Workstation/Redirector) Type: NB (32) Class: IN (1) Time to live: 3 days, 11 hours, 20 minutes Data length: 6 Name flags: 0xe000, Name type, ONT: Unknown (H-node, group) 1... .... .... .... = Name type: Group name .11. .... .... .... = ONT: Unknown (3) Addr: 134.188.170.175 No. Time Source Destination Protocol Length Info 176 2.256275 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 176: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.003094000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.003094000 seconds [Time delta from previous captured frame: 0.007476000 seconds] [Time delta from previous displayed frame: 0.007476000 seconds] [Time since reference or first frame: 2.256275000 seconds] Frame Number: 176 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb02 (56066) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.248851000 seconds] [Time since previous frame: 0.018641000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c08d ReceiveWindowSize: 11949 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028f953a32af8 snResetSeqNum: 0x6d4b36cb No. Time Source Destination Protocol Length Info 177 2.256335 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 177: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.003154000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.003154000 seconds [Time delta from previous captured frame: 0.000060000 seconds] [Time delta from previous displayed frame: 0.000060000 seconds] [Time since reference or first frame: 2.256335000 seconds] Frame Number: 177 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb03 (56067) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.248911000 seconds] [Time since previous frame: 0.000060000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xe104c08e ReceiveWindowSize: 11950 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: ba3d5f1a666f3c1219e685b846d4a868 snResetSeqNum: 0xc14bea17 No. Time Source Destination Protocol Length Info 178 2.256363 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 178: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.003182000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.003182000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 2.256363000 seconds] Frame Number: 178 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb04 (56068) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.248939000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0304c08f ReceiveWindowSize: 11951 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: eb7e319634761192cd9212e498e42b2e snResetSeqNum: 0xaf2d3af4 No. Time Source Destination Protocol Length Info 179 2.256416 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 179: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.003235000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.003235000 seconds [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.000053000 seconds] [Time since reference or first frame: 2.256416000 seconds] Frame Number: 179 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb05 (56069) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.248992000 seconds] [Time since previous frame: 0.000053000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x7c04c090 ReceiveWindowSize: 11952 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 815c05fbbb2910249efbcea17cce37a3 snResetSeqNum: 0x78f854d8 No. Time Source Destination Protocol Length Info 180 2.256470 134.188.170.175 134.188.170.174 RDPUDP 857 CORRELATIONID,AOA Frame 180: 857 bytes on wire (6856 bits), 857 bytes captured (6856 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.003289000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.003289000 seconds [Time delta from previous captured frame: 0.000054000 seconds] [Time delta from previous displayed frame: 0.000054000 seconds] [Time since reference or first frame: 2.256470000 seconds] Frame Number: 180 Frame Length: 857 bytes (6856 bits) Capture Length: 857 bytes (6856 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 843 Identification: 0xdb06 (56070) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 823 Checksum: 0x661f [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.249046000 seconds] [Time since previous frame: 0.000054000 seconds] UDP payload (815 bytes) UDP Remote Desktop Protocol snSourceAck: 0xd004c091 ReceiveWindowSize: 11953 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 610237067d7fac720ff2c8a5666fd6d2 snResetSeqNum: 0x4fe0ee8a No. Time Source Destination Protocol Length Info 181 2.260658 134.188.170.1 224.0.0.18 VRRP 60 Announcement (v2) Frame 181: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.007477000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.007477000 seconds [Time delta from previous captured frame: 0.004188000 seconds] [Time delta from previous displayed frame: 0.004188000 seconds] [Time since reference or first frame: 2.260658000 seconds] Frame Number: 181 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:vrrp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: IPv4mcast_12 (01:00:5e:00:00:12) Destination: IPv4mcast_12 (01:00:5e:00:00:12) Address: IPv4mcast_12 (01:00:5e:00:00:12) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.18 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0000 (0) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 255 Protocol: VRRP (112) Header Checksum: 0xa9d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.18 Virtual Router Redundancy Protocol Version 2, Packet type 1 (Advertisement) 0010 .... = VRRP protocol version: 2 .... 0001 = VRRP packet type: Advertisement (1) Virtual Rtr ID: 170 Priority: 255 (This VRRP router owns the virtual router's IP address(es)) Addr Count: 1 Auth Type: No Authentication (0) Adver Int: 1 Checksum: 0xae94 [correct] [Checksum Status: Good] IP Address: 134.188.170.1 No. Time Source Destination Protocol Length Info 182 2.277785 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX,AOA Frame 182: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.024604000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.024604000 seconds [Time delta from previous captured frame: 0.017127000 seconds] [Time delta from previous displayed frame: 0.017127000 seconds] [Time since reference or first frame: 2.277785000 seconds] Frame Number: 182 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 42 Identification: 0x1e05 (7685) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9e7 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 22 Checksum: 0x54a7 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 2.270361000 seconds] [Time since previous frame: 0.021315000 seconds] UDP payload (14 bytes) UDP Remote Desktop Protocol snSourceAck: 0xba01c091 ReceiveWindowSize: 12016 Flags: 0x17e0, CN, CWR, Ack of Acks, Syn lossy, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1304 .... ...0 = Version info: False snResetSeqNum: 0x3b4a316f No. Time Source Destination Protocol Length Info 183 2.295694 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=103 Ack=1247 Win=63547 Len=0 Frame 183: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.042513000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.042513000 seconds [Time delta from previous captured frame: 0.017909000 seconds] [Time delta from previous displayed frame: 0.017909000 seconds] [Time since reference or first frame: 2.295694000 seconds] Frame Number: 183 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb07 (56071) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 103, Ack: 1247, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 103 (relative sequence number) Sequence Number (raw): 1607889453 [Next Sequence Number: 103 (relative sequence number)] Acknowledgment Number: 1247 (relative ack number) Acknowledgment number (raw): 3951498809 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63547 [Calculated window size: 63547] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 2.295694000 seconds] [Time since previous frame in this TCP stream: 0.055635000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 165] [The RTT to ACK the segment was: 0.055635000 seconds] No. Time Source Destination Protocol Length Info 184 2.305061 134.188.4.7 134.188.170.175 TLSv1.2 584 Application Data Frame 184: 584 bytes on wire (4672 bits), 584 bytes captured (4672 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.051880000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.051880000 seconds [Time delta from previous captured frame: 0.009367000 seconds] [Time delta from previous displayed frame: 0.009367000 seconds] [Time since reference or first frame: 2.305061000 seconds] Frame Number: 184 Frame Length: 584 bytes (4672 bits) Capture Length: 584 bytes (4672 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 570 Identification: 0x7f65 (32613) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x012a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 7228, Ack: 1051, Len: 530 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 530] Sequence Number: 7228 (relative sequence number) Sequence Number (raw): 2885616535 [Next Sequence Number: 7758 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 3881622495 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x9f36 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.133242000 seconds] [Time since previous frame in this TCP stream: 0.060824000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 530] [Bytes sent since last PSH flag: 530] TCP payload (530 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 525 Encrypted Application Data: bcf550da87f4b5dbd7f137e1d4d5ccfcfefc563d7975afe01f7a2624465270b75d91e176… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 185 2.305117 134.188.4.7 134.188.170.175 TLSv1.2 160 Application Data Frame 185: 160 bytes on wire (1280 bits), 160 bytes captured (1280 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.051936000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.051936000 seconds [Time delta from previous captured frame: 0.000056000 seconds] [Time delta from previous displayed frame: 0.000056000 seconds] [Time since reference or first frame: 2.305117000 seconds] Frame Number: 185 Frame Length: 160 bytes (1280 bits) Capture Length: 160 bytes (1280 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 146 Identification: 0x7f66 (32614) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x02d1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 7758, Ack: 1051, Len: 106 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 106] Sequence Number: 7758 (relative sequence number) Sequence Number (raw): 2885617065 [Next Sequence Number: 7864 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 3881622495 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x4b63 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.133298000 seconds] [Time since previous frame in this TCP stream: 0.000056000 seconds] [SEQ/ACK analysis] [iRTT: 0.000638000 seconds] [Bytes in flight: 636] [Bytes sent since last PSH flag: 106] TCP payload (106 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 101 Encrypted Application Data: bcf550da87f4b5dc40132c79e015208367e5a0900df1fd287c027cf942427217a6077def… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 186 2.305129 134.188.170.175 134.188.4.7 TCP 54 57755 → 81 [ACK] Seq=1051 Ack=7864 Win=262144 Len=0 Frame 186: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.051948000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.051948000 seconds [Time delta from previous captured frame: 0.000012000 seconds] [Time delta from previous displayed frame: 0.000012000 seconds] [Time since reference or first frame: 2.305129000 seconds] Frame Number: 186 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8710 (34576) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 1051, Ack: 7864, Len: 0 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1051 (relative sequence number) Sequence Number (raw): 3881622495 [Next Sequence Number: 1051 (relative sequence number)] Acknowledgment Number: 7864 (relative ack number) Acknowledgment number (raw): 2885617171 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1024 [Calculated window size: 262144] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.133310000 seconds] [Time since previous frame in this TCP stream: 0.000012000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 185] [The RTT to ACK the segment was: 0.000012000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 187 2.305499 134.188.170.175 134.188.4.7 TCP 54 57755 → 81 [FIN, ACK] Seq=1051 Ack=7864 Win=262144 Len=0 Frame 187: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.052318000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.052318000 seconds [Time delta from previous captured frame: 0.000370000 seconds] [Time delta from previous displayed frame: 0.000370000 seconds] [Time since reference or first frame: 2.305499000 seconds] Frame Number: 187 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8711 (34577) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 1051, Ack: 7864, Len: 0 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1051 (relative sequence number) Sequence Number (raw): 3881622495 [Next Sequence Number: 1052 (relative sequence number)] Acknowledgment Number: 7864 (relative ack number) Acknowledgment number (raw): 2885617171 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame initiates the connection closing] [This frame initiates the connection closing] [Severity level: Note] [Group: Sequence] Window: 1024 [Calculated window size: 262144] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.133680000 seconds] [Time since previous frame in this TCP stream: 0.000370000 seconds] No. Time Source Destination Protocol Length Info 188 2.306653 134.188.170.175 134.188.4.7 TCP 66 57756 → 81 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM Frame 188: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.053472000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.053472000 seconds [Time delta from previous captured frame: 0.001154000 seconds] [Time delta from previous displayed frame: 0.001154000 seconds] [Time since reference or first frame: 2.306653000 seconds] Frame Number: 188 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x8712 (34578) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 0, Len: 0 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 2321276707 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 0 Acknowledgment number (raw): 0 1000 .... = Header Length: 32 bytes (8) Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 81] [Connection establish request (SYN): server port 81] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window: 64240 [Calculated window size: 64240] Checksum: 0xbc55 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 8 (multiply by 256) Kind: Window Scale (3) Length: 3 Shift count: 8 [Multiplier: 256] TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 [Timestamps] [Time since first frame in this TCP stream: 0.000000000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] No. Time Source Destination Protocol Length Info 189 2.306703 134.188.4.7 134.188.170.175 TCP 60 81 → 57755 [FIN, ACK] Seq=7864 Ack=1052 Win=31344 Len=0 Frame 189: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.053522000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.053522000 seconds [Time delta from previous captured frame: 0.000050000 seconds] [Time delta from previous displayed frame: 0.000050000 seconds] [Time since reference or first frame: 2.306703000 seconds] Frame Number: 189 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x7f67 (32615) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x033a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57755, Seq: 7864, Ack: 1052, Len: 0 Source Port: 81 Destination Port: 57755 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 7864 (relative sequence number) Sequence Number (raw): 2885617171 [Next Sequence Number: 7865 (relative sequence number)] Acknowledgment Number: 1052 (relative ack number) Acknowledgment number (raw): 3881622496 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame undergoes the connection closing] [This frame undergoes the connection closing] [Severity level: Note] [Group: Sequence] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x7dcb [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.134884000 seconds] [Time since previous frame in this TCP stream: 0.001204000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 187] [The RTT to ACK the segment was: 0.001204000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 190 2.306744 134.188.170.175 134.188.4.7 TCP 54 57755 → 81 [ACK] Seq=1052 Ack=7865 Win=262144 Len=0 Frame 190: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.053563000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.053563000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.000041000 seconds] [Time since reference or first frame: 2.306744000 seconds] Frame Number: 190 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8713 (34579) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57755, Dst Port: 81, Seq: 1052, Ack: 7865, Len: 0 Source Port: 57755 Destination Port: 81 [Stream index: 1] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1052 (relative sequence number) Sequence Number (raw): 3881622496 [Next Sequence Number: 1052 (relative sequence number)] Acknowledgment Number: 7865 (relative ack number) Acknowledgment number (raw): 2885617172 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1024 [Calculated window size: 262144] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.134925000 seconds] [Time since previous frame in this TCP stream: 0.000041000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 189] [The RTT to ACK the segment was: 0.000041000 seconds] [iRTT: 0.000638000 seconds] No. Time Source Destination Protocol Length Info 191 2.307246 134.188.4.7 134.188.170.175 TCP 66 81 → 57756 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM WS=4 Frame 191: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.054065000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.054065000 seconds [Time delta from previous captured frame: 0.000502000 seconds] [Time delta from previous displayed frame: 0.000502000 seconds] [Time since reference or first frame: 2.307246000 seconds] Frame Number: 191 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x0000 (0) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x8295 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 0, Ack: 1, Len: 0 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 3535490335 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 2321276708 1000 .... = Header Length: 32 bytes (8) Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 81] [Connection establish acknowledge (SYN+ACK): server port 81] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window: 29200 [Calculated window size: 29200] Checksum: 0xd57d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 2 (multiply by 4) Kind: Window Scale (3) Length: 3 Shift count: 2 [Multiplier: 4] [Timestamps] [Time since first frame in this TCP stream: 0.000593000 seconds] [Time since previous frame in this TCP stream: 0.000593000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 188] [The RTT to ACK the segment was: 0.000593000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 192 2.307288 134.188.170.175 134.188.4.7 TCP 54 57756 → 81 [ACK] Seq=1 Ack=1 Win=2102272 Len=0 Frame 192: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.054107000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.054107000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000042000 seconds] [Time since reference or first frame: 2.307288000 seconds] Frame Number: 192 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8714 (34580) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 1, Ack: 1, Len: 0 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 2321276708 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3535490336 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8212 [Calculated window size: 2102272] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000635000 seconds] [Time since previous frame in this TCP stream: 0.000042000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 191] [The RTT to ACK the segment was: 0.000042000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 193 2.307359 134.188.170.175 134.188.4.7 HTTP 137 CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1 Frame 193: 137 bytes on wire (1096 bits), 137 bytes captured (1096 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.054178000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.054178000 seconds [Time delta from previous captured frame: 0.000071000 seconds] [Time delta from previous displayed frame: 0.000071000 seconds] [Time since reference or first frame: 2.307359000 seconds] Frame Number: 193 Frame Length: 137 bytes (1096 bits) Capture Length: 137 bytes (1096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 123 Identification: 0x8715 (34581) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 1, Ack: 1, Len: 83 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 83] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 2321276708 [Next Sequence Number: 84 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3535490336 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 2102272] [Window size scaling factor: 256] Checksum: 0xbc9c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000706000 seconds] [Time since previous frame in this TCP stream: 0.000071000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 83] [Bytes sent since last PSH flag: 83] TCP payload (83 bytes) Hypertext Transfer Protocol CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n [Expert Info (Chat/Sequence): CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n] [CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: CONNECT Request URI: ens.rest.gti.mcafee.com:443 Request Version: HTTP/1.1 Host: ens.rest.gti.mcafee.com:443\r\n \r\n [Full request URI: ens.rest.gti.mcafee.com:443] [HTTP request 1/1] [Response in frame: 195] No. Time Source Destination Protocol Length Info 194 2.308162 134.188.4.7 134.188.170.175 TCP 60 81 → 57756 [ACK] Seq=1 Ack=84 Win=29200 Len=0 Frame 194: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.054981000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.054981000 seconds [Time delta from previous captured frame: 0.000803000 seconds] [Time delta from previous displayed frame: 0.000803000 seconds] [Time since reference or first frame: 2.308162000 seconds] Frame Number: 194 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xd534 (54580) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xad6c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 1, Ack: 84, Len: 0 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3535490336 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 84 (relative ack number) Acknowledgment number (raw): 2321276791 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x6b84 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.001509000 seconds] [Time since previous frame in this TCP stream: 0.000803000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 193] [The RTT to ACK the segment was: 0.000803000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 195 2.311443 134.188.4.7 134.188.170.175 HTTP 93 HTTP/1.0 200 Connection established Frame 195: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.058262000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.058262000 seconds [Time delta from previous captured frame: 0.003281000 seconds] [Time delta from previous displayed frame: 0.003281000 seconds] [Time since reference or first frame: 2.311443000 seconds] Frame Number: 195 Frame Length: 93 bytes (744 bits) Capture Length: 93 bytes (744 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 79 Identification: 0xd535 (54581) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xad44 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 1, Ack: 84, Len: 39 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 39] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3535490336 [Next Sequence Number: 40 (relative sequence number)] Acknowledgment Number: 84 (relative ack number) Acknowledgment number (raw): 2321276791 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x619d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.004790000 seconds] [Time since previous frame in this TCP stream: 0.003281000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 39] [Bytes sent since last PSH flag: 39] TCP payload (39 bytes) Hypertext Transfer Protocol HTTP/1.0 200 Connection established\r\n [Expert Info (Chat/Sequence): HTTP/1.0 200 Connection established\r\n] [HTTP/1.0 200 Connection established\r\n] [Severity level: Chat] [Group: Sequence] Response Version: HTTP/1.0 Status Code: 200 [Status Code Description: OK] Response Phrase: Connection established \r\n [HTTP response 1/1] [Time since request: 0.004084000 seconds] [Request in frame: 193] [Request URI: ens.rest.gti.mcafee.com:443] No. Time Source Destination Protocol Length Info 196 2.311647 134.188.170.175 134.188.4.7 TLSv1.2 262 Client Hello Frame 196: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.058466000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.058466000 seconds [Time delta from previous captured frame: 0.000204000 seconds] [Time delta from previous displayed frame: 0.000204000 seconds] [Time since reference or first frame: 2.311647000 seconds] Frame Number: 196 Frame Length: 262 bytes (2096 bits) Capture Length: 262 bytes (2096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 248 Identification: 0x8716 (34582) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 84, Ack: 40, Len: 208 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 208] Sequence Number: 84 (relative sequence number) Sequence Number (raw): 2321276791 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 40 (relative ack number) Acknowledgment number (raw): 3535490375 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 2102272] [Window size scaling factor: 256] Checksum: 0xbd19 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.004994000 seconds] [Time since previous frame in this TCP stream: 0.000204000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 195] [The RTT to ACK the segment was: 0.000204000 seconds] [iRTT: 0.000635000 seconds] [Bytes in flight: 208] [Bytes sent since last PSH flag: 208] TCP payload (208 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 203 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 199 Version: TLS 1.2 (0x0303) Random: 6399996364e1712c8e5eee7fbd8a2044ff3cf87494d17d74ff640dee4358a9da GMT Unix Time: Dec 14, 2022 10:37:39.000000000 W. Europe Standard Time Random Bytes: 64e1712c8e5eee7fbd8a2044ff3cf87494d17d74ff640dee4358a9da Session ID Length: 0 Cipher Suites Length: 38 Cipher Suites (19 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 120 Extension: server_name (len=28) Type: server_name (0) Length: 28 Server Name Indication extension Server Name list length: 26 Server Name Type: host_name (0) Server Name length: 23 Server Name: ens.rest.gti.mcafee.com Extension: status_request (len=5) Type: status_request (5) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: supported_groups (len=8) Type: supported_groups (10) Length: 8 Supported Groups List Length: 6 Supported Groups (3 groups) Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018) Extension: ec_point_formats (len=2) Type: ec_point_formats (11) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms (len=26) Type: signature_algorithms (13) Length: 26 Signature Hash Algorithms Length: 24 Signature Hash Algorithms (12 algorithms) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: SM2 (4) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: SHA1 DSA (0x0202) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Extension: session_ticket (len=0) Type: session_ticket (35) Length: 0 Data (0 bytes) Extension: application_layer_protocol_negotiation (len=14) Type: application_layer_protocol_negotiation (16) Length: 14 ALPN Extension Length: 12 ALPN Protocol ALPN string length: 2 ALPN Next Protocol: h2 ALPN string length: 8 ALPN Next Protocol: http/1.1 Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 [JA3 Fullstring: 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0] [JA3: 28a2c9bd18a11de089ef85a160da29e4] No. Time Source Destination Protocol Length Info 197 2.343296 134.188.4.7 134.188.170.175 TCP 60 81 → 57756 [ACK] Seq=40 Ack=292 Win=29200 Len=0 Frame 197: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.090115000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.090115000 seconds [Time delta from previous captured frame: 0.031649000 seconds] [Time delta from previous displayed frame: 0.031649000 seconds] [Time since reference or first frame: 2.343296000 seconds] Frame Number: 197 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xd536 (54582) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xad6a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 40, Ack: 292, Len: 0 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 40 (relative sequence number) Sequence Number (raw): 3535490375 [Next Sequence Number: 40 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 2321276999 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x6a8d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.036643000 seconds] [Time since previous frame in this TCP stream: 0.031649000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 196] [The RTT to ACK the segment was: 0.031649000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 198 2.355274 134.188.4.7 134.188.170.175 TLSv1.2 1514 Server Hello Frame 198: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.102093000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.102093000 seconds [Time delta from previous captured frame: 0.011978000 seconds] [Time delta from previous displayed frame: 0.011978000 seconds] [Time since reference or first frame: 2.355274000 seconds] Frame Number: 198 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0xd537 (54583) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xa7b5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 40, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 40 (relative sequence number) Sequence Number (raw): 3535490375 [Next Sequence Number: 1500 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 2321276999 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x8706 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.048621000 seconds] [Time since previous frame in this TCP stream: 0.011978000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 1460] [Bytes sent since last PSH flag: 1460] TCP payload (1460 bytes) [Reassembled PDU in frame: 203] TCP segment data (1394 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 61 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 57 Version: TLS 1.2 (0x0303) Random: 002009d00457715c02648aa90378d3c9595737c530e8298930707ebdf8d6e277 GMT Unix Time: Jan 25, 1970 08:14:24.000000000 W. Europe Standard Time Random Bytes: 0457715c02648aa90378d3c9595737c530e8298930707ebdf8d6e277 Session ID Length: 0 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Compression Method: null (0) Extensions Length: 17 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Extension: ec_point_formats (len=4) Type: ec_point_formats (11) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: session_ticket (len=0) Type: session_ticket (35) Length: 0 Data (0 bytes) [JA3S Fullstring: 771,49200,65281-11-35] [JA3S: e35df3e00ca4ef31d42b34bebaa2f86e] No. Time Source Destination Protocol Length Info 199 2.355311 134.188.4.7 134.188.170.175 TCP 1514 81 → 57756 [ACK] Seq=1500 Ack=292 Win=29200 Len=1460 [TCP segment of a reassembled PDU] Frame 199: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.102130000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.102130000 seconds [Time delta from previous captured frame: 0.000037000 seconds] [Time delta from previous displayed frame: 0.000037000 seconds] [Time since reference or first frame: 2.355311000 seconds] Frame Number: 199 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0xd538 (54584) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xa7b4 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 1500, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 1500 (relative sequence number) Sequence Number (raw): 3535491835 [Next Sequence Number: 2960 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 2321276999 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x8543 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.048658000 seconds] [Time since previous frame in this TCP stream: 0.000037000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 2920] [Bytes sent since last PSH flag: 2920] TCP payload (1460 bytes) [Reassembled PDU in frame: 203] TCP segment data (1460 bytes) No. Time Source Destination Protocol Length Info 200 2.355322 134.188.170.175 134.188.4.7 TCP 54 57756 → 81 [ACK] Seq=292 Ack=2960 Win=2102272 Len=0 Frame 200: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.102141000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.102141000 seconds [Time delta from previous captured frame: 0.000011000 seconds] [Time delta from previous displayed frame: 0.000011000 seconds] [Time since reference or first frame: 2.355322000 seconds] Frame Number: 200 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8717 (34583) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 292, Ack: 2960, Len: 0 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 2321276999 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 2960 (relative ack number) Acknowledgment number (raw): 3535493295 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8212 [Calculated window size: 2102272] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.048669000 seconds] [Time since previous frame in this TCP stream: 0.000011000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 199] [The RTT to ACK the segment was: 0.000011000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 201 2.355891 134.188.4.7 134.188.170.175 TCP 1230 81 → 57756 [PSH, ACK] Seq=2960 Ack=292 Win=29200 Len=1176 [TCP segment of a reassembled PDU] Frame 201: 1230 bytes on wire (9840 bits), 1230 bytes captured (9840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.102710000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.102710000 seconds [Time delta from previous captured frame: 0.000569000 seconds] [Time delta from previous displayed frame: 0.000569000 seconds] [Time since reference or first frame: 2.355891000 seconds] Frame Number: 201 Frame Length: 1230 bytes (9840 bits) Capture Length: 1230 bytes (9840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1216 Identification: 0xd539 (54585) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xa8cf [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 2960, Ack: 292, Len: 1176 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1176] Sequence Number: 2960 (relative sequence number) Sequence Number (raw): 3535493295 [Next Sequence Number: 4136 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 2321276999 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x3460 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.049238000 seconds] [Time since previous frame in this TCP stream: 0.000569000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 1176] [Bytes sent since last PSH flag: 4096] TCP payload (1176 bytes) [Reassembled PDU in frame: 203] TCP segment data (1176 bytes) No. Time Source Destination Protocol Length Info 202 2.356737 134.188.4.7 134.188.170.175 TCP 1514 81 → 57756 [ACK] Seq=4136 Ack=292 Win=29200 Len=1460 [TCP segment of a reassembled PDU] Frame 202: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.103556000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.103556000 seconds [Time delta from previous captured frame: 0.000846000 seconds] [Time delta from previous displayed frame: 0.000846000 seconds] [Time since reference or first frame: 2.356737000 seconds] Frame Number: 202 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0xd53a (54586) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xa7b2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 4136, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 4136 (relative sequence number) Sequence Number (raw): 3535494471 [Next Sequence Number: 5596 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 2321276999 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xf6da [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.050084000 seconds] [Time since previous frame in this TCP stream: 0.000846000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 2636] [Bytes sent since last PSH flag: 1460] TCP payload (1460 bytes) [Reassembled PDU in frame: 203] TCP segment data (1460 bytes) No. Time Source Destination Protocol Length Info 203 2.356737 134.188.4.7 134.188.170.175 TLSv1.2 1428 Certificate, Server Key Exchange, Server Hello Done Frame 203: 1428 bytes on wire (11424 bits), 1428 bytes captured (11424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.103556000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.103556000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 2.356737000 seconds] Frame Number: 203 Frame Length: 1428 bytes (11424 bits) Capture Length: 1428 bytes (11424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame [truncated]: eth:ethertype:ip:tcp:http:tls:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509ce:x509ce:x509ce:x509sat:x509sat:x509sat:x509ce:x509ce:x509ce:x509ce:pkix1implicit:x] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1414 Identification: 0xd53b (54587) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xa807 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 5596, Ack: 292, Len: 1374 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1374] Sequence Number: 5596 (relative sequence number) Sequence Number (raw): 3535495931 [Next Sequence Number: 6970 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 2321276999 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x7d1a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.050084000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 4010] [Bytes sent since last PSH flag: 2834] TCP payload (1374 bytes) TCP segment data (1027 bytes) [5 Reassembled TCP Segments (6517 bytes): #198(1394), #199(1460), #201(1176), #202(1460), #203(1027)] [Frame: 198, payload: 0-1393 (1394 bytes)] [Frame: 199, payload: 1394-2853 (1460 bytes)] [Frame: 201, payload: 2854-4029 (1176 bytes)] [Frame: 202, payload: 4030-5489 (1460 bytes)] [Frame: 203, payload: 5490-6516 (1027 bytes)] [Segment count: 5] [Reassembled TCP length: 6517] [Reassembled TCP Data: 16030319700b00196c0019690005a7308205a33082048ba00302010202142c3e08082e04…] Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Certificate Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 6512 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 6508 Certificates Length: 6505 Certificates (6505 bytes) Certificate Length: 1447 Certificate: 308205a33082048ba00302010202142c3e08082e0418d27bf05b81f5d99ce75167c91630… (id-at-commonName=ens.rest.gti.mcafee.com,id-at-organizationalUnitName=Enterprise,id-at-organizationName=McAfee, Inc.,id-at-stateOrProvinceName=Califo signedCertificate version: v3 (2) serialNumber: 0x2c3e08082e0418d27bf05b81f5d99ce75167c916 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B.V.,id-at-localityName=Venlo,id-at-stateOrProvinceName=Limburg,id-at RDNSequence item: 1 item (id-at-countryName=NL) RelativeDistinguishedName item (id-at-countryName=NL) Object Id: 2.5.4.6 (id-at-countryName) CountryName: NL RDNSequence item: 1 item (id-at-stateOrProvinceName=Limburg) RelativeDistinguishedName item (id-at-stateOrProvinceName=Limburg) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Limburg RDNSequence item: 1 item (id-at-localityName=Venlo) RelativeDistinguishedName item (id-at-localityName=Venlo) Object Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Venlo RDNSequence item: 1 item (id-at-organizationName=Canon Production Printing Netherlands B.V.) RelativeDistinguishedName item (id-at-organizationName=Canon Production Printing Netherlands B.V.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Canon Production Printing Netherlands B.V. RDNSequence item: 1 item (id-at-organizationalUnitName=ICS Infrastructure) RelativeDistinguishedName item (id-at-organizationalUnitName=ICS Infrastructure) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: ICS Infrastructure RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway CA) RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: McAfee Web Gateway CA validity notBefore: utcTime (0) utcTime: 2022-08-09 15:46:24 (UTC) notAfter: utcTime (0) utcTime: 2023-08-09 15:46:24 (UTC) subject: rdnSequence (0) rdnSequence: 5 items (id-at-commonName=ens.rest.gti.mcafee.com,id-at-organizationalUnitName=Enterprise,id-at-organizationName=McAfee, Inc.,id-at-stateOrProvinceName=California,id-at-countryName=US) RDNSequence item: 1 item (id-at-countryName=US) RelativeDistinguishedName item (id-at-countryName=US) Object Id: 2.5.4.6 (id-at-countryName) CountryName: US RDNSequence item: 1 item (id-at-stateOrProvinceName=California) RelativeDistinguishedName item (id-at-stateOrProvinceName=California) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: California RDNSequence item: 1 item (id-at-organizationName=McAfee, Inc.) RelativeDistinguishedName item (id-at-organizationName=McAfee, Inc.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: McAfee, Inc. RDNSequence item: 1 item (id-at-organizationalUnitName=Enterprise) RelativeDistinguishedName item (id-at-organizationalUnitName=Enterprise) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: Enterprise RDNSequence item: 1 item (id-at-commonName=ens.rest.gti.mcafee.com) RelativeDistinguishedName item (id-at-commonName=ens.rest.gti.mcafee.com) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: uTF8String (4) uTF8String: ens.rest.gti.mcafee.com subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100da9dcba890a39434019f2876d11d614a3cb65033b527229fa5220b… modulus: 0x00da9dcba890a39434019f2876d11d614a3cb65033b527229fa5220bb763a4da3ba4e5dd… publicExponent: 65537 extensions: 8 items Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) BasicConstraintsSyntax [0 length] Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 933f1819451e3e145ce4ae58d1fdc4cba75bb21f Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 9806d998332d0fc29cddbe1f5e0a6854f948f6b8 authorityCertIssuer: 1 item GeneralName: directoryName (4) directoryName: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA authorityCertSerialNumber: 0x54caff80000200001fe7 Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 5 KeyUsage: a0 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..1. .... = keyEncipherment: True ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .0.. = keyCertSign: False .... ..0. = cRLSign: False .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 1 item KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) Extension (id-ce-subjectAltName) Extension Id: 2.5.29.17 (id-ce-subjectAltName) GeneralNames: 3 items GeneralName: dNSName (2) dNSName: ens.rest.gti.mcafee.com GeneralName: dNSName (2) dNSName: *.rest.gti.mcafee.com GeneralName: dNSName (2) dNSName: rest.gti.mcafee.com Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 1 item GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://crl.mwginternal.com/crl/0/18389/8579bbc44b4fcd21e15a90745cd22bb3caf8265e/crl.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 1 item AccessDescription accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) accessLocation: 6 uniformResourceIdentifier: http://ocsp.mwginternal.com/ocsp/0/18389/8579bbc44b4fcd21e15a90745cd22bb3caf8265e algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 21c9530c1b84d65ae2d073f51161b78752c9e238b6f1464d555291727c0ce60f3cf50712… Certificate Length: 1773 Certificate: 308206e9308205d1a003020102020a54caff80000200001fe7300d06092a864886f70d01… (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B signedCertificate version: v3 (2) serialNumber: 0x54caff80000200001fe7 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA validity notBefore: utcTime (0) utcTime: 2021-10-01 11:34:04 (UTC) notAfter: utcTime (0) utcTime: 2023-10-01 11:44:04 (UTC) subject: rdnSequence (0) rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B.V.,id-at-localityName=Venlo,id-at-stateOrProvinceName=Limburg,id-at RDNSequence item: 1 item (id-at-countryName=NL) RelativeDistinguishedName item (id-at-countryName=NL) Object Id: 2.5.4.6 (id-at-countryName) CountryName: NL RDNSequence item: 1 item (id-at-stateOrProvinceName=Limburg) RelativeDistinguishedName item (id-at-stateOrProvinceName=Limburg) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Limburg RDNSequence item: 1 item (id-at-localityName=Venlo) RelativeDistinguishedName item (id-at-localityName=Venlo) Object Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Venlo RDNSequence item: 1 item (id-at-organizationName=Canon Production Printing Netherlands B.V.) RelativeDistinguishedName item (id-at-organizationName=Canon Production Printing Netherlands B.V.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Canon Production Printing Netherlands B.V. RDNSequence item: 1 item (id-at-organizationalUnitName=ICS Infrastructure) RelativeDistinguishedName item (id-at-organizationalUnitName=ICS Infrastructure) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: ICS Infrastructure RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway CA) RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: McAfee Web Gateway CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100d3e326ce455c21bf9c403538fe0604faa6aa89c8cfe5f49dfb37c7… modulus: 0x00d3e326ce455c21bf9c403538fe0604faa6aa89c8cfe5f49dfb37c75b782ad1af7b63a2… publicExponent: 65537 extensions: 9 items Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 1 item KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) Extension (id-smime-capabilities) Extension Id: 1.2.840.113549.1.9.15 (id-smime-capabilities) SMIMECapabilities: 8 items SMIMECapability rc2-cbc (128 bits) attrType: 1.2.840.113549.3.2 (rc2-cbc) RC2CBCParameters: rc2WrapParameter (0) rc2WrapParameter: 128 SMIMECapability id-alg-rc4 (128 bits) attrType: 1.2.840.113549.3.4 (id-alg-rc4) RC2CBCParameters: rc2WrapParameter (0) rc2WrapParameter: 128 SMIMECapability id-aes256-CBC attrType: 2.16.840.1.101.3.4.1.42 (id-aes256-CBC) SMIMECapability id-aes256-wrap attrType: 2.16.840.1.101.3.4.1.45 (id-aes256-wrap) SMIMECapability id-aes128-CBC attrType: 2.16.840.1.101.3.4.1.2 (id-aes128-CBC) SMIMECapability id-aes128-wrap attrType: 2.16.840.1.101.3.4.1.5 (id-aes128-wrap) SMIMECapability id-alg-des-cbc attrType: 1.3.14.3.2.7 (id-alg-des-cbc) SMIMECapability des-ede3-cbc attrType: 1.2.840.113549.3.7 (des-ede3-cbc) Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 9806d998332d0fc29cddbe1f5e0a6854f948f6b8 Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 89f7dc5ba4bbbdc4edc02858b9405171e6b157d9 Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 2 items GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Enterprise%20CA,CN=ocepki,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Enterprise%20CA.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Enterprise%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?cACertificate?base?objectClass=certificationAuthority AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Enterprise%20CA(2).crt Extension (id-ms-certificate-template-name) Extension Id: 1.3.6.1.4.1.311.20.2 (id-ms-certificate-template-name) BMPString: SubCA Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 4890c881bd785b0f5cc1dbf3ce7c1cebf8a86d9c6f5eaba4170f57e276e3c6b99e3afd09… Certificate Length: 1833 Certificate: 308207253082050da003020102020a61e38e4e000100000005300d06092a864886f70d01… (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) signedCertificate version: v3 (2) serialNumber: 0x61e38e4e000100000005 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA validity notBefore: utcTime (0) utcTime: 2016-01-14 11:51:45 (UTC) notAfter: utcTime (0) utcTime: 2026-01-14 12:01:45 (UTC) subject: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100be5cf302db1b4c47e4864d439322ff49a816fe64da5cb437ab4a80… modulus: 0x00be5cf302db1b4c47e4864d439322ff49a816fe64da5cb437ab4a8052551e49d2869d02… publicExponent: 65537 extensions: 9 items Extension (id-ms-ca-version) Extension Id: 1.3.6.1.4.1.311.21.1 (id-ms-ca-version) Integer: 2 Extension (id-ms-previous-cert-hash) Extension Id: 1.3.6.1.4.1.311.21.2 (id-ms-previous-cert-hash) OctetString: eeccbf9df7ba8cc4d2f51fd152c9816dd6ea134c Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 89f7dc5ba4bbbdc4edc02858b9405171e6b157d9 Extension (id-ms-certificate-template-name) Extension Id: 1.3.6.1.4.1.311.20.2 (id-ms-certificate-template-name) BMPString: SubCA Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 256a9ca4e229c5f38e035c1c01ae19a14094bc65 Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 2 items GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Root%20CA,CN=ocepki,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Root%20CA.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?cACertificate?base?objectClass=certificationAuthority AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Root%20CA(1).crt algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: bd7e0306f4761119f40ad71d5c02c1f44066a6d579992a6342ac9e8e3ecd1066ed9b198f… Certificate Length: 1440 Certificate: 3082059c30820384a00302010202106ba828e3411be8b546bd8b3eeb042847300d06092a… (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) signedCertificate version: v3 (2) serialNumber: 0x6ba828e3411be8b546bd8b3eeb042847 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA validity notBefore: utcTime (0) utcTime: 2004-02-20 10:59:24 (UTC) notAfter: utcTime (0) utcTime: 2036-01-14 08:26:21 (UTC) subject: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082020a0282020100defe6b966b39e9dbc96e53cd3438cc2ed8a62932f8bf9fc7e970d1… modulus: 0x00defe6b966b39e9dbc96e53cd3438cc2ed8a62932f8bf9fc7e970d1e963ecc1e48d043a… publicExponent: 65537 extensions: 5 items Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 256a9ca4e229c5f38e035c1c01ae19a14094bc65 Extension (id-ms-ca-version) Extension Id: 1.3.6.1.4.1.311.21.1 (id-ms-ca-version) Integer: 1 Extension (id-ms-previous-cert-hash) Extension Id: 1.3.6.1.4.1.311.21.2 (id-ms-previous-cert-hash) OctetString: 4a0613d3ff0a3c885ffabf5a2cf865a2d7edd1a8 algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: a817bf98035b3d463eb8c52c87bf940e51a61d9df04a1dc34c3ef54efd8a591ccfeefd35… Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 333 Handshake Protocol: Server Key Exchange Handshake Type: Server Key Exchange (12) Length: 329 EC Diffie-Hellman Server Params Curve Type: named_curve (0x03) Named Curve: secp256r1 (0x0017) Pubkey Length: 65 Pubkey: 049f6684686295b3170b1d28bb92b9acd64eb32f0a19014b26a0dbbbae965e9cbc589757… Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Length: 256 Signature: a8f2e3ee3c623e7eb5d5b985b569c9cc8080c7d381b0274ab37693a90fbf574f53f50baa… TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 4 Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 No. Time Source Destination Protocol Length Info 204 2.356767 134.188.170.175 134.188.4.7 TCP 54 57756 → 81 [ACK] Seq=292 Ack=6970 Win=2102272 Len=0 Frame 204: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.103586000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.103586000 seconds [Time delta from previous captured frame: 0.000030000 seconds] [Time delta from previous displayed frame: 0.000030000 seconds] [Time since reference or first frame: 2.356767000 seconds] Frame Number: 204 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8718 (34584) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 292, Ack: 6970, Len: 0 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 2321276999 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 6970 (relative ack number) Acknowledgment number (raw): 3535497305 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8212 [Calculated window size: 2102272] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.050114000 seconds] [Time since previous frame in this TCP stream: 0.000030000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 203] [The RTT to ACK the segment was: 0.000030000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 205 2.358273 134.188.170.175 134.188.4.7 TLSv1.2 180 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message Frame 205: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.105092000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.105092000 seconds [Time delta from previous captured frame: 0.001506000 seconds] [Time delta from previous displayed frame: 0.001506000 seconds] [Time since reference or first frame: 2.358273000 seconds] Frame Number: 205 Frame Length: 180 bytes (1440 bits) Capture Length: 180 bytes (1440 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 166 Identification: 0x8719 (34585) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 292, Ack: 6970, Len: 126 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 126] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 2321276999 [Next Sequence Number: 418 (relative sequence number)] Acknowledgment Number: 6970 (relative ack number) Acknowledgment number (raw): 3535497305 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8212 [Calculated window size: 2102272] [Window size scaling factor: 256] Checksum: 0xbcc7 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.051620000 seconds] [Time since previous frame in this TCP stream: 0.001506000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 126] [Bytes sent since last PSH flag: 126] TCP payload (126 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 70 Handshake Protocol: Client Key Exchange Handshake Type: Client Key Exchange (16) Length: 66 EC Diffie-Hellman Client Params Pubkey Length: 65 Pubkey: 0486a80d2b80378304a3dd781fa5a033a5802ed2dc17eef41817c0d48c4742539ec28518… TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 40 Handshake Protocol: Encrypted Handshake Message No. Time Source Destination Protocol Length Info 206 2.359191 134.188.4.7 134.188.170.175 TCP 60 81 → 57756 [ACK] Seq=6970 Ack=418 Win=29200 Len=0 Frame 206: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.106010000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.106010000 seconds [Time delta from previous captured frame: 0.000918000 seconds] [Time delta from previous displayed frame: 0.000918000 seconds] [Time since reference or first frame: 2.359191000 seconds] Frame Number: 206 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xd53c (54588) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xad64 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 6970, Ack: 418, Len: 0 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 6970 (relative sequence number) Sequence Number (raw): 3535497305 [Next Sequence Number: 6970 (relative sequence number)] Acknowledgment Number: 418 (relative ack number) Acknowledgment number (raw): 2321277125 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x4efd [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.052538000 seconds] [Time since previous frame in this TCP stream: 0.000918000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 205] [The RTT to ACK the segment was: 0.000918000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 207 2.359225 134.188.4.7 134.188.170.175 TLSv1.2 312 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message Frame 207: 312 bytes on wire (2496 bits), 312 bytes captured (2496 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.106044000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.106044000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.000034000 seconds] [Time since reference or first frame: 2.359225000 seconds] Frame Number: 207 Frame Length: 312 bytes (2496 bits) Capture Length: 312 bytes (2496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 298 Identification: 0xd53d (54589) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xac61 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 6970, Ack: 418, Len: 258 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 258] Sequence Number: 6970 (relative sequence number) Sequence Number (raw): 3535497305 [Next Sequence Number: 7228 (relative sequence number)] Acknowledgment Number: 418 (relative ack number) Acknowledgment number (raw): 2321277125 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xfa00 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.052572000 seconds] [Time since previous frame in this TCP stream: 0.000034000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 258] [Bytes sent since last PSH flag: 258] TCP payload (258 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 202 Handshake Protocol: New Session Ticket Handshake Type: New Session Ticket (4) Length: 198 TLS Session Ticket Session Ticket Lifetime Hint: 300 seconds (5 minutes) Session Ticket Length: 192 Session Ticket: 567e395e5867e9cdd391821dc7150577cc533ff9c1255d83208eca374eee786347487ba0… TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 40 Handshake Protocol: Encrypted Handshake Message No. Time Source Destination Protocol Length Info 208 2.359777 134.188.170.175 134.188.4.7 TLSv1.2 406 Application Data Frame 208: 406 bytes on wire (3248 bits), 406 bytes captured (3248 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.106596000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.106596000 seconds [Time delta from previous captured frame: 0.000552000 seconds] [Time delta from previous displayed frame: 0.000552000 seconds] [Time since reference or first frame: 2.359777000 seconds] Frame Number: 208 Frame Length: 406 bytes (3248 bits) Capture Length: 406 bytes (3248 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 392 Identification: 0x871a (34586) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 418, Ack: 7228, Len: 352 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 352] Sequence Number: 418 (relative sequence number) Sequence Number (raw): 2321277125 [Next Sequence Number: 770 (relative sequence number)] Acknowledgment Number: 7228 (relative ack number) Acknowledgment number (raw): 3535497563 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 2102016] [Window size scaling factor: 256] Checksum: 0xbda9 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.053124000 seconds] [Time since previous frame in this TCP stream: 0.000552000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 207] [The RTT to ACK the segment was: 0.000552000 seconds] [iRTT: 0.000635000 seconds] [Bytes in flight: 352] [Bytes sent since last PSH flag: 352] TCP payload (352 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 347 Encrypted Application Data: 000000000000000115e00278558774dde642f961acb669c5786c506444a210754b374c6e… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 209 2.359800 134.188.170.175 134.188.4.7 TLSv1.2 335 Application Data Frame 209: 335 bytes on wire (2680 bits), 335 bytes captured (2680 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.106619000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.106619000 seconds [Time delta from previous captured frame: 0.000023000 seconds] [Time delta from previous displayed frame: 0.000023000 seconds] [Time since reference or first frame: 2.359800000 seconds] Frame Number: 209 Frame Length: 335 bytes (2680 bits) Capture Length: 335 bytes (2680 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 321 Identification: 0x871b (34587) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 770, Ack: 7228, Len: 281 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 281] Sequence Number: 770 (relative sequence number) Sequence Number (raw): 2321277477 [Next Sequence Number: 1051 (relative sequence number)] Acknowledgment Number: 7228 (relative ack number) Acknowledgment number (raw): 3535497563 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 2102016] [Window size scaling factor: 256] Checksum: 0xbd62 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.053147000 seconds] [Time since previous frame in this TCP stream: 0.000023000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 633] [Bytes sent since last PSH flag: 281] TCP payload (281 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 276 Encrypted Application Data: 0000000000000002ddfdf64d3070cf5d6abb45981e9378a9a31e8cbd8230b563a6cc717e… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 210 2.360317 134.188.4.7 134.188.170.175 TCP 60 81 → 57756 [ACK] Seq=7228 Ack=1051 Win=31344 Len=0 Frame 210: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.107136000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.107136000 seconds [Time delta from previous captured frame: 0.000517000 seconds] [Time delta from previous displayed frame: 0.000517000 seconds] [Time since reference or first frame: 2.360317000 seconds] Frame Number: 210 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xd53e (54590) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xad62 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 7228, Ack: 1051, Len: 0 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 7228 (relative sequence number) Sequence Number (raw): 3535497563 [Next Sequence Number: 7228 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 2321277758 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x496a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.053664000 seconds] [Time since previous frame in this TCP stream: 0.000517000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 209] [The RTT to ACK the segment was: 0.000517000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 211 2.418405 134.188.4.7 134.188.170.175 TLSv1.2 584 Application Data Frame 211: 584 bytes on wire (4672 bits), 584 bytes captured (4672 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.165224000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.165224000 seconds [Time delta from previous captured frame: 0.058088000 seconds] [Time delta from previous displayed frame: 0.058088000 seconds] [Time since reference or first frame: 2.418405000 seconds] Frame Number: 211 Frame Length: 584 bytes (4672 bits) Capture Length: 584 bytes (4672 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 570 Identification: 0xd53f (54591) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xab4f [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 7228, Ack: 1051, Len: 530 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 530] Sequence Number: 7228 (relative sequence number) Sequence Number (raw): 3535497563 [Next Sequence Number: 7758 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 2321277758 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0xb0b5 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.111752000 seconds] [Time since previous frame in this TCP stream: 0.058088000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 530] [Bytes sent since last PSH flag: 530] TCP payload (530 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 525 Encrypted Application Data: 96670d1eafbfb6490bc02f2821524bb6f33b2c4fb42229d1cd3a19ba9e5c42ed12cbdffc… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 212 2.418405 134.188.4.7 134.188.170.175 TLSv1.2 160 Application Data Frame 212: 160 bytes on wire (1280 bits), 160 bytes captured (1280 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.165224000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.165224000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 2.418405000 seconds] Frame Number: 212 Frame Length: 160 bytes (1280 bits) Capture Length: 160 bytes (1280 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 146 Identification: 0xd540 (54592) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xacf6 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 7758, Ack: 1051, Len: 106 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 106] Sequence Number: 7758 (relative sequence number) Sequence Number (raw): 3535498093 [Next Sequence Number: 7864 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 2321277758 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x2849 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.111752000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] [SEQ/ACK analysis] [iRTT: 0.000635000 seconds] [Bytes in flight: 636] [Bytes sent since last PSH flag: 106] TCP payload (106 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 101 Encrypted Application Data: 96670d1eafbfb64a8609f7e48d149284812eeba533cbccdeda337b13c8b4ba9bba4c5fca… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 213 2.418437 134.188.170.175 134.188.4.7 TCP 54 57756 → 81 [ACK] Seq=1051 Ack=7864 Win=2101504 Len=0 Frame 213: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.165256000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.165256000 seconds [Time delta from previous captured frame: 0.000032000 seconds] [Time delta from previous displayed frame: 0.000032000 seconds] [Time since reference or first frame: 2.418437000 seconds] Frame Number: 213 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x871c (34588) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 1051, Ack: 7864, Len: 0 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1051 (relative sequence number) Sequence Number (raw): 2321277758 [Next Sequence Number: 1051 (relative sequence number)] Acknowledgment Number: 7864 (relative ack number) Acknowledgment number (raw): 3535498199 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8209 [Calculated window size: 2101504] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.111784000 seconds] [Time since previous frame in this TCP stream: 0.000032000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 212] [The RTT to ACK the segment was: 0.000032000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 214 2.418751 134.188.170.175 134.188.4.7 TCP 54 57756 → 81 [FIN, ACK] Seq=1051 Ack=7864 Win=2101504 Len=0 Frame 214: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.165570000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.165570000 seconds [Time delta from previous captured frame: 0.000314000 seconds] [Time delta from previous displayed frame: 0.000314000 seconds] [Time since reference or first frame: 2.418751000 seconds] Frame Number: 214 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x871d (34589) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 1051, Ack: 7864, Len: 0 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1051 (relative sequence number) Sequence Number (raw): 2321277758 [Next Sequence Number: 1052 (relative sequence number)] Acknowledgment Number: 7864 (relative ack number) Acknowledgment number (raw): 3535498199 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame initiates the connection closing] [This frame initiates the connection closing] [Severity level: Note] [Group: Sequence] Window: 8209 [Calculated window size: 2101504] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.112098000 seconds] [Time since previous frame in this TCP stream: 0.000314000 seconds] No. Time Source Destination Protocol Length Info 215 2.419515 134.188.4.7 134.188.170.175 TCP 60 81 → 57756 [FIN, ACK] Seq=7864 Ack=1052 Win=31344 Len=0 Frame 215: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.166334000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.166334000 seconds [Time delta from previous captured frame: 0.000764000 seconds] [Time delta from previous displayed frame: 0.000764000 seconds] [Time since reference or first frame: 2.419515000 seconds] Frame Number: 215 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xd541 (54593) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0xad5f [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57756, Seq: 7864, Ack: 1052, Len: 0 Source Port: 81 Destination Port: 57756 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 7864 (relative sequence number) Sequence Number (raw): 3535498199 [Next Sequence Number: 7865 (relative sequence number)] Acknowledgment Number: 1052 (relative ack number) Acknowledgment number (raw): 2321277759 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame undergoes the connection closing] [This frame undergoes the connection closing] [Severity level: Note] [Group: Sequence] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x46ec [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.112862000 seconds] [Time since previous frame in this TCP stream: 0.000764000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 214] [The RTT to ACK the segment was: 0.000764000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 216 2.419549 134.188.170.175 134.188.4.7 TCP 54 57756 → 81 [ACK] Seq=1052 Ack=7865 Win=2101504 Len=0 Frame 216: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.166368000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.166368000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.000034000 seconds] [Time since reference or first frame: 2.419549000 seconds] Frame Number: 216 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x871e (34590) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57756, Dst Port: 81, Seq: 1052, Ack: 7865, Len: 0 Source Port: 57756 Destination Port: 81 [Stream index: 2] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1052 (relative sequence number) Sequence Number (raw): 2321277759 [Next Sequence Number: 1052 (relative sequence number)] Acknowledgment Number: 7865 (relative ack number) Acknowledgment number (raw): 3535498200 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8209 [Calculated window size: 2101504] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.112896000 seconds] [Time since previous frame in this TCP stream: 0.000034000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 215] [The RTT to ACK the segment was: 0.000034000 seconds] [iRTT: 0.000635000 seconds] No. Time Source Destination Protocol Length Info 217 2.419987 134.188.170.175 134.188.4.7 TCP 66 57757 → 81 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM Frame 217: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.166806000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.166806000 seconds [Time delta from previous captured frame: 0.000438000 seconds] [Time delta from previous displayed frame: 0.000438000 seconds] [Time since reference or first frame: 2.419987000 seconds] Frame Number: 217 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x871f (34591) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 0, Len: 0 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 1154869776 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 0 Acknowledgment number (raw): 0 1000 .... = Header Length: 32 bytes (8) Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 81] [Connection establish request (SYN): server port 81] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window: 64240 [Calculated window size: 64240] Checksum: 0xbc55 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 8 (multiply by 256) Kind: Window Scale (3) Length: 3 Shift count: 8 [Multiplier: 256] TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 [Timestamps] [Time since first frame in this TCP stream: 0.000000000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] No. Time Source Destination Protocol Length Info 218 2.420760 134.188.4.7 134.188.170.175 TCP 66 81 → 57757 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM WS=4 Frame 218: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.167579000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.167579000 seconds [Time delta from previous captured frame: 0.000773000 seconds] [Time delta from previous displayed frame: 0.000773000 seconds] [Time since reference or first frame: 2.420760000 seconds] Frame Number: 218 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x0000 (0) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x8295 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 0, Ack: 1, Len: 0 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 3437069584 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 1154869777 1000 .... = Header Length: 32 bytes (8) Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 81] [Connection establish acknowledge (SYN+ACK): server port 81] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window: 29200 [Calculated window size: 29200] Checksum: 0xde02 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 2 (multiply by 4) Kind: Window Scale (3) Length: 3 Shift count: 2 [Multiplier: 4] [Timestamps] [Time since first frame in this TCP stream: 0.000773000 seconds] [Time since previous frame in this TCP stream: 0.000773000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 217] [The RTT to ACK the segment was: 0.000773000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 219 2.420803 134.188.170.175 134.188.4.7 TCP 54 57757 → 81 [ACK] Seq=1 Ack=1 Win=262656 Len=0 Frame 219: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.167622000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.167622000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000043000 seconds] [Time since reference or first frame: 2.420803000 seconds] Frame Number: 219 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8720 (34592) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 1, Ack: 1, Len: 0 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1154869777 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3437069585 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000816000 seconds] [Time since previous frame in this TCP stream: 0.000043000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 218] [The RTT to ACK the segment was: 0.000043000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 220 2.420871 134.188.170.175 134.188.4.7 HTTP 137 CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1 Frame 220: 137 bytes on wire (1096 bits), 137 bytes captured (1096 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.167690000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.167690000 seconds [Time delta from previous captured frame: 0.000068000 seconds] [Time delta from previous displayed frame: 0.000068000 seconds] [Time since reference or first frame: 2.420871000 seconds] Frame Number: 220 Frame Length: 137 bytes (1096 bits) Capture Length: 137 bytes (1096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 123 Identification: 0x8721 (34593) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 1, Ack: 1, Len: 83 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 83] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1154869777 [Next Sequence Number: 84 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3437069585 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc9c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000884000 seconds] [Time since previous frame in this TCP stream: 0.000068000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 83] [Bytes sent since last PSH flag: 83] TCP payload (83 bytes) Hypertext Transfer Protocol CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n [Expert Info (Chat/Sequence): CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n] [CONNECT ens.rest.gti.mcafee.com:443 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: CONNECT Request URI: ens.rest.gti.mcafee.com:443 Request Version: HTTP/1.1 Host: ens.rest.gti.mcafee.com:443\r\n \r\n [Full request URI: ens.rest.gti.mcafee.com:443] [HTTP request 1/1] [Response in frame: 222] No. Time Source Destination Protocol Length Info 221 2.421418 134.188.4.7 134.188.170.175 TCP 60 81 → 57757 [ACK] Seq=1 Ack=84 Win=29200 Len=0 Frame 221: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.168237000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.168237000 seconds [Time delta from previous captured frame: 0.000547000 seconds] [Time delta from previous displayed frame: 0.000547000 seconds] [Time since reference or first frame: 2.421418000 seconds] Frame Number: 221 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1d0e (7438) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x6593 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 1, Ack: 84, Len: 0 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3437069585 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 84 (relative ack number) Acknowledgment number (raw): 1154869860 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x7409 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.001431000 seconds] [Time since previous frame in this TCP stream: 0.000547000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 220] [The RTT to ACK the segment was: 0.000547000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 222 2.423960 134.188.4.7 134.188.170.175 HTTP 93 HTTP/1.0 200 Connection established Frame 222: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.170779000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.170779000 seconds [Time delta from previous captured frame: 0.002542000 seconds] [Time delta from previous displayed frame: 0.002542000 seconds] [Time since reference or first frame: 2.423960000 seconds] Frame Number: 222 Frame Length: 93 bytes (744 bits) Capture Length: 93 bytes (744 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 79 Identification: 0x1d0f (7439) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x656b [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 1, Ack: 84, Len: 39 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 39] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3437069585 [Next Sequence Number: 40 (relative sequence number)] Acknowledgment Number: 84 (relative ack number) Acknowledgment number (raw): 1154869860 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x6a22 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.003973000 seconds] [Time since previous frame in this TCP stream: 0.002542000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 39] [Bytes sent since last PSH flag: 39] TCP payload (39 bytes) Hypertext Transfer Protocol HTTP/1.0 200 Connection established\r\n [Expert Info (Chat/Sequence): HTTP/1.0 200 Connection established\r\n] [HTTP/1.0 200 Connection established\r\n] [Severity level: Chat] [Group: Sequence] Response Version: HTTP/1.0 Status Code: 200 [Status Code Description: OK] Response Phrase: Connection established \r\n [HTTP response 1/1] [Time since request: 0.003089000 seconds] [Request in frame: 220] [Request URI: ens.rest.gti.mcafee.com:443] No. Time Source Destination Protocol Length Info 223 2.424173 134.188.170.175 134.188.4.7 TLSv1.2 262 Client Hello Frame 223: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.170992000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.170992000 seconds [Time delta from previous captured frame: 0.000213000 seconds] [Time delta from previous displayed frame: 0.000213000 seconds] [Time since reference or first frame: 2.424173000 seconds] Frame Number: 223 Frame Length: 262 bytes (2096 bits) Capture Length: 262 bytes (2096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 248 Identification: 0x8722 (34594) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 84, Ack: 40, Len: 208 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 208] Sequence Number: 84 (relative sequence number) Sequence Number (raw): 1154869860 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 40 (relative ack number) Acknowledgment number (raw): 3437069624 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbd19 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.004186000 seconds] [Time since previous frame in this TCP stream: 0.000213000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 222] [The RTT to ACK the segment was: 0.000213000 seconds] [iRTT: 0.000816000 seconds] [Bytes in flight: 208] [Bytes sent since last PSH flag: 208] TCP payload (208 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 203 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 199 Version: TLS 1.2 (0x0303) Random: 63999963a5a2810b965e99a346e151910f584c970625d5062bc3fa11a6d27017 GMT Unix Time: Dec 14, 2022 10:37:39.000000000 W. Europe Standard Time Random Bytes: a5a2810b965e99a346e151910f584c970625d5062bc3fa11a6d27017 Session ID Length: 0 Cipher Suites Length: 38 Cipher Suites (19 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 120 Extension: server_name (len=28) Type: server_name (0) Length: 28 Server Name Indication extension Server Name list length: 26 Server Name Type: host_name (0) Server Name length: 23 Server Name: ens.rest.gti.mcafee.com Extension: status_request (len=5) Type: status_request (5) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: supported_groups (len=8) Type: supported_groups (10) Length: 8 Supported Groups List Length: 6 Supported Groups (3 groups) Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018) Extension: ec_point_formats (len=2) Type: ec_point_formats (11) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms (len=26) Type: signature_algorithms (13) Length: 26 Signature Hash Algorithms Length: 24 Signature Hash Algorithms (12 algorithms) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: SM2 (4) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: SHA1 DSA (0x0202) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Extension: session_ticket (len=0) Type: session_ticket (35) Length: 0 Data (0 bytes) Extension: application_layer_protocol_negotiation (len=14) Type: application_layer_protocol_negotiation (16) Length: 14 ALPN Extension Length: 12 ALPN Protocol ALPN string length: 2 ALPN Next Protocol: h2 ALPN string length: 8 ALPN Next Protocol: http/1.1 Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 [JA3 Fullstring: 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0] [JA3: 28a2c9bd18a11de089ef85a160da29e4] No. Time Source Destination Protocol Length Info 224 2.424745 ProCurve_ae:14:2e Spanning-tree-(for-bridges)_00 STP 119 MST. Root = 32768/0/00:1b:3f:59:00:00 Cost = 1 Port = 0x80d2 Frame 224: 119 bytes on wire (952 bits), 119 bytes captured (952 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.171564000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.171564000 seconds [Time delta from previous captured frame: 0.000572000 seconds] [Time delta from previous displayed frame: 0.000572000 seconds] [Time since reference or first frame: 2.424745000 seconds] Frame Number: 224 Frame Length: 119 bytes (952 bits) Capture Length: 119 bytes (952 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:llc:stp] [Coloring Rule Name: Broadcast] [Coloring Rule String: eth[0] & 1] IEEE 802.3 Ethernet Destination: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) Address: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) Address: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Length: 105 Logical-Link Control DSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = IG Bit: Individual SSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = CR Bit: Command Control field: U, func=UI (0x03) 000. 00.. = Command: Unnumbered Information (0x00) .... ..11 = Frame type: Unnumbered frame (0x3) Spanning Tree Protocol Protocol Identifier: Spanning Tree Protocol (0x0000) Protocol Version Identifier: Multiple Spanning Tree (3) BPDU Type: Rapid/Multiple Spanning Tree (0x02) BPDU flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated 0... .... = Topology Change Acknowledgment: No .1.. .... = Agreement: Yes ..1. .... = Forwarding: Yes ...1 .... = Learning: Yes .... 11.. = Port Role: Designated (3) .... ..0. = Proposal: No .... ...0 = Topology Change: No Root Identifier: 32768 / 0 / 00:1b:3f:59:00:00 Root Bridge Priority: 32768 Root Bridge System ID Extension: 0 Root Bridge System ID: ProCurve_59:00:00 (00:1b:3f:59:00:00) Root Path Cost: 1 Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 Bridge Priority: 32768 Bridge System ID Extension: 0 Bridge System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) Port identifier: 0x80d2 Message Age: 1 Max Age: 20 Hello Time: 2 Forward Delay: 15 Version 1 Length: 0 Version 3 Length: 64 MST Extension MST Config ID format selector: 0 MST Config name: 001b3fae0400 MST Config revision: 0 MST Config digest: ac36177f50283cd4b83821d8ab26de62 CIST Internal Root Path Cost: 0 CIST Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 CIST Bridge Priority: 32768 CIST Bridge Identifier System ID Extension: 0 CIST Bridge Identifier System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) CIST Remaining hops: 20 No. Time Source Destination Protocol Length Info 225 2.463357 134.188.4.7 134.188.170.175 TCP 60 81 → 57757 [ACK] Seq=40 Ack=292 Win=29200 Len=0 Frame 225: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.210176000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.210176000 seconds [Time delta from previous captured frame: 0.038612000 seconds] [Time delta from previous displayed frame: 0.038612000 seconds] [Time since reference or first frame: 2.463357000 seconds] Frame Number: 225 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1d10 (7440) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x6591 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 40, Ack: 292, Len: 0 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 40 (relative sequence number) Sequence Number (raw): 3437069624 [Next Sequence Number: 40 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 1154870068 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x7312 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.043370000 seconds] [Time since previous frame in this TCP stream: 0.039184000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 223] [The RTT to ACK the segment was: 0.039184000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 226 2.470089 134.188.4.7 134.188.170.175 TLSv1.2 1514 Server Hello Frame 226: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.216908000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.216908000 seconds [Time delta from previous captured frame: 0.006732000 seconds] [Time delta from previous displayed frame: 0.006732000 seconds] [Time since reference or first frame: 2.470089000 seconds] Frame Number: 226 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0x1d11 (7441) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x5fdc [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 40, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 40 (relative sequence number) Sequence Number (raw): 3437069624 [Next Sequence Number: 1500 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 1154870068 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xdf2e [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.050102000 seconds] [Time since previous frame in this TCP stream: 0.006732000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 1460] [Bytes sent since last PSH flag: 1460] TCP payload (1460 bytes) [Reassembled PDU in frame: 231] TCP segment data (1394 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 61 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 57 Version: TLS 1.2 (0x0303) Random: cb0006932ba80af4231a6b1def832145a6720f278106490f879aa04cbf0aa8db GMT Unix Time: Dec 3, 2077 18:02:11.000000000 W. Europe Standard Time Random Bytes: 2ba80af4231a6b1def832145a6720f278106490f879aa04cbf0aa8db Session ID Length: 0 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Compression Method: null (0) Extensions Length: 17 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Extension: ec_point_formats (len=4) Type: ec_point_formats (11) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: session_ticket (len=0) Type: session_ticket (35) Length: 0 Data (0 bytes) [JA3S Fullstring: 771,49200,65281-11-35] [JA3S: e35df3e00ca4ef31d42b34bebaa2f86e] No. Time Source Destination Protocol Length Info 227 2.470130 134.188.4.7 134.188.170.175 TCP 1514 81 → 57757 [ACK] Seq=1500 Ack=292 Win=29200 Len=1460 [TCP segment of a reassembled PDU] Frame 227: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.216949000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.216949000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.000041000 seconds] [Time since reference or first frame: 2.470130000 seconds] Frame Number: 227 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0x1d12 (7442) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x5fdb [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 1500, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 1500 (relative sequence number) Sequence Number (raw): 3437071084 [Next Sequence Number: 2960 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 1154870068 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x8dc8 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.050143000 seconds] [Time since previous frame in this TCP stream: 0.000041000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 2920] [Bytes sent since last PSH flag: 2920] TCP payload (1460 bytes) [Reassembled PDU in frame: 231] TCP segment data (1460 bytes) No. Time Source Destination Protocol Length Info 228 2.470130 134.188.4.7 134.188.170.175 TCP 1230 81 → 57757 [PSH, ACK] Seq=2960 Ack=292 Win=29200 Len=1176 [TCP segment of a reassembled PDU] Frame 228: 1230 bytes on wire (9840 bits), 1230 bytes captured (9840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.216949000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.216949000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 2.470130000 seconds] Frame Number: 228 Frame Length: 1230 bytes (9840 bits) Capture Length: 1230 bytes (9840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1216 Identification: 0x1d13 (7443) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x60f6 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 2960, Ack: 292, Len: 1176 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1176] Sequence Number: 2960 (relative sequence number) Sequence Number (raw): 3437072544 [Next Sequence Number: 4136 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 1154870068 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x3ce5 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.050143000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 4096] [Bytes sent since last PSH flag: 4096] TCP payload (1176 bytes) [Reassembled PDU in frame: 231] TCP segment data (1176 bytes) No. Time Source Destination Protocol Length Info 229 2.470149 134.188.170.175 134.188.4.7 TCP 54 57757 → 81 [ACK] Seq=292 Ack=4136 Win=262656 Len=0 Frame 229: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.216968000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.216968000 seconds [Time delta from previous captured frame: 0.000019000 seconds] [Time delta from previous displayed frame: 0.000019000 seconds] [Time since reference or first frame: 2.470149000 seconds] Frame Number: 229 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8723 (34595) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 292, Ack: 4136, Len: 0 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 1154870068 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 4136 (relative ack number) Acknowledgment number (raw): 3437073720 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.050162000 seconds] [Time since previous frame in this TCP stream: 0.000019000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 228] [The RTT to ACK the segment was: 0.000019000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 230 2.471549 134.188.4.7 134.188.170.175 TCP 1514 81 → 57757 [ACK] Seq=4136 Ack=292 Win=29200 Len=1460 [TCP segment of a reassembled PDU] Frame 230: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.218368000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.218368000 seconds [Time delta from previous captured frame: 0.001400000 seconds] [Time delta from previous displayed frame: 0.001400000 seconds] [Time since reference or first frame: 2.471549000 seconds] Frame Number: 230 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0x1d14 (7444) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x5fd9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 4136, Ack: 292, Len: 1460 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1460] Sequence Number: 4136 (relative sequence number) Sequence Number (raw): 3437073720 [Next Sequence Number: 5596 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 1154870068 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xff5f [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.051562000 seconds] [Time since previous frame in this TCP stream: 0.001400000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 1460] [Bytes sent since last PSH flag: 1460] TCP payload (1460 bytes) [Reassembled PDU in frame: 231] TCP segment data (1460 bytes) No. Time Source Destination Protocol Length Info 231 2.471549 134.188.4.7 134.188.170.175 TLSv1.2 1428 Certificate, Server Key Exchange, Server Hello Done Frame 231: 1428 bytes on wire (11424 bits), 1428 bytes captured (11424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.218368000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.218368000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 2.471549000 seconds] Frame Number: 231 Frame Length: 1428 bytes (11424 bits) Capture Length: 1428 bytes (11424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame [truncated]: eth:ethertype:ip:tcp:http:tls:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509ce:x509ce:x509ce:x509sat:x509sat:x509sat:x509ce:x509ce:x509ce:x509ce:pkix1implicit:x] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1414 Identification: 0x1d15 (7445) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x602e [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 5596, Ack: 292, Len: 1374 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 1374] Sequence Number: 5596 (relative sequence number) Sequence Number (raw): 3437075180 [Next Sequence Number: 6970 (relative sequence number)] Acknowledgment Number: 292 (relative ack number) Acknowledgment number (raw): 1154870068 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xc371 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.051562000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 2834] [Bytes sent since last PSH flag: 2834] TCP payload (1374 bytes) TCP segment data (1027 bytes) [5 Reassembled TCP Segments (6517 bytes): #226(1394), #227(1460), #228(1176), #230(1460), #231(1027)] [Frame: 226, payload: 0-1393 (1394 bytes)] [Frame: 227, payload: 1394-2853 (1460 bytes)] [Frame: 228, payload: 2854-4029 (1176 bytes)] [Frame: 230, payload: 4030-5489 (1460 bytes)] [Frame: 231, payload: 5490-6516 (1027 bytes)] [Segment count: 5] [Reassembled TCP length: 6517] [Reassembled TCP Data: 16030319700b00196c0019690005a7308205a33082048ba00302010202142c3e08082e04…] Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Certificate Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 6512 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 6508 Certificates Length: 6505 Certificates (6505 bytes) Certificate Length: 1447 Certificate: 308205a33082048ba00302010202142c3e08082e0418d27bf05b81f5d99ce75167c91630… (id-at-commonName=ens.rest.gti.mcafee.com,id-at-organizationalUnitName=Enterprise,id-at-organizationName=McAfee, Inc.,id-at-stateOrProvinceName=Califo signedCertificate version: v3 (2) serialNumber: 0x2c3e08082e0418d27bf05b81f5d99ce75167c916 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B.V.,id-at-localityName=Venlo,id-at-stateOrProvinceName=Limburg,id-at RDNSequence item: 1 item (id-at-countryName=NL) RelativeDistinguishedName item (id-at-countryName=NL) Object Id: 2.5.4.6 (id-at-countryName) CountryName: NL RDNSequence item: 1 item (id-at-stateOrProvinceName=Limburg) RelativeDistinguishedName item (id-at-stateOrProvinceName=Limburg) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Limburg RDNSequence item: 1 item (id-at-localityName=Venlo) RelativeDistinguishedName item (id-at-localityName=Venlo) Object Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Venlo RDNSequence item: 1 item (id-at-organizationName=Canon Production Printing Netherlands B.V.) RelativeDistinguishedName item (id-at-organizationName=Canon Production Printing Netherlands B.V.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Canon Production Printing Netherlands B.V. RDNSequence item: 1 item (id-at-organizationalUnitName=ICS Infrastructure) RelativeDistinguishedName item (id-at-organizationalUnitName=ICS Infrastructure) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: ICS Infrastructure RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway CA) RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: McAfee Web Gateway CA validity notBefore: utcTime (0) utcTime: 2022-08-09 15:46:24 (UTC) notAfter: utcTime (0) utcTime: 2023-08-09 15:46:24 (UTC) subject: rdnSequence (0) rdnSequence: 5 items (id-at-commonName=ens.rest.gti.mcafee.com,id-at-organizationalUnitName=Enterprise,id-at-organizationName=McAfee, Inc.,id-at-stateOrProvinceName=California,id-at-countryName=US) RDNSequence item: 1 item (id-at-countryName=US) RelativeDistinguishedName item (id-at-countryName=US) Object Id: 2.5.4.6 (id-at-countryName) CountryName: US RDNSequence item: 1 item (id-at-stateOrProvinceName=California) RelativeDistinguishedName item (id-at-stateOrProvinceName=California) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: California RDNSequence item: 1 item (id-at-organizationName=McAfee, Inc.) RelativeDistinguishedName item (id-at-organizationName=McAfee, Inc.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: McAfee, Inc. RDNSequence item: 1 item (id-at-organizationalUnitName=Enterprise) RelativeDistinguishedName item (id-at-organizationalUnitName=Enterprise) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: Enterprise RDNSequence item: 1 item (id-at-commonName=ens.rest.gti.mcafee.com) RelativeDistinguishedName item (id-at-commonName=ens.rest.gti.mcafee.com) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: uTF8String (4) uTF8String: ens.rest.gti.mcafee.com subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100da9dcba890a39434019f2876d11d614a3cb65033b527229fa5220b… modulus: 0x00da9dcba890a39434019f2876d11d614a3cb65033b527229fa5220bb763a4da3ba4e5dd… publicExponent: 65537 extensions: 8 items Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) BasicConstraintsSyntax [0 length] Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 933f1819451e3e145ce4ae58d1fdc4cba75bb21f Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 9806d998332d0fc29cddbe1f5e0a6854f948f6b8 authorityCertIssuer: 1 item GeneralName: directoryName (4) directoryName: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA authorityCertSerialNumber: 0x54caff80000200001fe7 Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 5 KeyUsage: a0 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..1. .... = keyEncipherment: True ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .0.. = keyCertSign: False .... ..0. = cRLSign: False .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 1 item KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) Extension (id-ce-subjectAltName) Extension Id: 2.5.29.17 (id-ce-subjectAltName) GeneralNames: 3 items GeneralName: dNSName (2) dNSName: ens.rest.gti.mcafee.com GeneralName: dNSName (2) dNSName: *.rest.gti.mcafee.com GeneralName: dNSName (2) dNSName: rest.gti.mcafee.com Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 1 item GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://crl.mwginternal.com/crl/0/18389/8579bbc44b4fcd21e15a90745cd22bb3caf8265e/crl.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 1 item AccessDescription accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) accessLocation: 6 uniformResourceIdentifier: http://ocsp.mwginternal.com/ocsp/0/18389/8579bbc44b4fcd21e15a90745cd22bb3caf8265e algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 21c9530c1b84d65ae2d073f51161b78752c9e238b6f1464d555291727c0ce60f3cf50712… Certificate Length: 1773 Certificate: 308206e9308205d1a003020102020a54caff80000200001fe7300d06092a864886f70d01… (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B signedCertificate version: v3 (2) serialNumber: 0x54caff80000200001fe7 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA validity notBefore: utcTime (0) utcTime: 2021-10-01 11:34:04 (UTC) notAfter: utcTime (0) utcTime: 2023-10-01 11:44:04 (UTC) subject: rdnSequence (0) rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway CA,id-at-organizationalUnitName=ICS Infrastructure,id-at-organizationName=Canon Production Printing Netherlands B.V.,id-at-localityName=Venlo,id-at-stateOrProvinceName=Limburg,id-at RDNSequence item: 1 item (id-at-countryName=NL) RelativeDistinguishedName item (id-at-countryName=NL) Object Id: 2.5.4.6 (id-at-countryName) CountryName: NL RDNSequence item: 1 item (id-at-stateOrProvinceName=Limburg) RelativeDistinguishedName item (id-at-stateOrProvinceName=Limburg) Object Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Limburg RDNSequence item: 1 item (id-at-localityName=Venlo) RelativeDistinguishedName item (id-at-localityName=Venlo) Object Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Venlo RDNSequence item: 1 item (id-at-organizationName=Canon Production Printing Netherlands B.V.) RelativeDistinguishedName item (id-at-organizationName=Canon Production Printing Netherlands B.V.) Object Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Canon Production Printing Netherlands B.V. RDNSequence item: 1 item (id-at-organizationalUnitName=ICS Infrastructure) RelativeDistinguishedName item (id-at-organizationalUnitName=ICS Infrastructure) Object Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: ICS Infrastructure RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway CA) RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: McAfee Web Gateway CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100d3e326ce455c21bf9c403538fe0604faa6aa89c8cfe5f49dfb37c7… modulus: 0x00d3e326ce455c21bf9c403538fe0604faa6aa89c8cfe5f49dfb37c75b782ad1af7b63a2… publicExponent: 65537 extensions: 9 items Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 1 item KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) Extension (id-smime-capabilities) Extension Id: 1.2.840.113549.1.9.15 (id-smime-capabilities) SMIMECapabilities: 8 items SMIMECapability rc2-cbc (128 bits) attrType: 1.2.840.113549.3.2 (rc2-cbc) RC2CBCParameters: rc2WrapParameter (0) rc2WrapParameter: 128 SMIMECapability id-alg-rc4 (128 bits) attrType: 1.2.840.113549.3.4 (id-alg-rc4) RC2CBCParameters: rc2WrapParameter (0) rc2WrapParameter: 128 SMIMECapability id-aes256-CBC attrType: 2.16.840.1.101.3.4.1.42 (id-aes256-CBC) SMIMECapability id-aes256-wrap attrType: 2.16.840.1.101.3.4.1.45 (id-aes256-wrap) SMIMECapability id-aes128-CBC attrType: 2.16.840.1.101.3.4.1.2 (id-aes128-CBC) SMIMECapability id-aes128-wrap attrType: 2.16.840.1.101.3.4.1.5 (id-aes128-wrap) SMIMECapability id-alg-des-cbc attrType: 1.3.14.3.2.7 (id-alg-des-cbc) SMIMECapability des-ede3-cbc attrType: 1.2.840.113549.3.7 (des-ede3-cbc) Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 9806d998332d0fc29cddbe1f5e0a6854f948f6b8 Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 89f7dc5ba4bbbdc4edc02858b9405171e6b157d9 Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 2 items GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Enterprise%20CA,CN=ocepki,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Enterprise%20CA.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Enterprise%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?cACertificate?base?objectClass=certificationAuthority AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Enterprise%20CA(2).crt Extension (id-ms-certificate-template-name) Extension Id: 1.3.6.1.4.1.311.20.2 (id-ms-certificate-template-name) BMPString: SubCA Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 4890c881bd785b0f5cc1dbf3ce7c1cebf8a86d9c6f5eaba4170f57e276e3c6b99e3afd09… Certificate Length: 1833 Certificate: 308207253082050da003020102020a61e38e4e000100000005300d06092a864886f70d01… (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) signedCertificate version: v3 (2) serialNumber: 0x61e38e4e000100000005 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA validity notBefore: utcTime (0) utcTime: 2016-01-14 11:51:45 (UTC) notAfter: utcTime (0) utcTime: 2026-01-14 12:01:45 (UTC) subject: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Enterprise CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Enterprise CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Enterprise CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Enterprise CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100be5cf302db1b4c47e4864d439322ff49a816fe64da5cb437ab4a80… modulus: 0x00be5cf302db1b4c47e4864d439322ff49a816fe64da5cb437ab4a8052551e49d2869d02… publicExponent: 65537 extensions: 9 items Extension (id-ms-ca-version) Extension Id: 1.3.6.1.4.1.311.21.1 (id-ms-ca-version) Integer: 2 Extension (id-ms-previous-cert-hash) Extension Id: 1.3.6.1.4.1.311.21.2 (id-ms-previous-cert-hash) OctetString: eeccbf9df7ba8cc4d2f51fd152c9816dd6ea134c Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 89f7dc5ba4bbbdc4edc02858b9405171e6b157d9 Extension (id-ms-certificate-template-name) Extension Id: 1.3.6.1.4.1.311.20.2 (id-ms-certificate-template-name) BMPString: SubCA Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 256a9ca4e229c5f38e035c1c01ae19a14094bc65 Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 2 items GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Root%20CA,CN=ocepki,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Root%20CA.crl Extension (id-pe-authorityInfoAccess) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: ldap:///CN=Oce%20Corporate%20ADS%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=oce,DC=net?cACertificate?base?objectClass=certificationAuthority AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) accessLocation: 6 uniformResourceIdentifier: http://ocepki.oce.net/pki/Oce%20Corporate%20ADS%20Root%20CA(1).crt algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: bd7e0306f4761119f40ad71d5c02c1f44066a6d579992a6342ac9e8e3ecd1066ed9b198f… Certificate Length: 1440 Certificate: 3082059c30820384a00302010202106ba828e3411be8b546bd8b3eeb042847300d06092a… (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) signedCertificate version: v3 (2) serialNumber: 0x6ba828e3411be8b546bd8b3eeb042847 signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA validity notBefore: utcTime (0) utcTime: 2004-02-20 10:59:24 (UTC) notAfter: utcTime (0) utcTime: 2036-01-14 08:26:21 (UTC) subject: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=Oce Corporate ADS Root CA,dc=oce,dc=net) RDNSequence item: 1 item (dc=net) RelativeDistinguishedName item (dc=net) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: net RDNSequence item: 1 item (dc=oce) RelativeDistinguishedName item (dc=oce) Object Id: 0.9.2342.19200300.100.1.25 (dc) IA5String: oce RDNSequence item: 1 item (id-at-commonName=Oce Corporate ADS Root CA) RelativeDistinguishedName item (id-at-commonName=Oce Corporate ADS Root CA) Object Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: Oce Corporate ADS Root CA subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082020a0282020100defe6b966b39e9dbc96e53cd3438cc2ed8a62932f8bf9fc7e970d1… modulus: 0x00defe6b966b39e9dbc96e53cd3438cc2ed8a62932f8bf9fc7e970d1e963ecc1e48d043a… publicExponent: 65537 extensions: 5 items Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) Padding: 1 KeyUsage: 86 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..0. .... = keyEncipherment: False ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .1.. = keyCertSign: True .... ..1. = cRLSign: True .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax cA: True Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 256a9ca4e229c5f38e035c1c01ae19a14094bc65 Extension (id-ms-ca-version) Extension Id: 1.3.6.1.4.1.311.21.1 (id-ms-ca-version) Integer: 1 Extension (id-ms-previous-cert-hash) Extension Id: 1.3.6.1.4.1.311.21.2 (id-ms-previous-cert-hash) OctetString: 4a0613d3ff0a3c885ffabf5a2cf865a2d7edd1a8 algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: a817bf98035b3d463eb8c52c87bf940e51a61d9df04a1dc34c3ef54efd8a591ccfeefd35… Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 333 Handshake Protocol: Server Key Exchange Handshake Type: Server Key Exchange (12) Length: 329 EC Diffie-Hellman Server Params Curve Type: named_curve (0x03) Named Curve: secp256r1 (0x0017) Pubkey Length: 65 Pubkey: 049f6684686295b3170b1d28bb92b9acd64eb32f0a19014b26a0dbbbae965e9cbc589757… Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Length: 256 Signature: 639653d759fffb59120a940093c4494c7015333f9dc54b3d4b256c55bbb0c864191ee3d5… TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 4 Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 No. Time Source Destination Protocol Length Info 232 2.471578 134.188.170.175 134.188.4.7 TCP 54 57757 → 81 [ACK] Seq=292 Ack=6970 Win=262656 Len=0 Frame 232: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.218397000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.218397000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 2.471578000 seconds] Frame Number: 232 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8724 (34596) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 292, Ack: 6970, Len: 0 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 1154870068 [Next Sequence Number: 292 (relative sequence number)] Acknowledgment Number: 6970 (relative ack number) Acknowledgment number (raw): 3437076554 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.051591000 seconds] [Time since previous frame in this TCP stream: 0.000029000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 231] [The RTT to ACK the segment was: 0.000029000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 233 2.472977 134.188.170.175 134.188.4.7 TLSv1.2 180 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message Frame 233: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.219796000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.219796000 seconds [Time delta from previous captured frame: 0.001399000 seconds] [Time delta from previous displayed frame: 0.001399000 seconds] [Time since reference or first frame: 2.472977000 seconds] Frame Number: 233 Frame Length: 180 bytes (1440 bits) Capture Length: 180 bytes (1440 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 166 Identification: 0x8725 (34597) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 292, Ack: 6970, Len: 126 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 126] Sequence Number: 292 (relative sequence number) Sequence Number (raw): 1154870068 [Next Sequence Number: 418 (relative sequence number)] Acknowledgment Number: 6970 (relative ack number) Acknowledgment number (raw): 3437076554 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0xbcc7 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.052990000 seconds] [Time since previous frame in this TCP stream: 0.001399000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 126] [Bytes sent since last PSH flag: 126] TCP payload (126 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 70 Handshake Protocol: Client Key Exchange Handshake Type: Client Key Exchange (16) Length: 66 EC Diffie-Hellman Client Params Pubkey Length: 65 Pubkey: 045caaa6800b25547a430b5ea932ffdeb63fd5d30ee595d3350a110abbd1230f3664f903… TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 40 Handshake Protocol: Encrypted Handshake Message No. Time Source Destination Protocol Length Info 234 2.474210 134.188.4.7 134.188.170.175 TCP 60 81 → 57757 [ACK] Seq=6970 Ack=418 Win=29200 Len=0 Frame 234: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.221029000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.221029000 seconds [Time delta from previous captured frame: 0.001233000 seconds] [Time delta from previous displayed frame: 0.001233000 seconds] [Time since reference or first frame: 2.474210000 seconds] Frame Number: 234 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1d16 (7446) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x658b [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 6970, Ack: 418, Len: 0 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 6970 (relative sequence number) Sequence Number (raw): 3437076554 [Next Sequence Number: 6970 (relative sequence number)] Acknowledgment Number: 418 (relative ack number) Acknowledgment number (raw): 1154870194 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0x5782 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.054223000 seconds] [Time since previous frame in this TCP stream: 0.001233000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 233] [The RTT to ACK the segment was: 0.001233000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 235 2.474528 134.188.4.7 134.188.170.175 TLSv1.2 312 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message Frame 235: 312 bytes on wire (2496 bits), 312 bytes captured (2496 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.221347000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.221347000 seconds [Time delta from previous captured frame: 0.000318000 seconds] [Time delta from previous displayed frame: 0.000318000 seconds] [Time since reference or first frame: 2.474528000 seconds] Frame Number: 235 Frame Length: 312 bytes (2496 bits) Capture Length: 312 bytes (2496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 298 Identification: 0x1d17 (7447) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x6488 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 6970, Ack: 418, Len: 258 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 258] Sequence Number: 6970 (relative sequence number) Sequence Number (raw): 3437076554 [Next Sequence Number: 7228 (relative sequence number)] Acknowledgment Number: 418 (relative ack number) Acknowledgment number (raw): 1154870194 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7300 [Calculated window size: 29200] [Window size scaling factor: 4] Checksum: 0xf833 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.054541000 seconds] [Time since previous frame in this TCP stream: 0.000318000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 258] [Bytes sent since last PSH flag: 258] TCP payload (258 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 202 Handshake Protocol: New Session Ticket Handshake Type: New Session Ticket (4) Length: 198 TLS Session Ticket Session Ticket Lifetime Hint: 300 seconds (5 minutes) Session Ticket Length: 192 Session Ticket: 567e395e5867e9cdd391821dc71505779374135844359f0f2bab36e62d55f3586f07e96a… TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 40 Handshake Protocol: Encrypted Handshake Message No. Time Source Destination Protocol Length Info 236 2.475029 134.188.170.175 134.188.4.7 TLSv1.2 406 Application Data Frame 236: 406 bytes on wire (3248 bits), 406 bytes captured (3248 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.221848000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.221848000 seconds [Time delta from previous captured frame: 0.000501000 seconds] [Time delta from previous displayed frame: 0.000501000 seconds] [Time since reference or first frame: 2.475029000 seconds] Frame Number: 236 Frame Length: 406 bytes (3248 bits) Capture Length: 406 bytes (3248 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 392 Identification: 0x8726 (34598) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 418, Ack: 7228, Len: 352 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 352] Sequence Number: 418 (relative sequence number) Sequence Number (raw): 1154870194 [Next Sequence Number: 770 (relative sequence number)] Acknowledgment Number: 7228 (relative ack number) Acknowledgment number (raw): 3437076812 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1025 [Calculated window size: 262400] [Window size scaling factor: 256] Checksum: 0xbda9 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.055042000 seconds] [Time since previous frame in this TCP stream: 0.000501000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 235] [The RTT to ACK the segment was: 0.000501000 seconds] [iRTT: 0.000816000 seconds] [Bytes in flight: 352] [Bytes sent since last PSH flag: 352] TCP payload (352 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 347 Encrypted Application Data: 00000000000000018cf8bf89489efa7958b7735504b8c153da8a06f45c5ba2747b23e1d7… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 237 2.475051 134.188.170.175 134.188.4.7 TLSv1.2 335 Application Data Frame 237: 335 bytes on wire (2680 bits), 335 bytes captured (2680 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.221870000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.221870000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.000022000 seconds] [Time since reference or first frame: 2.475051000 seconds] Frame Number: 237 Frame Length: 335 bytes (2680 bits) Capture Length: 335 bytes (2680 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 321 Identification: 0x8727 (34599) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 770, Ack: 7228, Len: 281 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 281] Sequence Number: 770 (relative sequence number) Sequence Number (raw): 1154870546 [Next Sequence Number: 1051 (relative sequence number)] Acknowledgment Number: 7228 (relative ack number) Acknowledgment number (raw): 3437076812 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1025 [Calculated window size: 262400] [Window size scaling factor: 256] Checksum: 0xbd62 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.055064000 seconds] [Time since previous frame in this TCP stream: 0.000022000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 633] [Bytes sent since last PSH flag: 281] TCP payload (281 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 276 Encrypted Application Data: 0000000000000002126be36bd175f8fd2f07a753f5433ebcce55f4e0719efc4f2199f3c6… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 238 2.475808 134.188.4.7 134.188.170.175 TCP 60 81 → 57757 [ACK] Seq=7228 Ack=1051 Win=31344 Len=0 Frame 238: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.222627000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.222627000 seconds [Time delta from previous captured frame: 0.000757000 seconds] [Time delta from previous displayed frame: 0.000757000 seconds] [Time since reference or first frame: 2.475808000 seconds] Frame Number: 238 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1d18 (7448) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x6589 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 7228, Ack: 1051, Len: 0 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 7228 (relative sequence number) Sequence Number (raw): 3437076812 [Next Sequence Number: 7228 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 1154870827 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x51ef [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.055821000 seconds] [Time since previous frame in this TCP stream: 0.000757000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 237] [The RTT to ACK the segment was: 0.000757000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 239 2.544472 134.188.4.7 134.188.170.175 TLSv1.2 584 Application Data Frame 239: 584 bytes on wire (4672 bits), 584 bytes captured (4672 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.291291000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.291291000 seconds [Time delta from previous captured frame: 0.068664000 seconds] [Time delta from previous displayed frame: 0.068664000 seconds] [Time since reference or first frame: 2.544472000 seconds] Frame Number: 239 Frame Length: 584 bytes (4672 bits) Capture Length: 584 bytes (4672 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 570 Identification: 0x1d19 (7449) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x6376 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 7228, Ack: 1051, Len: 530 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 530] Sequence Number: 7228 (relative sequence number) Sequence Number (raw): 3437076812 [Next Sequence Number: 7758 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 1154870827 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x1473 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.124485000 seconds] [Time since previous frame in this TCP stream: 0.068664000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 530] [Bytes sent since last PSH flag: 530] TCP payload (530 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 525 Encrypted Application Data: 0e732cb51ae1cab94df60532d992ee1f7ef7b096fee0c6414afb3402c8fb21a132f3f3b4… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 240 2.544745 134.188.4.7 134.188.170.175 TLSv1.2 160 Application Data Frame 240: 160 bytes on wire (1280 bits), 160 bytes captured (1280 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.291564000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.291564000 seconds [Time delta from previous captured frame: 0.000273000 seconds] [Time delta from previous displayed frame: 0.000273000 seconds] [Time since reference or first frame: 2.544745000 seconds] Frame Number: 240 Frame Length: 160 bytes (1280 bits) Capture Length: 160 bytes (1280 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:tls] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 146 Identification: 0x1d1a (7450) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x651d [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 7758, Ack: 1051, Len: 106 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 106] Sequence Number: 7758 (relative sequence number) Sequence Number (raw): 3437077342 [Next Sequence Number: 7864 (relative sequence number)] Acknowledgment Number: 1051 (relative ack number) Acknowledgment number (raw): 1154870827 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0xa04c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.124758000 seconds] [Time since previous frame in this TCP stream: 0.000273000 seconds] [SEQ/ACK analysis] [iRTT: 0.000816000 seconds] [Bytes in flight: 636] [Bytes sent since last PSH flag: 106] TCP payload (106 bytes) Hypertext Transfer Protocol [Proxy-Connect-Hostname: ens.rest.gti.mcafee.com] [Proxy-Connect-Port: 443] Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 101 Encrypted Application Data: 0e732cb51ae1cabac71e27ba34ccad956d0554861ec4e7fb07b8eaf42f6fe46644735638… [Application Data Protocol: Hypertext Transfer Protocol] No. Time Source Destination Protocol Length Info 241 2.544783 134.188.170.175 134.188.4.7 TCP 54 57757 → 81 [ACK] Seq=1051 Ack=7864 Win=261888 Len=0 Frame 241: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.291602000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.291602000 seconds [Time delta from previous captured frame: 0.000038000 seconds] [Time delta from previous displayed frame: 0.000038000 seconds] [Time since reference or first frame: 2.544783000 seconds] Frame Number: 241 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8728 (34600) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 1051, Ack: 7864, Len: 0 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1051 (relative sequence number) Sequence Number (raw): 1154870827 [Next Sequence Number: 1051 (relative sequence number)] Acknowledgment Number: 7864 (relative ack number) Acknowledgment number (raw): 3437077448 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1023 [Calculated window size: 261888] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.124796000 seconds] [Time since previous frame in this TCP stream: 0.000038000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 240] [The RTT to ACK the segment was: 0.000038000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 242 2.544807 134.188.170.175 134.188.4.7 TCP 54 57757 → 81 [FIN, ACK] Seq=1051 Ack=7864 Win=261888 Len=0 Frame 242: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.291626000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.291626000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 2.544807000 seconds] Frame Number: 242 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8729 (34601) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 1051, Ack: 7864, Len: 0 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1051 (relative sequence number) Sequence Number (raw): 1154870827 [Next Sequence Number: 1052 (relative sequence number)] Acknowledgment Number: 7864 (relative ack number) Acknowledgment number (raw): 3437077448 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame initiates the connection closing] [This frame initiates the connection closing] [Severity level: Note] [Group: Sequence] Window: 1023 [Calculated window size: 261888] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.124820000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 243 2.545665 134.188.4.7 134.188.170.175 TCP 60 81 → 57757 [FIN, ACK] Seq=7864 Ack=1052 Win=31344 Len=0 Frame 243: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.292484000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.292484000 seconds [Time delta from previous captured frame: 0.000858000 seconds] [Time delta from previous displayed frame: 0.000858000 seconds] [Time since reference or first frame: 2.545665000 seconds] Frame Number: 243 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.4.7, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1d1b (7451) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 60 Protocol: TCP (6) Header Checksum: 0x6586 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.4.7 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 81, Dst Port: 57757, Seq: 7864, Ack: 1052, Len: 0 Source Port: 81 Destination Port: 57757 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 7864 (relative sequence number) Sequence Number (raw): 3437077448 [Next Sequence Number: 7865 (relative sequence number)] Acknowledgment Number: 1052 (relative ack number) Acknowledgment number (raw): 1154870828 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame undergoes the connection closing] [This frame undergoes the connection closing] [Severity level: Note] [Group: Sequence] Window: 7836 [Calculated window size: 31344] [Window size scaling factor: 4] Checksum: 0x4f71 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.125678000 seconds] [Time since previous frame in this TCP stream: 0.000858000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 242] [The RTT to ACK the segment was: 0.000858000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 244 2.545713 134.188.170.175 134.188.4.7 TCP 54 57757 → 81 [ACK] Seq=1052 Ack=7865 Win=261888 Len=0 Frame 244: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.292532000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.292532000 seconds [Time delta from previous captured frame: 0.000048000 seconds] [Time delta from previous displayed frame: 0.000048000 seconds] [Time since reference or first frame: 2.545713000 seconds] Frame Number: 244 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.4.7 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x872a (34602) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.4.7 Transmission Control Protocol, Src Port: 57757, Dst Port: 81, Seq: 1052, Ack: 7865, Len: 0 Source Port: 57757 Destination Port: 81 [Stream index: 3] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1052 (relative sequence number) Sequence Number (raw): 1154870828 [Next Sequence Number: 1052 (relative sequence number)] Acknowledgment Number: 7865 (relative ack number) Acknowledgment number (raw): 3437077449 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1023 [Calculated window size: 261888] [Window size scaling factor: 256] Checksum: 0xbc49 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.125726000 seconds] [Time since previous frame in this TCP stream: 0.000048000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 243] [The RTT to ACK the segment was: 0.000048000 seconds] [iRTT: 0.000816000 seconds] No. Time Source Destination Protocol Length Info 245 2.789608 134.188.170.185 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 245: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.536427000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.536427000 seconds [Time delta from previous captured frame: 0.243895000 seconds] [Time delta from previous displayed frame: 0.243895000 seconds] [Time since reference or first frame: 2.789608000 seconds] Frame Number: 245 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) Address: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.185, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x00a5 (165) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x970d [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.185 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 63155, Dst Port: 1900 Source Port: 63155 Destination Port: 1900 Length: 183 Checksum: 0x5d55 [unverified] [Checksum Status: Unverified] [Stream index: 3] [Timestamps] [Time since first frame: 1.022729000 seconds] [Time since previous frame: 1.022729000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.42 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 2/4] [Prev request in frame: 93] [Next request in frame: 302] No. Time Source Destination Protocol Length Info 246 2.914782 134.188.170.103 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1 Frame 246: 216 bytes on wire (1728 bits), 216 bytes captured (1728 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.661601000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.661601000 seconds [Time delta from previous captured frame: 0.125174000 seconds] [Time delta from previous displayed frame: 0.125174000 seconds] [Time since reference or first frame: 2.914782000 seconds] Frame Number: 246 Frame Length: 216 bytes (1728 bits) Capture Length: 216 bytes (1728 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 202 Identification: 0x9041 (36929) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07c4 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64230, Dst Port: 1900 Source Port: 64230 Destination Port: 1900 Length: 182 Checksum: 0xd654 [unverified] [Checksum Status: Unverified] [Stream index: 4] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (174 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Google Chrome/108.0.5359.99 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 1/4] [Next request in frame: 309] No. Time Source Destination Protocol Length Info 247 2.959537 134.188.170.103 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 247: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.706356000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.706356000 seconds [Time delta from previous captured frame: 0.044755000 seconds] [Time delta from previous displayed frame: 0.044755000 seconds] [Time since reference or first frame: 2.959537000 seconds] Frame Number: 247 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x9042 (36930) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07c2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64233, Dst Port: 1900 Source Port: 64233 Destination Port: 1900 Length: 183 Checksum: 0x5571 [unverified] [Checksum Status: Unverified] [Stream index: 5] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.46 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 1/4] [Next request in frame: 310] No. Time Source Destination Protocol Length Info 248 3.066159 134.188.170.175 134.188.170.174 TLSv1.2 105 Application Data Frame 248: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.812978000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.812978000 seconds [Time delta from previous captured frame: 0.106622000 seconds] [Time delta from previous displayed frame: 0.106622000 seconds] [Time since reference or first frame: 3.066159000 seconds] Frame Number: 248 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0xdb08 (56072) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 103, Ack: 1247, Len: 51 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 51] Sequence Number: 103 (relative sequence number) Sequence Number (raw): 1607889453 [Next Sequence Number: 154 (relative sequence number)] Acknowledgment Number: 1247 (relative ack number) Acknowledgment number (raw): 3951498809 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 63547 [Calculated window size: 63547] [Window size scaling factor: -1 (unknown)] Checksum: 0x6324 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 3.066159000 seconds] [Time since previous frame in this TCP stream: 0.770465000 seconds] [SEQ/ACK analysis] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] TCP payload (51 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 46 Encrypted Application Data: 000000000000165bb1ca9b465e0f8a4afc4e940fa2be2c84b1df55d250aea23f66f48bb4… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 249 3.066301 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 249: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.813120000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.813120000 seconds [Time delta from previous captured frame: 0.000142000 seconds] [Time delta from previous displayed frame: 0.000142000 seconds] [Time since reference or first frame: 3.066301000 seconds] Frame Number: 249 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb09 (56073) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.058877000 seconds] [Time since previous frame: 0.788516000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c092 ReceiveWindowSize: 11954 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 030305ff00000000000028fdaf517874 snResetSeqNum: 0x6b7748c7 No. Time Source Destination Protocol Length Info 250 3.066329 134.188.170.175 134.188.170.174 RDPUDP 359 CORRELATIONID,AOA Frame 250: 359 bytes on wire (2872 bits), 359 bytes captured (2872 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.813148000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.813148000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 3.066329000 seconds] Frame Number: 250 Frame Length: 359 bytes (2872 bits) Capture Length: 359 bytes (2872 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 345 Identification: 0xdb0a (56074) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 325 Checksum: 0x642d [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.058905000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (317 bytes) UDP Remote Desktop Protocol snSourceAck: 0xa704c093 ReceiveWindowSize: 11955 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: e0d1ea2cf1be836307abe67ced036f2e snResetSeqNum: 0x44d69d34 No. Time Source Destination Protocol Length Info 251 3.069557 134.188.170.174 134.188.170.175 RDPUDP 212 CORRELATIONID Frame 251: 212 bytes on wire (1696 bits), 212 bytes captured (1696 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.816376000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.816376000 seconds [Time delta from previous captured frame: 0.003228000 seconds] [Time delta from previous displayed frame: 0.003228000 seconds] [Time since reference or first frame: 3.069557000 seconds] Frame Number: 251 Frame Length: 212 bytes (1696 bits) Capture Length: 212 bytes (1696 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 198 Identification: 0x1e06 (7686) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb94a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 178 Checksum: 0x8120 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.062133000 seconds] [Time since previous frame: 0.003228000 seconds] UDP payload (170 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbd05c093 ReceiveWindowSize: 11923 Flags: 0x2ee0, CN, CWR, Syn lossy, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 020168a610c80f170303009600000000 No. Time Source Destination Protocol Length Info 252 3.092855 134.188.170.175 134.188.170.174 RDPUDP 56 SYNEX Frame 252: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.839674000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.839674000 seconds [Time delta from previous captured frame: 0.023298000 seconds] [Time delta from previous displayed frame: 0.023298000 seconds] [Time since reference or first frame: 3.092855000 seconds] Frame Number: 252 Frame Length: 56 bytes (448 bits) Capture Length: 56 bytes (448 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 42 Identification: 0xdb0b (56075) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 22 Checksum: 0x62fe [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.085431000 seconds] [Time since previous frame: 0.023298000 seconds] UDP payload (14 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbe41c1a6 ReceiveWindowSize: 4172 Flags: 0x14e0, CN, CWR, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1700 .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 253 3.123361 134.188.170.174 134.188.170.175 TCP 60 52728 → 3389 [ACK] Seq=1247 Ack=154 Win=8211 Len=0 Frame 253: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.870180000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.870180000 seconds [Time delta from previous captured frame: 0.030506000 seconds] [Time delta from previous displayed frame: 0.030506000 seconds] [Time since reference or first frame: 3.123361000 seconds] Frame Number: 253 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1e07 (7687) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79f2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1247, Ack: 154, Len: 0 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1247 (relative sequence number) Sequence Number (raw): 3951498809 [Next Sequence Number: 1247 (relative sequence number)] Acknowledgment Number: 154 (relative ack number) Acknowledgment number (raw): 1607889504 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x7dbd [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 3.123361000 seconds] [Time since previous frame in this TCP stream: 0.057202000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 248] [The RTT to ACK the segment was: 0.057202000 seconds] No. Time Source Destination Protocol Length Info 254 3.165743 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 254: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.912562000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.912562000 seconds [Time delta from previous captured frame: 0.042382000 seconds] [Time delta from previous displayed frame: 0.042382000 seconds] [Time since reference or first frame: 3.165743000 seconds] Frame Number: 254 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb0c (56076) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158319000 seconds] [Time since previous frame: 0.072888000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c094 ReceiveWindowSize: 11956 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000028fe289ea016 snResetSeqNum: 0x2ed6a39d No. Time Source Destination Protocol Length Info 255 3.165793 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 255: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.912612000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.912612000 seconds [Time delta from previous captured frame: 0.000050000 seconds] [Time delta from previous displayed frame: 0.000050000 seconds] [Time since reference or first frame: 3.165793000 seconds] Frame Number: 255 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb0d (56077) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158369000 seconds] [Time since previous frame: 0.000050000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x5204c095 ReceiveWindowSize: 11957 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: bf88aa9b67d5ce3d46c4b23f89b23da5 snResetSeqNum: 0x07c546d7 No. Time Source Destination Protocol Length Info 256 3.165891 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 256: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.912710000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.912710000 seconds [Time delta from previous captured frame: 0.000098000 seconds] [Time delta from previous displayed frame: 0.000098000 seconds] [Time since reference or first frame: 3.165891000 seconds] Frame Number: 256 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb0e (56078) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158467000 seconds] [Time since previous frame: 0.000098000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6704c096 ReceiveWindowSize: 11958 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: c582239bc0119fc65517e76c0303ac0d snResetSeqNum: 0x44fe44a7 No. Time Source Destination Protocol Length Info 257 3.165922 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 257: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.912741000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.912741000 seconds [Time delta from previous captured frame: 0.000031000 seconds] [Time delta from previous displayed frame: 0.000031000 seconds] [Time since reference or first frame: 3.165922000 seconds] Frame Number: 257 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb0f (56079) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158498000 seconds] [Time since previous frame: 0.000031000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x4a04c097 ReceiveWindowSize: 11959 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: d181ff010ce333f56431c8395cfd4d20 snResetSeqNum: 0x8e536c61 No. Time Source Destination Protocol Length Info 258 3.165969 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 258: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.912788000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.912788000 seconds [Time delta from previous captured frame: 0.000047000 seconds] [Time delta from previous displayed frame: 0.000047000 seconds] [Time since reference or first frame: 3.165969000 seconds] Frame Number: 258 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb10 (56080) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158545000 seconds] [Time since previous frame: 0.000047000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6a04c098 ReceiveWindowSize: 11960 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 40c9b2086aff7c9db1eef6415f0c5fd0 snResetSeqNum: 0xb5a0f55a No. Time Source Destination Protocol Length Info 259 3.166037 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 259: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.912856000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.912856000 seconds [Time delta from previous captured frame: 0.000068000 seconds] [Time delta from previous displayed frame: 0.000068000 seconds] [Time since reference or first frame: 3.166037000 seconds] Frame Number: 259 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb11 (56081) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158613000 seconds] [Time since previous frame: 0.000068000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0104c099 ReceiveWindowSize: 11961 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: abd820a32a1a9b3a3735c97a88ffcdc4 snResetSeqNum: 0x0a0fa986 No. Time Source Destination Protocol Length Info 260 3.166096 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 260: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.912915000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.912915000 seconds [Time delta from previous captured frame: 0.000059000 seconds] [Time delta from previous displayed frame: 0.000059000 seconds] [Time since reference or first frame: 3.166096000 seconds] Frame Number: 260 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb12 (56082) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158672000 seconds] [Time since previous frame: 0.000059000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x9504c09a ReceiveWindowSize: 11962 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 825ee7ce1d8c04e8312a33772fdb1109 snResetSeqNum: 0x81c07a69 No. Time Source Destination Protocol Length Info 261 3.166184 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 261: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.913003000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.913003000 seconds [Time delta from previous captured frame: 0.000088000 seconds] [Time delta from previous displayed frame: 0.000088000 seconds] [Time since reference or first frame: 3.166184000 seconds] Frame Number: 261 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb13 (56083) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158760000 seconds] [Time since previous frame: 0.000088000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc204c09b ReceiveWindowSize: 11963 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 573e6642a0c240428203617c03d86679 snResetSeqNum: 0x413203fd No. Time Source Destination Protocol Length Info 262 3.166212 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 262: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.913031000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.913031000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 3.166212000 seconds] Frame Number: 262 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb14 (56084) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158788000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x3f04c09c ReceiveWindowSize: 11964 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: bac95816a9b878ecf0b692ea9804754f snResetSeqNum: 0x4a587876 No. Time Source Destination Protocol Length Info 263 3.166237 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 263: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.913056000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.913056000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.000025000 seconds] [Time since reference or first frame: 3.166237000 seconds] Frame Number: 263 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb15 (56085) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158813000 seconds] [Time since previous frame: 0.000025000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0d04c09d ReceiveWindowSize: 11965 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 8a8ad1421291fc695d44be5cb501c384 snResetSeqNum: 0xcf6438ad No. Time Source Destination Protocol Length Info 264 3.166258 134.188.170.175 134.188.170.174 RDPUDP 1143 CORRELATIONID,AOA Frame 264: 1143 bytes on wire (9144 bits), 1143 bytes captured (9144 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.913077000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.913077000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 3.166258000 seconds] Frame Number: 264 Frame Length: 1143 bytes (9144 bits) Capture Length: 1143 bytes (9144 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1129 Identification: 0xdb16 (56086) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1109 Checksum: 0x673d [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.158834000 seconds] [Time since previous frame: 0.000021000 seconds] UDP payload (1101 bytes) UDP Remote Desktop Protocol snSourceAck: 0x3804c09e ReceiveWindowSize: 11966 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 1845d826cdc5be1ee8c20cecf1931000 snResetSeqNum: 0xe94b767e No. Time Source Destination Protocol Length Info 265 3.183256 134.188.170.174 134.188.170.175 RDPUDP 62 [Malformed Packet] Frame 265: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:39.930075000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010659.930075000 seconds [Time delta from previous captured frame: 0.016998000 seconds] [Time delta from previous displayed frame: 0.016998000 seconds] [Time since reference or first frame: 3.183256000 seconds] Frame Number: 265 Frame Length: 62 bytes (496 bits) Capture Length: 62 bytes (496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 48 Identification: 0x1e08 (7688) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9de [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 28 Checksum: 0xa821 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.175832000 seconds] [Time since previous frame: 0.016998000 seconds] UDP payload (20 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbd01c09e ReceiveWindowSize: 11950 Flags: 0x8fe0, CN, CWR, Ack of Acks, Syn lossy, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 266 3.260591 134.188.170.1 224.0.0.18 VRRP 60 Announcement (v2) Frame 266: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.007410000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.007410000 seconds [Time delta from previous captured frame: 0.077335000 seconds] [Time delta from previous displayed frame: 0.077335000 seconds] [Time since reference or first frame: 3.260591000 seconds] Frame Number: 266 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:vrrp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: IPv4mcast_12 (01:00:5e:00:00:12) Destination: IPv4mcast_12 (01:00:5e:00:00:12) Address: IPv4mcast_12 (01:00:5e:00:00:12) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.18 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0000 (0) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 255 Protocol: VRRP (112) Header Checksum: 0xa9d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.18 Virtual Router Redundancy Protocol Version 2, Packet type 1 (Advertisement) 0010 .... = VRRP protocol version: 2 .... 0001 = VRRP packet type: Advertisement (1) Virtual Rtr ID: 170 Priority: 255 (This VRRP router owns the virtual router's IP address(es)) Addr Count: 1 Auth Type: No Authentication (0) Adver Int: 1 Checksum: 0xae94 [correct] [Checksum Status: Good] IP Address: 134.188.170.1 No. Time Source Destination Protocol Length Info 267 3.298070 134.188.170.175 134.188.170.174 RDPUDP 90 CORRELATIONID,AOA Frame 267: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.044889000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.044889000 seconds [Time delta from previous captured frame: 0.037479000 seconds] [Time delta from previous displayed frame: 0.037479000 seconds] [Time since reference or first frame: 3.298070000 seconds] Frame Number: 267 Frame Length: 90 bytes (720 bits) Capture Length: 90 bytes (720 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0xdb17 (56087) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 56 Checksum: 0x6320 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.290646000 seconds] [Time since previous frame: 0.114814000 seconds] UDP payload (48 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c09f ReceiveWindowSize: 11967 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 03030024000000000000290768908d15 snResetSeqNum: 0x2cf7e374 No. Time Source Destination Protocol Length Info 268 3.300258 134.188.170.174 134.188.170.175 RDPUDP 97 SYNEX Frame 268: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.047077000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.047077000 seconds [Time delta from previous captured frame: 0.002188000 seconds] [Time delta from previous displayed frame: 0.002188000 seconds] [Time since reference or first frame: 3.300258000 seconds] Frame Number: 268 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e09 (7689) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9ba [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 63 Checksum: 0xf09b [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.292834000 seconds] [Time since previous frame: 0.002188000 seconds] UDP payload (55 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbe05c09f ReceiveWindowSize: 11960 Flags: 0x10e0, CN, CWR, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0100 .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 269 3.311523 134.188.170.175 134.188.170.174 RDPUDP 53 SYNEX[Malformed Packet] Frame 269: 53 bytes on wire (424 bits), 53 bytes captured (424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.058342000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.058342000 seconds [Time delta from previous captured frame: 0.011265000 seconds] [Time delta from previous displayed frame: 0.011265000 seconds] [Time since reference or first frame: 3.311523000 seconds] Frame Number: 269 Frame Length: 53 bytes (424 bits) Capture Length: 53 bytes (424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0xdb18 (56088) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 19 Checksum: 0x62fb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.304099000 seconds] [Time since previous frame: 0.011265000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbe41c0a7 ReceiveWindowSize: 4246 Flags: 0xf5e0, CN, CWR, Ack of Acks, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0b00 .... ...0 = Version info: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 270 3.317418 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 270: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.064237000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.064237000 seconds [Time delta from previous captured frame: 0.005895000 seconds] [Time delta from previous displayed frame: 0.005895000 seconds] [Time since reference or first frame: 3.317418000 seconds] Frame Number: 270 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb19 (56089) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.309994000 seconds] [Time since previous frame: 0.005895000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0a0 ReceiveWindowSize: 11968 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000029084f3e92e2 snResetSeqNum: 0x5fa1eadb No. Time Source Destination Protocol Length Info 271 3.317460 134.188.170.175 134.188.170.174 RDPUDP 1153 CORRELATIONID,AOA Frame 271: 1153 bytes on wire (9224 bits), 1153 bytes captured (9224 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.064279000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.064279000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000042000 seconds] [Time since reference or first frame: 3.317460000 seconds] Frame Number: 271 Frame Length: 1153 bytes (9224 bits) Capture Length: 1153 bytes (9224 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1139 Identification: 0xdb1a (56090) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1119 Checksum: 0x6747 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.310036000 seconds] [Time since previous frame: 0.000042000 seconds] UDP payload (1111 bytes) UDP Remote Desktop Protocol snSourceAck: 0x7b04c0a1 ReceiveWindowSize: 11969 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: e56e7daf7965af0d2ca358cc270674eb snResetSeqNum: 0x181bb787 No. Time Source Destination Protocol Length Info 272 3.333695 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 272: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.080514000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.080514000 seconds [Time delta from previous captured frame: 0.016235000 seconds] [Time delta from previous displayed frame: 0.016235000 seconds] [Time since reference or first frame: 3.333695000 seconds] Frame Number: 272 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1e0a (7690) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9e5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0x6e92 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.326271000 seconds] [Time since previous frame: 0.016235000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbe01c0a1 ReceiveWindowSize: 11959 Flags: 0x23e0, CN, CWR, Ack of Acks, Syn lossy .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 273 3.632218 134.188.170.175 10.95.5.43 TCP 66 57760 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM Frame 273: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.379037000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.379037000 seconds [Time delta from previous captured frame: 0.298523000 seconds] [Time delta from previous displayed frame: 0.298523000 seconds] [Time since reference or first frame: 3.632218000 seconds] Frame Number: 273 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x8b0c (35596) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57760, Dst Port: 80, Seq: 0, Len: 0 Source Port: 57760 Destination Port: 80 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 3810818521 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 0 Acknowledgment number (raw): 0 1000 .... = Header Length: 32 bytes (8) Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] [Connection establish request (SYN): server port 80] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window: 64240 [Calculated window size: 64240] Checksum: 0x411c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 8 (multiply by 256) Kind: Window Scale (3) Length: 3 Shift count: 8 [Multiplier: 256] TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 [Timestamps] [Time since first frame in this TCP stream: 0.000000000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] No. Time Source Destination Protocol Length Info 274 3.649961 10.95.5.43 134.188.170.175 TCP 66 80 → 57760 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM WS=4 Frame 274: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.396780000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.396780000 seconds [Time delta from previous captured frame: 0.017743000 seconds] [Time delta from previous displayed frame: 0.017743000 seconds] [Time since reference or first frame: 3.649961000 seconds] Frame Number: 274 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x0000 (0) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xfea6 [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57760, Seq: 0, Ack: 1, Len: 0 Source Port: 80 Destination Port: 57760 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 2179156554 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3810818522 1000 .... = Header Length: 32 bytes (8) Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 80] [Connection establish acknowledge (SYN+ACK): server port 80] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window: 14600 [Calculated window size: 14600] Checksum: 0xe9ea [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 2 (multiply by 4) Kind: Window Scale (3) Length: 3 Shift count: 2 [Multiplier: 4] [Timestamps] [Time since first frame in this TCP stream: 0.017743000 seconds] [Time since previous frame in this TCP stream: 0.017743000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 273] [The RTT to ACK the segment was: 0.017743000 seconds] [iRTT: 0.017823000 seconds] No. Time Source Destination Protocol Length Info 275 3.650041 134.188.170.175 10.95.5.43 TCP 54 57760 → 80 [ACK] Seq=1 Ack=1 Win=262656 Len=0 Frame 275: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.396860000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.396860000 seconds [Time delta from previous captured frame: 0.000080000 seconds] [Time delta from previous displayed frame: 0.000080000 seconds] [Time since reference or first frame: 3.650041000 seconds] Frame Number: 275 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8b0d (35597) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57760, Dst Port: 80, Seq: 1, Ack: 1, Len: 0 Source Port: 57760 Destination Port: 80 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3810818522 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 2179156555 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0x4110 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.017823000 seconds] [Time since previous frame in this TCP stream: 0.000080000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 274] [The RTT to ACK the segment was: 0.000080000 seconds] [iRTT: 0.017823000 seconds] No. Time Source Destination Protocol Length Info 276 3.658827 134.188.170.175 10.95.5.43 HTTP 417 GET /crumbIssuer/api/xml?xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29 HTTP/1.1 Frame 276: 417 bytes on wire (3336 bits), 417 bytes captured (3336 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.405646000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.405646000 seconds [Time delta from previous captured frame: 0.008786000 seconds] [Time delta from previous displayed frame: 0.008786000 seconds] [Time since reference or first frame: 3.658827000 seconds] Frame Number: 276 Frame Length: 417 bytes (3336 bits) Capture Length: 417 bytes (3336 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 403 Identification: 0x8b0e (35598) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57760, Dst Port: 80, Seq: 1, Ack: 1, Len: 363 Source Port: 57760 Destination Port: 80 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 363] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3810818522 [Next Sequence Number: 364 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 2179156555 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0x427b [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.026609000 seconds] [Time since previous frame in this TCP stream: 0.008786000 seconds] [SEQ/ACK analysis] [iRTT: 0.017823000 seconds] [Bytes in flight: 363] [Bytes sent since last PSH flag: 363] TCP payload (363 bytes) Hypertext Transfer Protocol GET /crumbIssuer/api/xml?xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29 HTTP/1.1\r\n [Expert Info (Chat/Sequence): GET /crumbIssuer/api/xml?xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29 HTTP/1.1\r\n] [GET /crumbIssuer/api/xml?xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: GET Request URI: /crumbIssuer/api/xml?xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29 Request URI Path: /crumbIssuer/api/xml Request URI Query: xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29 Request URI Query Parameter: xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29 Request Version: HTTP/1.1 Connection: Upgrade, HTTP2-Settings\r\n Content-Length: 0\r\n [Content length: 0] Host: cp-www527.gos.oce.net\r\n HTTP2-Settings: AAEAAEAAAAIAAAABAAMAAABkAAQBAAAAAAUAAEAA\r\n Settings - Header table size : 16384 Settings Identifier: Header table size (1) Header table size: 16384 Settings - Enable PUSH : 1 Settings Identifier: Enable PUSH (2) Enable PUSH: 1 Settings - Max concurrent streams : 100 Settings Identifier: Max concurrent streams (3) Max concurrent streams: 100 Settings - Initial Windows size : 16777216 Settings Identifier: Initial Windows size (4) Initial Windows Size: 16777216 Settings - Max frame size : 16384 Settings Identifier: Max frame size (5) Max frame size: 16384 Upgrade: h2c\r\n User-Agent: Java-http-client/11.0.11\r\n Authorization: Basic b3ZsLXN2Yy1lbWJlZGRlZC1iYTpuJDY3RDUkZA==\r\n Credentials: : \r\n [Full request URI: http://cp-www527.gos.oce.net/crumbIssuer/api/xml?xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29] [HTTP request 1/1] [Response in frame: 280] No. Time Source Destination Protocol Length Info 277 3.659146 10.95.5.43 134.188.170.175 TCP 60 80 → 57760 [ACK] Seq=1 Ack=364 Win=15672 Len=0 Frame 277: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.405965000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.405965000 seconds [Time delta from previous captured frame: 0.000319000 seconds] [Time delta from previous displayed frame: 0.000319000 seconds] [Time since reference or first frame: 3.659146000 seconds] Frame Number: 277 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0a53 (2643) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xf45f [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57760, Seq: 1, Ack: 364, Len: 0 Source Port: 80 Destination Port: 57760 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 2179156555 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 364 (relative ack number) Acknowledgment number (raw): 3810818885 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0x5307 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.026928000 seconds] [Time since previous frame in this TCP stream: 0.000319000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 276] [The RTT to ACK the segment was: 0.000319000 seconds] [iRTT: 0.017823000 seconds] No. Time Source Destination Protocol Length Info 278 3.661738 134.188.170.175 134.188.170.174 RDPUDP 1132 Frame 278: 1132 bytes on wire (9056 bits), 1132 bytes captured (9056 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.408557000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.408557000 seconds [Time delta from previous captured frame: 0.002592000 seconds] [Time delta from previous displayed frame: 0.002592000 seconds] [Time since reference or first frame: 3.661738000 seconds] Frame Number: 278 Frame Length: 1132 bytes (9056 bits) Capture Length: 1132 bytes (9056 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1118 Identification: 0xdb1b (56091) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1098 Checksum: 0x6732 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.654314000 seconds] [Time since previous frame: 0.328043000 seconds] UDP payload (1090 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c1e9 ReceiveWindowSize: 2048 Flags: 0xa2e0, CN, CWR, Syn lossy .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 279 3.673685 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX[Malformed Packet] Frame 279: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.420504000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.420504000 seconds [Time delta from previous captured frame: 0.011947000 seconds] [Time delta from previous displayed frame: 0.011947000 seconds] [Time since reference or first frame: 3.673685000 seconds] Frame Number: 279 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1e0b (7691) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9e4 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0x6119 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.666261000 seconds] [Time since previous frame: 0.011947000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbf41c0a2 ReceiveWindowSize: 12016 Flags: 0x73e0, CN, CWR, Ack of Acks, Syn lossy, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x0a00 .... ...0 = Version info: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 280 3.702687 10.95.5.43 134.188.170.175 HTTP 328 HTTP/1.1 400 Bad Request (text/html) Frame 280: 328 bytes on wire (2624 bits), 328 bytes captured (2624 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.449506000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.449506000 seconds [Time delta from previous captured frame: 0.029002000 seconds] [Time delta from previous displayed frame: 0.029002000 seconds] [Time since reference or first frame: 3.702687000 seconds] Frame Number: 280 Frame Length: 328 bytes (2624 bits) Capture Length: 328 bytes (2624 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:data-text-lines] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 314 Identification: 0x0a54 (2644) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xf34c [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57760, Seq: 1, Ack: 364, Len: 274 Source Port: 80 Destination Port: 57760 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 274] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 2179156555 [Next Sequence Number: 275 (relative sequence number)] Acknowledgment Number: 364 (relative ack number) Acknowledgment number (raw): 3810818885 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0x6b39 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.070469000 seconds] [Time since previous frame in this TCP stream: 0.043541000 seconds] [SEQ/ACK analysis] [iRTT: 0.017823000 seconds] [Bytes in flight: 274] [Bytes sent since last PSH flag: 274] TCP payload (274 bytes) Hypertext Transfer Protocol HTTP/1.1 400 Bad Request\r\n [Expert Info (Chat/Sequence): HTTP/1.1 400 Bad Request\r\n] [HTTP/1.1 400 Bad Request\r\n] [Severity level: Chat] [Group: Sequence] Response Version: HTTP/1.1 Status Code: 400 [Status Code Description: Bad Request] Response Phrase: Bad Request Content-Type: text/html;charset=iso-8859-1\r\n Server: Jetty(10.0.11)\r\n X-RBT-CLI: Name=ovl-steelhead-mgt; Ver=9.9.3a;\r\n Date: Wed, 14 Dec 2022 09:37:39 GMT\r\n Connection: close\r\n Content-Length: 54\r\n [Content length: 54] \r\n [HTTP response 1/1] [Time since request: 0.043860000 seconds] [Request in frame: 276] [Request URI: http://cp-www527.gos.oce.net/crumbIssuer/api/xml?xpath=concat%28%2F%2FcrumbRequestField%2C%22%3A%22%2C%2F%2Fcrumb%29] File Data: 54 bytes Line-based text data: text/html (1 lines)

Bad Message 400

reason: Bad Request
No. Time Source Destination Protocol Length Info 281 3.702811 10.95.5.43 134.188.170.175 TCP 60 80 → 57760 [FIN, ACK] Seq=275 Ack=364 Win=15672 Len=0 Frame 281: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.449630000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.449630000 seconds [Time delta from previous captured frame: 0.000124000 seconds] [Time delta from previous displayed frame: 0.000124000 seconds] [Time since reference or first frame: 3.702811000 seconds] Frame Number: 281 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0a55 (2645) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xf45d [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57760, Seq: 275, Ack: 364, Len: 0 Source Port: 80 Destination Port: 57760 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 275 (relative sequence number) Sequence Number (raw): 2179156829 [Next Sequence Number: 276 (relative sequence number)] Acknowledgment Number: 364 (relative ack number) Acknowledgment number (raw): 3810818885 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame initiates the connection closing] [This frame initiates the connection closing] [Severity level: Note] [Group: Sequence] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0x51f4 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.070593000 seconds] [Time since previous frame in this TCP stream: 0.000124000 seconds] No. Time Source Destination Protocol Length Info 282 3.702835 134.188.170.175 10.95.5.43 TCP 54 57760 → 80 [ACK] Seq=364 Ack=276 Win=262400 Len=0 Frame 282: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.449654000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.449654000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 3.702835000 seconds] Frame Number: 282 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8b0f (35599) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57760, Dst Port: 80, Seq: 364, Ack: 276, Len: 0 Source Port: 57760 Destination Port: 80 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 364 (relative sequence number) Sequence Number (raw): 3810818885 [Next Sequence Number: 364 (relative sequence number)] Acknowledgment Number: 276 (relative ack number) Acknowledgment number (raw): 2179156830 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1025 [Calculated window size: 262400] [Window size scaling factor: 256] Checksum: 0x4110 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.070617000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 281] [The RTT to ACK the segment was: 0.000024000 seconds] [iRTT: 0.017823000 seconds] No. Time Source Destination Protocol Length Info 283 3.715558 134.188.170.175 10.95.5.43 TCP 54 57760 → 80 [FIN, ACK] Seq=364 Ack=276 Win=262400 Len=0 Frame 283: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.462377000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.462377000 seconds [Time delta from previous captured frame: 0.012723000 seconds] [Time delta from previous displayed frame: 0.012723000 seconds] [Time since reference or first frame: 3.715558000 seconds] Frame Number: 283 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8b10 (35600) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57760, Dst Port: 80, Seq: 364, Ack: 276, Len: 0 Source Port: 57760 Destination Port: 80 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 364 (relative sequence number) Sequence Number (raw): 3810818885 [Next Sequence Number: 365 (relative sequence number)] Acknowledgment Number: 276 (relative ack number) Acknowledgment number (raw): 2179156830 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame undergoes the connection closing] [This frame undergoes the connection closing] [Severity level: Note] [Group: Sequence] Window: 1025 [Calculated window size: 262400] [Window size scaling factor: 256] Checksum: 0x4110 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.083340000 seconds] [Time since previous frame in this TCP stream: 0.012723000 seconds] No. Time Source Destination Protocol Length Info 284 3.715958 10.95.5.43 134.188.170.175 TCP 60 80 → 57760 [ACK] Seq=276 Ack=365 Win=15672 Len=0 Frame 284: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.462777000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.462777000 seconds [Time delta from previous captured frame: 0.000400000 seconds] [Time delta from previous displayed frame: 0.000400000 seconds] [Time since reference or first frame: 3.715958000 seconds] Frame Number: 284 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0a56 (2646) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xf45c [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57760, Seq: 276, Ack: 365, Len: 0 Source Port: 80 Destination Port: 57760 [Stream index: 4] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 276 (relative sequence number) Sequence Number (raw): 2179156830 [Next Sequence Number: 276 (relative sequence number)] Acknowledgment Number: 365 (relative ack number) Acknowledgment number (raw): 3810818886 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0x51f3 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.083740000 seconds] [Time since previous frame in this TCP stream: 0.000400000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 283] [The RTT to ACK the segment was: 0.000400000 seconds] [iRTT: 0.017823000 seconds] No. Time Source Destination Protocol Length Info 285 3.719892 134.188.170.175 10.95.5.43 TCP 66 57761 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM Frame 285: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.466711000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.466711000 seconds [Time delta from previous captured frame: 0.003934000 seconds] [Time delta from previous displayed frame: 0.003934000 seconds] [Time since reference or first frame: 3.719892000 seconds] Frame Number: 285 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x8b11 (35601) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57761, Dst Port: 80, Seq: 0, Len: 0 Source Port: 57761 Destination Port: 80 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 975641434 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 0 Acknowledgment number (raw): 0 1000 .... = Header Length: 32 bytes (8) Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] [Connection establish request (SYN): server port 80] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window: 64240 [Calculated window size: 64240] Checksum: 0x411c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 8 (multiply by 256) Kind: Window Scale (3) Length: 3 Shift count: 8 [Multiplier: 256] TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 [Timestamps] [Time since first frame in this TCP stream: 0.000000000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds] No. Time Source Destination Protocol Length Info 286 3.726447 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 286: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.473266000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.473266000 seconds [Time delta from previous captured frame: 0.006555000 seconds] [Time delta from previous displayed frame: 0.006555000 seconds] [Time since reference or first frame: 3.726447000 seconds] Frame Number: 286 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb1c (56092) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.719023000 seconds] [Time since previous frame: 0.052762000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0a3 ReceiveWindowSize: 11971 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c000000000000290be1ad6fcf snResetSeqNum: 0x105ce3a7 No. Time Source Destination Protocol Length Info 287 3.726514 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 287: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.473333000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.473333000 seconds [Time delta from previous captured frame: 0.000067000 seconds] [Time delta from previous displayed frame: 0.000067000 seconds] [Time since reference or first frame: 3.726514000 seconds] Frame Number: 287 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb1d (56093) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.719090000 seconds] [Time since previous frame: 0.000067000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xe304c0a4 ReceiveWindowSize: 11972 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 4831465cb7ebcb2a9642140be3d9c1a9 snResetSeqNum: 0xcfd23a39 No. Time Source Destination Protocol Length Info 288 3.726543 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 288: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.473362000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.473362000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 3.726543000 seconds] Frame Number: 288 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb1e (56094) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.719119000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xda04c0a5 ReceiveWindowSize: 11973 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 2e2be4147de43d981e9172d2162f4cdb snResetSeqNum: 0x3cdc6df3 No. Time Source Destination Protocol Length Info 289 3.726587 134.188.170.175 134.188.170.174 RDPUDP 1017 CORRELATIONID,AOA Frame 289: 1017 bytes on wire (8136 bits), 1017 bytes captured (8136 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.473406000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.473406000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000044000 seconds] [Time since reference or first frame: 3.726587000 seconds] Frame Number: 289 Frame Length: 1017 bytes (8136 bits) Capture Length: 1017 bytes (8136 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1003 Identification: 0xdb1f (56095) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 983 Checksum: 0x66bf [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.719163000 seconds] [Time since previous frame: 0.000044000 seconds] UDP payload (975 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6204c0a6 ReceiveWindowSize: 11974 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 12ebd5d938b694e2877e7d0751d076bc snResetSeqNum: 0xaa5b54df No. Time Source Destination Protocol Length Info 290 3.738123 10.95.5.43 134.188.170.175 TCP 66 80 → 57761 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM WS=4 Frame 290: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.484942000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.484942000 seconds [Time delta from previous captured frame: 0.011536000 seconds] [Time delta from previous displayed frame: 0.011536000 seconds] [Time since reference or first frame: 3.738123000 seconds] Frame Number: 290 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0x0000 (0) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xfea6 [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57761, Seq: 0, Ack: 1, Len: 0 Source Port: 80 Destination Port: 57761 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 0 (relative sequence number) Sequence Number (raw): 3944376231 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 975641435 1000 .... = Header Length: 32 bytes (8) Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 80] [Connection establish acknowledge (SYN+ACK): server port 80] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window: 14600 [Calculated window size: 14600] Checksum: 0x6ad2 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 2 (multiply by 4) Kind: Window Scale (3) Length: 3 Shift count: 2 [Multiplier: 4] [Timestamps] [Time since first frame in this TCP stream: 0.018231000 seconds] [Time since previous frame in this TCP stream: 0.018231000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 285] [The RTT to ACK the segment was: 0.018231000 seconds] [iRTT: 0.018302000 seconds] No. Time Source Destination Protocol Length Info 291 3.738194 134.188.170.175 10.95.5.43 TCP 54 57761 → 80 [ACK] Seq=1 Ack=1 Win=262656 Len=0 Frame 291: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.485013000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.485013000 seconds [Time delta from previous captured frame: 0.000071000 seconds] [Time delta from previous displayed frame: 0.000071000 seconds] [Time since reference or first frame: 3.738194000 seconds] Frame Number: 291 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8b12 (35602) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57761, Dst Port: 80, Seq: 1, Ack: 1, Len: 0 Source Port: 57761 Destination Port: 80 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 975641435 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3944376232 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0x4110 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.018302000 seconds] [Time since previous frame in this TCP stream: 0.000071000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 290] [The RTT to ACK the segment was: 0.000071000 seconds] [iRTT: 0.018302000 seconds] No. Time Source Destination Protocol Length Info 292 3.739244 134.188.170.175 10.95.5.43 HTTP 557 POST /plugin/swarm/createSlave?name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExistingClients=true&keepDisconnectedClients=false HTTP/1.1 Frame 292: 557 bytes on wire (4456 bits), 557 bytes captured (4456 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.486063000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.486063000 seconds [Time delta from previous captured frame: 0.001050000 seconds] [Time delta from previous displayed frame: 0.001050000 seconds] [Time since reference or first frame: 3.739244000 seconds] Frame Number: 292 Frame Length: 557 bytes (4456 bits) Capture Length: 557 bytes (4456 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 543 Identification: 0x8b13 (35603) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57761, Dst Port: 80, Seq: 1, Ack: 1, Len: 503 Source Port: 57761 Destination Port: 80 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 503] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 975641435 [Next Sequence Number: 504 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3944376232 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 1026 [Calculated window size: 262656] [Window size scaling factor: 256] Checksum: 0x4307 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.019352000 seconds] [Time since previous frame in this TCP stream: 0.001050000 seconds] [SEQ/ACK analysis] [iRTT: 0.018302000 seconds] [Bytes in flight: 503] [Bytes sent since last PSH flag: 503] TCP payload (503 bytes) Hypertext Transfer Protocol [truncated]POST /plugin/swarm/createSlave?name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExistingClients=true&keepDisconnectedClients [ [truncated]Expert Info (Chat/Sequence): POST /plugin/swarm/createSlave?name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExistingClients] [POST /plugin/swarm/createSlave?name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExistingClients=true&keepDisconnectedClients=false HTTP/1] [Severity level: Chat] [Group: Sequence] Request Method: POST Request URI [truncated]: /plugin/swarm/createSlave?name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExistingClients=true&keepDisconnecte Request URI Path: /plugin/swarm/createSlave Request URI Query: name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExistingClients=true&keepDisconnectedClients=false Request URI Query Parameter: name=SIL000131 Request URI Query Parameter: executors=1 Request URI Query Parameter: remoteFsRoot=c%3A%5Coce%5Cjenkins Request URI Query Parameter: description=SIL000131+runs+do_not_use Request URI Query Parameter: labels=SIL000131+do_not_use Request URI Query Parameter: mode=NORMAL Request URI Query Parameter: hash= Request URI Query Parameter: deleteExistingClients=true Request URI Query Parameter: keepDisconnectedClients=false Request Version: HTTP/1.1 Connection: Upgrade, HTTP2-Settings\r\n Content-Length: 0\r\n [Content length: 0] Host: cp-www527.gos.oce.net\r\n HTTP2-Settings: AAEAAEAAAAIAAAABAAMAAABkAAQBAAAAAAUAAEAA\r\n Settings - Header table size : 16384 Settings Identifier: Header table size (1) Header table size: 16384 Settings - Enable PUSH : 1 Settings Identifier: Enable PUSH (2) Enable PUSH: 1 Settings - Max concurrent streams : 100 Settings Identifier: Max concurrent streams (3) Max concurrent streams: 100 Settings - Initial Windows size : 16777216 Settings Identifier: Initial Windows size (4) Initial Windows Size: 16777216 Settings - Max frame size : 16384 Settings Identifier: Max frame size (5) Max frame size: 16384 Upgrade: h2c\r\n User-Agent: Java-http-client/11.0.11\r\n Authorization: Basic b3ZsLXN2Yy1lbWJlZGRlZC1iYTpuJDY3RDUkZA==\r\n Credentials: : \r\n [Full request URI [truncated]: http://cp-www527.gos.oce.net/plugin/swarm/createSlave?name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExi] [HTTP request 1/1] [Response in frame: 297] No. Time Source Destination Protocol Length Info 293 3.739517 10.95.5.43 134.188.170.175 TCP 60 80 → 57761 [ACK] Seq=1 Ack=504 Win=15672 Len=0 Frame 293: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.486336000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.486336000 seconds [Time delta from previous captured frame: 0.000273000 seconds] [Time delta from previous displayed frame: 0.000273000 seconds] [Time since reference or first frame: 3.739517000 seconds] Frame Number: 293 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x27d8 (10200) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xd6da [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57761, Seq: 1, Ack: 504, Len: 0 Source Port: 80 Destination Port: 57761 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3944376232 [Next Sequence Number: 1 (relative sequence number)] Acknowledgment Number: 504 (relative ack number) Acknowledgment number (raw): 975641938 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0xd362 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.019625000 seconds] [Time since previous frame in this TCP stream: 0.000273000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 292] [The RTT to ACK the segment was: 0.000273000 seconds] [iRTT: 0.018302000 seconds] No. Time Source Destination Protocol Length Info 294 3.743634 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX[Malformed Packet] Frame 294: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.490453000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.490453000 seconds [Time delta from previous captured frame: 0.004117000 seconds] [Time delta from previous displayed frame: 0.004117000 seconds] [Time since reference or first frame: 3.743634000 seconds] Frame Number: 294 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 42 Identification: 0x1e0c (7692) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9e0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 22 Checksum: 0xdfc4 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.736210000 seconds] [Time since previous frame: 0.017047000 seconds] UDP payload (14 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbf41c0a6 ReceiveWindowSize: 11810 Flags: 0xb3e0, CN, CWR, Ack of Acks, Syn lossy, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1003 .... ...1 = Version info: True Version: Unknown (0x0e10) [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 295 3.748812 134.188.170.175 134.188.143.108 NBNS 110 Refresh NB OCEVENLO<00> Frame 295: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.495631000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.495631000 seconds [Time delta from previous captured frame: 0.005178000 seconds] [Time delta from previous displayed frame: 0.005178000 seconds] [Time since reference or first frame: 3.748812000 seconds] Frame Number: 295 Frame Length: 110 bytes (880 bits) Capture Length: 110 bytes (880 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:nbns] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || netbios] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.143.108 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 96 Identification: 0xf63a (63034) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.143.108 User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Length: 76 Checksum: 0x47f2 [unverified] [Checksum Status: Unverified] [Stream index: 1] [Timestamps] [Time since first frame: 3.015219000 seconds] [Time since previous frame: 1.500013000 seconds] UDP payload (68 bytes) NetBIOS Name Service Transaction ID: 0xf282 Flags: 0x4000, Opcode: Refresh 0... .... .... .... = Response: Message is a query .100 0... .... .... = Opcode: Refresh (8) .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... ...0 .... = Broadcast: Not a broadcast packet Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries OCEVENLO<00>: type NB, class IN Name: OCEVENLO<00> (Workstation/Redirector) Type: NB (32) Class: IN (1) Additional records OCEVENLO<00>: type NB, class IN Name: OCEVENLO<00> (Workstation/Redirector) Type: NB (32) Class: IN (1) Time to live: 3 days, 11 hours, 20 minutes Data length: 6 Name flags: 0xe000, Name type, ONT: Unknown (H-node, group) 1... .... .... .... = Name type: Group name .11. .... .... .... = ONT: Unknown (3) Addr: 134.188.170.175 No. Time Source Destination Protocol Length Info 296 3.785650 134.188.170.175 134.188.170.174 RDPUDP 1057 CORRELATIONID,AOA Frame 296: 1057 bytes on wire (8456 bits), 1057 bytes captured (8456 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.532469000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.532469000 seconds [Time delta from previous captured frame: 0.036838000 seconds] [Time delta from previous displayed frame: 0.036838000 seconds] [Time since reference or first frame: 3.785650000 seconds] Frame Number: 296 Frame Length: 1057 bytes (8456 bits) Capture Length: 1057 bytes (8456 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1043 Identification: 0xdb20 (56096) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1023 Checksum: 0x66e7 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.778226000 seconds] [Time since previous frame: 0.042016000 seconds] UDP payload (1015 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0a7 ReceiveWindowSize: 11975 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 030303eb000000000000290fe6c8c06c snResetSeqNum: 0x6be9ced7 No. Time Source Destination Protocol Length Info 297 3.791170 10.95.5.43 134.188.170.175 HTTP 328 HTTP/1.1 400 Bad Request (text/html) Frame 297: 328 bytes on wire (2624 bits), 328 bytes captured (2624 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.537989000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.537989000 seconds [Time delta from previous captured frame: 0.005520000 seconds] [Time delta from previous displayed frame: 0.005520000 seconds] [Time since reference or first frame: 3.791170000 seconds] Frame Number: 297 Frame Length: 328 bytes (2624 bits) Capture Length: 328 bytes (2624 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:data-text-lines] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 314 Identification: 0x27d9 (10201) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xd5c7 [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57761, Seq: 1, Ack: 504, Len: 274 Source Port: 80 Destination Port: 57761 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 274] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3944376232 [Next Sequence Number: 275 (relative sequence number)] Acknowledgment Number: 504 (relative ack number) Acknowledgment number (raw): 975641938 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0xf493 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.071278000 seconds] [Time since previous frame in this TCP stream: 0.051653000 seconds] [SEQ/ACK analysis] [iRTT: 0.018302000 seconds] [Bytes in flight: 274] [Bytes sent since last PSH flag: 274] TCP payload (274 bytes) Hypertext Transfer Protocol HTTP/1.1 400 Bad Request\r\n [Expert Info (Chat/Sequence): HTTP/1.1 400 Bad Request\r\n] [HTTP/1.1 400 Bad Request\r\n] [Severity level: Chat] [Group: Sequence] Response Version: HTTP/1.1 Status Code: 400 [Status Code Description: Bad Request] Response Phrase: Bad Request Content-Type: text/html;charset=iso-8859-1\r\n Server: Jetty(10.0.11)\r\n X-RBT-CLI: Name=ovl-steelhead-mgt; Ver=9.9.3a;\r\n Date: Wed, 14 Dec 2022 09:37:40 GMT\r\n Connection: close\r\n Content-Length: 54\r\n [Content length: 54] \r\n [HTTP response 1/1] [Time since request: 0.051926000 seconds] [Request in frame: 292] [Request URI [truncated]: http://cp-www527.gos.oce.net/plugin/swarm/createSlave?name=SIL000131&executors=1&remoteFsRoot=c%3A%5Coce%5Cjenkins&description=SIL000131+runs+do_not_use&labels=SIL000131+do_not_use&mode=NORMAL&hash=&deleteExisting] File Data: 54 bytes Line-based text data: text/html (1 lines)

Bad Message 400

reason: Bad Request
No. Time Source Destination Protocol Length Info 298 3.791307 10.95.5.43 134.188.170.175 TCP 60 80 → 57761 [FIN, ACK] Seq=275 Ack=504 Win=15672 Len=0 Frame 298: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.538126000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.538126000 seconds [Time delta from previous captured frame: 0.000137000 seconds] [Time delta from previous displayed frame: 0.000137000 seconds] [Time since reference or first frame: 3.791307000 seconds] Frame Number: 298 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x27da (10202) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xd6d8 [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57761, Seq: 275, Ack: 504, Len: 0 Source Port: 80 Destination Port: 57761 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 275 (relative sequence number) Sequence Number (raw): 3944376506 [Next Sequence Number: 276 (relative sequence number)] Acknowledgment Number: 504 (relative ack number) Acknowledgment number (raw): 975641938 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame initiates the connection closing] [This frame initiates the connection closing] [Severity level: Note] [Group: Sequence] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0xd24f [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.071415000 seconds] [Time since previous frame in this TCP stream: 0.000137000 seconds] No. Time Source Destination Protocol Length Info 299 3.791332 134.188.170.175 10.95.5.43 TCP 54 57761 → 80 [ACK] Seq=504 Ack=276 Win=262400 Len=0 Frame 299: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.538151000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.538151000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.000025000 seconds] [Time since reference or first frame: 3.791332000 seconds] Frame Number: 299 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8b14 (35604) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57761, Dst Port: 80, Seq: 504, Ack: 276, Len: 0 Source Port: 57761 Destination Port: 80 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 504 (relative sequence number) Sequence Number (raw): 975641938 [Next Sequence Number: 504 (relative sequence number)] Acknowledgment Number: 276 (relative ack number) Acknowledgment number (raw): 3944376507 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1025 [Calculated window size: 262400] [Window size scaling factor: 256] Checksum: 0x4110 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.071440000 seconds] [Time since previous frame in this TCP stream: 0.000025000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 298] [The RTT to ACK the segment was: 0.000025000 seconds] [iRTT: 0.018302000 seconds] No. Time Source Destination Protocol Length Info 300 3.793629 134.188.170.175 10.95.5.43 TCP 54 57761 → 80 [FIN, ACK] Seq=504 Ack=276 Win=262400 Len=0 Frame 300: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.540448000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.540448000 seconds [Time delta from previous captured frame: 0.002297000 seconds] [Time delta from previous displayed frame: 0.002297000 seconds] [Time since reference or first frame: 3.793629000 seconds] Frame Number: 300 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Destination: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 10.95.5.43 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x8b15 (35605) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 10.95.5.43 Transmission Control Protocol, Src Port: 57761, Dst Port: 80, Seq: 504, Ack: 276, Len: 0 Source Port: 57761 Destination Port: 80 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 504 (relative sequence number) Sequence Number (raw): 975641938 [Next Sequence Number: 505 (relative sequence number)] Acknowledgment Number: 276 (relative ack number) Acknowledgment number (raw): 3944376507 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] [Expert Info (Note/Sequence): This frame undergoes the connection closing] [This frame undergoes the connection closing] [Severity level: Note] [Group: Sequence] Window: 1025 [Calculated window size: 262400] [Window size scaling factor: 256] Checksum: 0x4110 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.073737000 seconds] [Time since previous frame in this TCP stream: 0.002297000 seconds] No. Time Source Destination Protocol Length Info 301 3.794482 10.95.5.43 134.188.170.175 TCP 60 80 → 57761 [ACK] Seq=276 Ack=505 Win=15672 Len=0 Frame 301: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.541301000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.541301000 seconds [Time delta from previous captured frame: 0.000853000 seconds] [Time delta from previous displayed frame: 0.000853000 seconds] [Time since reference or first frame: 3.794482000 seconds] Frame Number: 301 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 10.95.5.43, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x28 (DSCP: AF11, ECN: Not-ECT) 0010 10.. = Differentiated Services Codepoint: Assured Forwarding 11 (10) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x27db (10203) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 59 Protocol: TCP (6) Header Checksum: 0xd6d7 [validation disabled] [Header checksum status: Unverified] Source Address: 10.95.5.43 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 80, Dst Port: 57761, Seq: 276, Ack: 505, Len: 0 Source Port: 80 Destination Port: 57761 [Stream index: 5] [Conversation completeness: Complete, WITH_DATA (31)] [TCP Segment Len: 0] Sequence Number: 276 (relative sequence number) Sequence Number (raw): 3944376507 [Next Sequence Number: 276 (relative sequence number)] Acknowledgment Number: 505 (relative ack number) Acknowledgment number (raw): 975641939 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 3918 [Calculated window size: 15672] [Window size scaling factor: 4] Checksum: 0xd24e [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.074590000 seconds] [Time since previous frame in this TCP stream: 0.000853000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 300] [The RTT to ACK the segment was: 0.000853000 seconds] [iRTT: 0.018302000 seconds] No. Time Source Destination Protocol Length Info 302 3.797169 134.188.170.185 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 302: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.543988000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.543988000 seconds [Time delta from previous captured frame: 0.002687000 seconds] [Time delta from previous displayed frame: 0.002687000 seconds] [Time since reference or first frame: 3.797169000 seconds] Frame Number: 302 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) Address: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.185, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x00a6 (166) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x970c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.185 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 63155, Dst Port: 1900 Source Port: 63155 Destination Port: 1900 Length: 183 Checksum: 0x5d55 [unverified] [Checksum Status: Unverified] [Stream index: 3] [Timestamps] [Time since first frame: 2.030290000 seconds] [Time since previous frame: 1.007561000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.42 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 3/4] [Prev request in frame: 245] [Next request in frame: 333] No. Time Source Destination Protocol Length Info 303 3.803771 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 303: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.550590000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.550590000 seconds [Time delta from previous captured frame: 0.006602000 seconds] [Time delta from previous displayed frame: 0.006602000 seconds] [Time since reference or first frame: 3.803771000 seconds] Frame Number: 303 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1e0d (7693) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9e3 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0xe96c [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.796347000 seconds] [Time since previous frame: 0.018121000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xbf01c0a7 ReceiveWindowSize: 11993 Flags: 0xece0, CN, CWR, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 304 3.817506 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 304: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.564325000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.564325000 seconds [Time delta from previous captured frame: 0.013735000 seconds] [Time delta from previous displayed frame: 0.013735000 seconds] [Time since reference or first frame: 3.817506000 seconds] Frame Number: 304 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb21 (56097) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.810082000 seconds] [Time since previous frame: 0.013735000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0a8 ReceiveWindowSize: 11976 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c000000000000291001ee6564 snResetSeqNum: 0xf65fe10d No. Time Source Destination Protocol Length Info 305 3.817553 134.188.170.175 134.188.170.174 RDPUDP 912 CORRELATIONID,AOA Frame 305: 912 bytes on wire (7296 bits), 912 bytes captured (7296 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.564372000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.564372000 seconds [Time delta from previous captured frame: 0.000047000 seconds] [Time delta from previous displayed frame: 0.000047000 seconds] [Time since reference or first frame: 3.817553000 seconds] Frame Number: 305 Frame Length: 912 bytes (7296 bits) Capture Length: 912 bytes (7296 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 898 Identification: 0xdb22 (56098) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 878 Checksum: 0x6656 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.810129000 seconds] [Time since previous frame: 0.000047000 seconds] UDP payload (870 bytes) UDP Remote Desktop Protocol snSourceAck: 0xe004c0a9 ReceiveWindowSize: 11977 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 94a1bc3e4215aa1e549bc3bebd065391 snResetSeqNum: 0xdeac7a60 No. Time Source Destination Protocol Length Info 306 3.833794 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 306: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.580613000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.580613000 seconds [Time delta from previous captured frame: 0.016241000 seconds] [Time delta from previous displayed frame: 0.016241000 seconds] [Time since reference or first frame: 3.833794000 seconds] Frame Number: 306 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1e0e (7694) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9e1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0x9431 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.826370000 seconds] [Time since previous frame: 0.016241000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc001c0a9 ReceiveWindowSize: 11792 Flags: 0x0ce0, CN, CWR, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 307 3.878269 134.188.170.175 134.188.170.174 RDPUDP 1001 CORRELATIONID,AOA Frame 307: 1001 bytes on wire (8008 bits), 1001 bytes captured (8008 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.625088000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.625088000 seconds [Time delta from previous captured frame: 0.044475000 seconds] [Time delta from previous displayed frame: 0.044475000 seconds] [Time since reference or first frame: 3.878269000 seconds] Frame Number: 307 Frame Length: 1001 bytes (8008 bits) Capture Length: 1001 bytes (8008 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 987 Identification: 0xdb23 (56099) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 967 Checksum: 0x66af [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.870845000 seconds] [Time since previous frame: 0.044475000 seconds] UDP payload (959 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0aa ReceiveWindowSize: 11978 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 030303b30000000000002912cd0cdfb3 snResetSeqNum: 0xd7be31d2 No. Time Source Destination Protocol Length Info 308 3.894061 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 308: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.640880000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.640880000 seconds [Time delta from previous captured frame: 0.015792000 seconds] [Time delta from previous displayed frame: 0.015792000 seconds] [Time since reference or first frame: 3.894061000 seconds] Frame Number: 308 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1e0f (7695) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9e1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0x90f6 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 3.886637000 seconds] [Time since previous frame: 0.015792000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc001c0aa ReceiveWindowSize: 11853 Flags: 0x47e0, CN, CWR, Ack of Acks, Syn lossy, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 309 3.933161 134.188.170.103 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1 Frame 309: 216 bytes on wire (1728 bits), 216 bytes captured (1728 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.679980000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.679980000 seconds [Time delta from previous captured frame: 0.039100000 seconds] [Time delta from previous displayed frame: 0.039100000 seconds] [Time since reference or first frame: 3.933161000 seconds] Frame Number: 309 Frame Length: 216 bytes (1728 bits) Capture Length: 216 bytes (1728 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 202 Identification: 0x9043 (36931) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07c2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64230, Dst Port: 1900 Source Port: 64230 Destination Port: 1900 Length: 182 Checksum: 0xd654 [unverified] [Checksum Status: Unverified] [Stream index: 4] [Timestamps] [Time since first frame: 1.018379000 seconds] [Time since previous frame: 1.018379000 seconds] UDP payload (174 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Google Chrome/108.0.5359.99 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 2/4] [Prev request in frame: 246] [Next request in frame: 334] No. Time Source Destination Protocol Length Info 310 3.978789 134.188.170.103 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 310: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.725608000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.725608000 seconds [Time delta from previous captured frame: 0.045628000 seconds] [Time delta from previous displayed frame: 0.045628000 seconds] [Time since reference or first frame: 3.978789000 seconds] Frame Number: 310 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x9044 (36932) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07c0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64233, Dst Port: 1900 Source Port: 64233 Destination Port: 1900 Length: 183 Checksum: 0x5571 [unverified] [Checksum Status: Unverified] [Stream index: 5] [Timestamps] [Time since first frame: 1.019252000 seconds] [Time since previous frame: 1.019252000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.46 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 2/4] [Prev request in frame: 247] [Next request in frame: 335] No. Time Source Destination Protocol Length Info 311 3.994461 134.188.170.1 224.0.0.5 OSPF 82 Hello Packet Frame 311: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:40.741280000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010660.741280000 seconds [Time delta from previous captured frame: 0.015672000 seconds] [Time delta from previous displayed frame: 0.015672000 seconds] [Time since reference or first frame: 3.994461000 seconds] Frame Number: 311 Frame Length: 82 bytes (656 bits) Capture Length: 82 bytes (656 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:ospf] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: ProCurve_ef:63:00 (00:16:b9:ef:63:00), Dst: IPv4mcast_05 (01:00:5e:00:00:05) Destination: IPv4mcast_05 (01:00:5e:00:00:05) Address: IPv4mcast_05 (01:00:5e:00:00:05) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: ProCurve_ef:63:00 (00:16:b9:ef:63:00) Address: ProCurve_ef:63:00 (00:16:b9:ef:63:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.5 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 68 Identification: 0x5d15 (23829) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: OSPF IGP (89) Header Checksum: 0x4ac9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.5 Open Shortest Path First OSPF Header Version: 2 Message Type: Hello Packet (1) Packet Length: 48 Source OSPF Router: 134.188.235.211 Area ID: 0.0.3.4 Checksum: 0xb4f7 [correct] Auth Type: Null (0) Auth Data (none): 0000000000000000 OSPF Hello Packet Network Mask: 255.255.255.0 Hello Interval [sec]: 10 Options: 0x00 0... .... = DN: Not set .0.. .... = O: Not set ..0. .... = (DC) Demand Circuits: Not supported ...0 .... = (L) LLS Data block: Not Present .... 0... = (N) NSSA: Not supported .... .0.. = (MC) Multicast: Not capable .... ..0. = (E) External Routing: Not capable .... ...0 = (MT) Multi-Topology Routing: No Router Priority: 1 Router Dead Interval [sec]: 40 Designated Router: 134.188.170.2 Backup Designated Router: 134.188.170.1 Active Neighbor: 134.188.235.212 No. Time Source Destination Protocol Length Info 312 4.260737 134.188.170.1 224.0.0.18 VRRP 60 Announcement (v2) Frame 312: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.007556000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.007556000 seconds [Time delta from previous captured frame: 0.266276000 seconds] [Time delta from previous displayed frame: 0.266276000 seconds] [Time since reference or first frame: 4.260737000 seconds] Frame Number: 312 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:vrrp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: IPv4mcast_12 (01:00:5e:00:00:12) Destination: IPv4mcast_12 (01:00:5e:00:00:12) Address: IPv4mcast_12 (01:00:5e:00:00:12) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.18 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0000 (0) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 255 Protocol: VRRP (112) Header Checksum: 0xa9d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.18 Virtual Router Redundancy Protocol Version 2, Packet type 1 (Advertisement) 0010 .... = VRRP protocol version: 2 .... 0001 = VRRP packet type: Advertisement (1) Virtual Rtr ID: 170 Priority: 255 (This VRRP router owns the virtual router's IP address(es)) Addr Count: 1 Auth Type: No Authentication (0) Adver Int: 1 Checksum: 0xae94 [correct] [Checksum Status: Good] IP Address: 134.188.170.1 No. Time Source Destination Protocol Length Info 313 4.424731 ProCurve_ae:14:2e Spanning-tree-(for-bridges)_00 STP 119 MST. Root = 32768/0/00:1b:3f:59:00:00 Cost = 1 Port = 0x80d2 Frame 313: 119 bytes on wire (952 bits), 119 bytes captured (952 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.171550000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.171550000 seconds [Time delta from previous captured frame: 0.163994000 seconds] [Time delta from previous displayed frame: 0.163994000 seconds] [Time since reference or first frame: 4.424731000 seconds] Frame Number: 313 Frame Length: 119 bytes (952 bits) Capture Length: 119 bytes (952 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:llc:stp] [Coloring Rule Name: Broadcast] [Coloring Rule String: eth[0] & 1] IEEE 802.3 Ethernet Destination: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) Address: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) Address: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Length: 105 Logical-Link Control DSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = IG Bit: Individual SSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = CR Bit: Command Control field: U, func=UI (0x03) 000. 00.. = Command: Unnumbered Information (0x00) .... ..11 = Frame type: Unnumbered frame (0x3) Spanning Tree Protocol Protocol Identifier: Spanning Tree Protocol (0x0000) Protocol Version Identifier: Multiple Spanning Tree (3) BPDU Type: Rapid/Multiple Spanning Tree (0x02) BPDU flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated 0... .... = Topology Change Acknowledgment: No .1.. .... = Agreement: Yes ..1. .... = Forwarding: Yes ...1 .... = Learning: Yes .... 11.. = Port Role: Designated (3) .... ..0. = Proposal: No .... ...0 = Topology Change: No Root Identifier: 32768 / 0 / 00:1b:3f:59:00:00 Root Bridge Priority: 32768 Root Bridge System ID Extension: 0 Root Bridge System ID: ProCurve_59:00:00 (00:1b:3f:59:00:00) Root Path Cost: 1 Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 Bridge Priority: 32768 Bridge System ID Extension: 0 Bridge System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) Port identifier: 0x80d2 Message Age: 1 Max Age: 20 Hello Time: 2 Forward Delay: 15 Version 1 Length: 0 Version 3 Length: 64 MST Extension MST Config ID format selector: 0 MST Config name: 001b3fae0400 MST Config revision: 0 MST Config digest: ac36177f50283cd4b83821d8ab26de62 CIST Internal Root Path Cost: 0 CIST Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 CIST Bridge Priority: 32768 CIST Bridge Identifier System ID Extension: 0 CIST Bridge Identifier System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) CIST Remaining hops: 20 No. Time Source Destination Protocol Length Info 314 4.472116 134.188.170.175 134.188.170.174 TLSv1.2 105 Application Data Frame 314: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.218935000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.218935000 seconds [Time delta from previous captured frame: 0.047385000 seconds] [Time delta from previous displayed frame: 0.047385000 seconds] [Time since reference or first frame: 4.472116000 seconds] Frame Number: 314 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0xdb24 (56100) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 154, Ack: 1247, Len: 51 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 51] Sequence Number: 154 (relative sequence number) Sequence Number (raw): 1607889504 [Next Sequence Number: 205 (relative sequence number)] Acknowledgment Number: 1247 (relative ack number) Acknowledgment number (raw): 3951498809 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 63547 [Calculated window size: 63547] [Window size scaling factor: -1 (unknown)] Checksum: 0x6324 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 4.472116000 seconds] [Time since previous frame in this TCP stream: 1.348755000 seconds] [SEQ/ACK analysis] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] TCP payload (51 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 46 Encrypted Application Data: 000000000000165c54e02a33fdb9f73be550f9241bb5501028967330cbb2ea0f863d04a5… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 315 4.472331 134.188.170.175 134.188.170.174 RDPUDP 1117 CORRELATIONID,AOA Frame 315: 1117 bytes on wire (8936 bits), 1117 bytes captured (8936 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.219150000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.219150000 seconds [Time delta from previous captured frame: 0.000215000 seconds] [Time delta from previous displayed frame: 0.000215000 seconds] [Time since reference or first frame: 4.472331000 seconds] Frame Number: 315 Frame Length: 1117 bytes (8936 bits) Capture Length: 1117 bytes (8936 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1103 Identification: 0xdb25 (56101) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1083 Checksum: 0x6723 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.464907000 seconds] [Time since previous frame: 0.578270000 seconds] UDP payload (1075 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0ab ReceiveWindowSize: 11979 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 030304270000000000002913dd3e07b1 snResetSeqNum: 0x96d3fbb9 No. Time Source Destination Protocol Length Info 316 4.474521 134.188.170.174 134.188.170.175 RDPUDP 251 CORRELATIONID,AOA Frame 316: 251 bytes on wire (2008 bits), 251 bytes captured (2008 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.221340000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.221340000 seconds [Time delta from previous captured frame: 0.002190000 seconds] [Time delta from previous displayed frame: 0.002190000 seconds] [Time since reference or first frame: 4.474521000 seconds] Frame Number: 316 Frame Length: 251 bytes (2008 bits) Capture Length: 251 bytes (2008 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 237 Identification: 0x1e10 (7696) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb919 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 217 Checksum: 0x99b9 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.467097000 seconds] [Time since previous frame: 0.002190000 seconds] UDP payload (209 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc205c0ab ReceiveWindowSize: 11873 Flags: 0x8be0, CN, CWR, Ack of Acks, Syn lossy, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0100a810ca0f17030300be0000000000 snResetSeqNum: 0xa64f2394 No. Time Source Destination Protocol Length Info 317 4.498995 134.188.170.175 134.188.170.174 RDPUDP 52 SYNEX Frame 317: 52 bytes on wire (416 bits), 52 bytes captured (416 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.245814000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.245814000 seconds [Time delta from previous captured frame: 0.024474000 seconds] [Time delta from previous displayed frame: 0.024474000 seconds] [Time since reference or first frame: 4.498995000 seconds] Frame Number: 317 Frame Length: 52 bytes (416 bits) Capture Length: 52 bytes (416 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0xdb26 (56102) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 18 Checksum: 0x62fa [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.491571000 seconds] [Time since previous frame: 0.024474000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc301c0a8 ReceiveWindowSize: 4180 Flags: 0x70e0, CN, CWR, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1800 .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 318 4.518688 134.188.170.174 134.188.170.175 TCP 60 52728 → 3389 [ACK] Seq=1247 Ack=205 Win=8211 Len=0 Frame 318: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.265507000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.265507000 seconds [Time delta from previous captured frame: 0.019693000 seconds] [Time delta from previous displayed frame: 0.019693000 seconds] [Time since reference or first frame: 4.518688000 seconds] Frame Number: 318 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1e11 (7697) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e8 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1247, Ack: 205, Len: 0 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1247 (relative sequence number) Sequence Number (raw): 3951498809 [Next Sequence Number: 1247 (relative sequence number)] Acknowledgment Number: 205 (relative ack number) Acknowledgment number (raw): 1607889555 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x7d8a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 4.518688000 seconds] [Time since previous frame in this TCP stream: 0.046572000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 314] [The RTT to ACK the segment was: 0.046572000 seconds] No. Time Source Destination Protocol Length Info 319 4.600273 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 319: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.347092000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.347092000 seconds [Time delta from previous captured frame: 0.081585000 seconds] [Time delta from previous displayed frame: 0.081585000 seconds] [Time since reference or first frame: 4.600273000 seconds] Frame Number: 319 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb27 (56103) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.592849000 seconds] [Time since previous frame: 0.101278000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0ac ReceiveWindowSize: 11980 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000029145516b381 snResetSeqNum: 0xe75774f6 No. Time Source Destination Protocol Length Info 320 4.600321 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 320: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.347140000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.347140000 seconds [Time delta from previous captured frame: 0.000048000 seconds] [Time delta from previous displayed frame: 0.000048000 seconds] [Time since reference or first frame: 4.600321000 seconds] Frame Number: 320 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb28 (56104) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.592897000 seconds] [Time since previous frame: 0.000048000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2804c0ad ReceiveWindowSize: 11981 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 7da64036681ffc5072430f2a7f30166e snResetSeqNum: 0x94dc53c3 No. Time Source Destination Protocol Length Info 321 4.600340 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 321: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.347159000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.347159000 seconds [Time delta from previous captured frame: 0.000019000 seconds] [Time delta from previous displayed frame: 0.000019000 seconds] [Time since reference or first frame: 4.600340000 seconds] Frame Number: 321 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb29 (56105) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.592916000 seconds] [Time since previous frame: 0.000019000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6904c0ae ReceiveWindowSize: 11982 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: c95ba115da2ead32f3023f3dfd0978f8 snResetSeqNum: 0x6ce994de No. Time Source Destination Protocol Length Info 322 4.600374 134.188.170.175 134.188.170.174 RDPUDP 832 CORRELATIONID,AOA Frame 322: 832 bytes on wire (6656 bits), 832 bytes captured (6656 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.347193000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.347193000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.000034000 seconds] [Time since reference or first frame: 4.600374000 seconds] Frame Number: 322 Frame Length: 832 bytes (6656 bits) Capture Length: 832 bytes (6656 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 818 Identification: 0xdb2a (56106) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 798 Checksum: 0x6606 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.592950000 seconds] [Time since previous frame: 0.000034000 seconds] UDP payload (790 bytes) UDP Remote Desktop Protocol snSourceAck: 0x8d04c0af ReceiveWindowSize: 11983 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: c5a097d770e0efdc4975ae406ada100f snResetSeqNum: 0x3863ac87 No. Time Source Destination Protocol Length Info 323 4.601207 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 323: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348026000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348026000 seconds [Time delta from previous captured frame: 0.000833000 seconds] [Time delta from previous displayed frame: 0.000833000 seconds] [Time since reference or first frame: 4.601207000 seconds] Frame Number: 323 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb2b (56107) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.593783000 seconds] [Time since previous frame: 0.000833000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0b0 ReceiveWindowSize: 11984 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c0000000000002917f95383f3 snResetSeqNum: 0xbea094e1 No. Time Source Destination Protocol Length Info 324 4.601235 134.188.170.175 134.188.170.174 RDPUDP 1282 SYNEX,AOA Frame 324: 1282 bytes on wire (10256 bits), 1282 bytes captured (10256 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348054000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348054000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 4.601235000 seconds] Frame Number: 324 Frame Length: 1282 bytes (10256 bits) Capture Length: 1282 bytes (10256 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1268 Identification: 0xdb2c (56108) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1248 Checksum: 0x67c8 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.593811000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (1240 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c1e9 ReceiveWindowSize: 2560 Flags: 0xb1e0, CN, CWR, Ack of Acks, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0xd12d .... ...1 = Version info: True Version: Unknown (0x220d) snResetSeqNum: 0x7c66ddd6 No. Time Source Destination Protocol Length Info 325 4.601269 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 325: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348088000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348088000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.000034000 seconds] [Time since reference or first frame: 4.601269000 seconds] Frame Number: 325 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb2d (56109) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.593845000 seconds] [Time since previous frame: 0.000034000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x5404c0b2 ReceiveWindowSize: 11986 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 6792bdf96f0205e7e5be25a65bc33233 snResetSeqNum: 0x282c0cc9 No. Time Source Destination Protocol Length Info 326 4.601289 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 326: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348108000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348108000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 4.601289000 seconds] Frame Number: 326 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb2e (56110) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.593865000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xb204c0b3 ReceiveWindowSize: 11987 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: ca7998955238ed27e9c8841a1c752910 snResetSeqNum: 0xa18eb046 No. Time Source Destination Protocol Length Info 327 4.601319 134.188.170.175 134.188.170.174 RDPUDP 78 CORRELATIONID[Malformed Packet] Frame 327: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348138000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348138000 seconds [Time delta from previous captured frame: 0.000030000 seconds] [Time delta from previous displayed frame: 0.000030000 seconds] [Time since reference or first frame: 4.601319000 seconds] Frame Number: 327 Frame Length: 78 bytes (624 bits) Capture Length: 78 bytes (624 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 64 Identification: 0xdb2f (56111) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 44 Checksum: 0x6314 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.593895000 seconds] [Time since previous frame: 0.000030000 seconds] UDP payload (36 bytes) UDP Remote Desktop Protocol snSourceAck: 0xf504c0b4 ReceiveWindowSize: 11988 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 4d9d8b8f809d8400331aa20a1cf7d0be [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 328 4.601934 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 328: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348753000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348753000 seconds [Time delta from previous captured frame: 0.000615000 seconds] [Time delta from previous displayed frame: 0.000615000 seconds] [Time since reference or first frame: 4.601934000 seconds] Frame Number: 328 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb30 (56112) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.594510000 seconds] [Time since previous frame: 0.000615000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0b5 ReceiveWindowSize: 11989 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c000000000000291bc1eaa08c snResetSeqNum: 0xdcaa6a45 No. Time Source Destination Protocol Length Info 329 4.601963 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 329: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348782000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348782000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 4.601963000 seconds] Frame Number: 329 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb31 (56113) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.594539000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0404c0b6 ReceiveWindowSize: 11990 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: a35004d50f46862dec4219f3fe3b4317 snResetSeqNum: 0xda888b3f No. Time Source Destination Protocol Length Info 330 4.601983 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 330: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348802000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348802000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 4.601983000 seconds] Frame Number: 330 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb32 (56114) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.594559000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x7a04c0b7 ReceiveWindowSize: 11991 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: bef442c93dfc48a3d4813062771b23e6 snResetSeqNum: 0x55679559 No. Time Source Destination Protocol Length Info 331 4.602003 134.188.170.175 134.188.170.174 RDPUDP 161 CORRELATIONID,AOA Frame 331: 161 bytes on wire (1288 bits), 161 bytes captured (1288 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.348822000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.348822000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 4.602003000 seconds] Frame Number: 331 Frame Length: 161 bytes (1288 bits) Capture Length: 161 bytes (1288 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 147 Identification: 0xdb33 (56115) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 127 Checksum: 0x6367 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.594579000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (119 bytes) UDP Remote Desktop Protocol snSourceAck: 0x8404c0b8 ReceiveWindowSize: 11992 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 746486a1c0721c79e3b8d874a543d938 snResetSeqNum: 0xcf70149e No. Time Source Destination Protocol Length Info 332 4.618594 134.188.170.174 134.188.170.175 RDPUDP 64 [Malformed Packet] Frame 332: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.365413000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.365413000 seconds [Time delta from previous captured frame: 0.016591000 seconds] [Time delta from previous displayed frame: 0.016591000 seconds] [Time since reference or first frame: 4.618594000 seconds] Frame Number: 332 Frame Length: 64 bytes (512 bits) Capture Length: 64 bytes (512 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 50 Identification: 0x1e12 (7698) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9d2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 30 Checksum: 0x1682 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 4.611170000 seconds] [Time since previous frame: 0.016591000 seconds] UDP payload (22 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc301c0b8 ReceiveWindowSize: 11966 Flags: 0x09e0, CN, CWR, Ack of Acks, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 333 4.805355 134.188.170.185 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 333: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.552174000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.552174000 seconds [Time delta from previous captured frame: 0.186761000 seconds] [Time delta from previous displayed frame: 0.186761000 seconds] [Time since reference or first frame: 4.805355000 seconds] Frame Number: 333 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) Address: FujitsuT_8b:6f:5c (90:1b:0e:8b:6f:5c) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.185, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x00a7 (167) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x970b [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.185 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 63155, Dst Port: 1900 Source Port: 63155 Destination Port: 1900 Length: 183 Checksum: 0x5d55 [unverified] [Checksum Status: Unverified] [Stream index: 3] [Timestamps] [Time since first frame: 3.038476000 seconds] [Time since previous frame: 1.008186000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.42 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 4/4] [Prev request in frame: 302] No. Time Source Destination Protocol Length Info 334 4.942031 134.188.170.103 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1 Frame 334: 216 bytes on wire (1728 bits), 216 bytes captured (1728 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.688850000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.688850000 seconds [Time delta from previous captured frame: 0.136676000 seconds] [Time delta from previous displayed frame: 0.136676000 seconds] [Time since reference or first frame: 4.942031000 seconds] Frame Number: 334 Frame Length: 216 bytes (1728 bits) Capture Length: 216 bytes (1728 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 202 Identification: 0x9045 (36933) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07c0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64230, Dst Port: 1900 Source Port: 64230 Destination Port: 1900 Length: 182 Checksum: 0xd654 [unverified] [Checksum Status: Unverified] [Stream index: 4] [Timestamps] [Time since first frame: 2.027249000 seconds] [Time since previous frame: 1.008870000 seconds] UDP payload (174 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Google Chrome/108.0.5359.99 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 3/4] [Prev request in frame: 309] [Next request in frame: 389] No. Time Source Destination Protocol Length Info 335 4.987302 134.188.170.103 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 335: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.734121000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.734121000 seconds [Time delta from previous captured frame: 0.045271000 seconds] [Time delta from previous displayed frame: 0.045271000 seconds] [Time since reference or first frame: 4.987302000 seconds] Frame Number: 335 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x9046 (36934) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07be [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64233, Dst Port: 1900 Source Port: 64233 Destination Port: 1900 Length: 183 Checksum: 0x5571 [unverified] [Checksum Status: Unverified] [Stream index: 5] [Timestamps] [Time since first frame: 2.027765000 seconds] [Time since previous frame: 1.008513000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.46 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 3/4] [Prev request in frame: 310] [Next request in frame: 395] No. Time Source Destination Protocol Length Info 336 5.099607 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 336: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.846426000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.846426000 seconds [Time delta from previous captured frame: 0.112305000 seconds] [Time delta from previous displayed frame: 0.112305000 seconds] [Time since reference or first frame: 5.099607000 seconds] Frame Number: 336 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb34 (56116) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.092183000 seconds] [Time since previous frame: 0.481013000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0b9 ReceiveWindowSize: 11993 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c000000000000291feae65bf7 snResetSeqNum: 0x3a72a692 No. Time Source Destination Protocol Length Info 337 5.099657 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 337: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.846476000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.846476000 seconds [Time delta from previous captured frame: 0.000050000 seconds] [Time delta from previous displayed frame: 0.000050000 seconds] [Time since reference or first frame: 5.099657000 seconds] Frame Number: 337 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb35 (56117) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.092233000 seconds] [Time since previous frame: 0.000050000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xee04c0ba ReceiveWindowSize: 11994 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 4e588f4814105dd77ba2bb52f30e72eb snResetSeqNum: 0xea9b7375 No. Time Source Destination Protocol Length Info 338 5.099677 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 338: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.846496000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.846496000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 5.099677000 seconds] Frame Number: 338 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb36 (56118) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.092253000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xf404c0bb ReceiveWindowSize: 11995 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: e55c12e3db2e7ccafdc8624483c03d6e snResetSeqNum: 0x2fbfc6d5 No. Time Source Destination Protocol Length Info 339 5.099708 134.188.170.175 134.188.170.174 RDPUDP 1008 CORRELATIONID,AOA Frame 339: 1008 bytes on wire (8064 bits), 1008 bytes captured (8064 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.846527000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.846527000 seconds [Time delta from previous captured frame: 0.000031000 seconds] [Time delta from previous displayed frame: 0.000031000 seconds] [Time since reference or first frame: 5.099708000 seconds] Frame Number: 339 Frame Length: 1008 bytes (8064 bits) Capture Length: 1008 bytes (8064 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 994 Identification: 0xdb37 (56119) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 974 Checksum: 0x66b6 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.092284000 seconds] [Time since previous frame: 0.000031000 seconds] UDP payload (966 bytes) UDP Remote Desktop Protocol snSourceAck: 0xda04c0bc ReceiveWindowSize: 11996 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: ef6eba00c3e9af264b329e892967b121 snResetSeqNum: 0xd9fffc4a No. Time Source Destination Protocol Length Info 340 5.118958 134.188.170.174 134.188.170.175 RDPUDP 60 SYNEX Frame 340: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:41.865777000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010661.865777000 seconds [Time delta from previous captured frame: 0.019250000 seconds] [Time delta from previous displayed frame: 0.019250000 seconds] [Time since reference or first frame: 5.118958000 seconds] Frame Number: 340 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 41 Identification: 0x1e13 (7699) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9da [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 21 Checksum: 0x95c7 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.111534000 seconds] [Time since previous frame: 0.019250000 seconds] UDP payload (13 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc401c0bc ReceiveWindowSize: 11836 Flags: 0xf0e0, CN, CWR, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1103 .... ...1 = Version info: True Version: Unknown (0x0f24) No. Time Source Destination Protocol Length Info 341 5.260713 134.188.170.1 224.0.0.18 VRRP 60 Announcement (v2) Frame 341: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.007532000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.007532000 seconds [Time delta from previous captured frame: 0.141755000 seconds] [Time delta from previous displayed frame: 0.141755000 seconds] [Time since reference or first frame: 5.260713000 seconds] Frame Number: 341 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:vrrp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: IPv4mcast_12 (01:00:5e:00:00:12) Destination: IPv4mcast_12 (01:00:5e:00:00:12) Address: IPv4mcast_12 (01:00:5e:00:00:12) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.18 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0000 (0) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 255 Protocol: VRRP (112) Header Checksum: 0xa9d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.18 Virtual Router Redundancy Protocol Version 2, Packet type 1 (Advertisement) 0010 .... = VRRP protocol version: 2 .... 0001 = VRRP packet type: Advertisement (1) Virtual Rtr ID: 170 Priority: 255 (This VRRP router owns the virtual router's IP address(es)) Addr Count: 1 Auth Type: No Authentication (0) Adver Int: 1 Checksum: 0xae94 [correct] [Checksum Status: Good] IP Address: 134.188.170.1 No. Time Source Destination Protocol Length Info 342 5.313851 134.188.170.175 134.188.170.174 RDPUDP 90 CORRELATIONID,AOA Frame 342: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.060670000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.060670000 seconds [Time delta from previous captured frame: 0.053138000 seconds] [Time delta from previous displayed frame: 0.053138000 seconds] [Time since reference or first frame: 5.313851000 seconds] Frame Number: 342 Frame Length: 90 bytes (720 bits) Capture Length: 90 bytes (720 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0xdb38 (56120) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 56 Checksum: 0x6320 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.306427000 seconds] [Time since previous frame: 0.194893000 seconds] UDP payload (48 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0bd ReceiveWindowSize: 11997 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 03030024000000000000292385cb2e2f snResetSeqNum: 0x21532556 No. Time Source Destination Protocol Length Info 343 5.316216 134.188.170.174 134.188.170.175 RDPUDP 100 AOA Frame 343: 100 bytes on wire (800 bits), 100 bytes captured (800 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.063035000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.063035000 seconds [Time delta from previous captured frame: 0.002365000 seconds] [Time delta from previous displayed frame: 0.002365000 seconds] [Time since reference or first frame: 5.316216000 seconds] Frame Number: 343 Frame Length: 100 bytes (800 bits) Capture Length: 100 bytes (800 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 86 Identification: 0x1e14 (7700) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9ac [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 66 Checksum: 0xc94b [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.308792000 seconds] [Time since previous frame: 0.002365000 seconds] UDP payload (58 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc505c1bd ReceiveWindowSize: 11831 Flags: 0xc1e0, CN, CWR, Ack of Acks .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False snResetSeqNum: 0x0100200a No. Time Source Destination Protocol Length Info 344 5.327096 134.188.170.175 134.188.170.174 RDPUDP 53 Frame 344: 53 bytes on wire (424 bits), 53 bytes captured (424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.073915000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.073915000 seconds [Time delta from previous captured frame: 0.010880000 seconds] [Time delta from previous displayed frame: 0.010880000 seconds] [Time since reference or first frame: 5.327096000 seconds] Frame Number: 344 Frame Length: 53 bytes (424 bits) Capture Length: 53 bytes (424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0xdb39 (56121) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 19 Checksum: 0x62fb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.319672000 seconds] [Time since previous frame: 0.010880000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc641c0a9 ReceiveWindowSize: 4170 Flags: 0xa6e0, CN, CWR, Syn lossy, Ack delayed .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 345 5.440079 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 345: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.186898000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.186898000 seconds [Time delta from previous captured frame: 0.112983000 seconds] [Time delta from previous displayed frame: 0.112983000 seconds] [Time since reference or first frame: 5.440079000 seconds] Frame Number: 345 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e15 (7701) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79b9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1247, Ack: 205, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1247 (relative sequence number) Sequence Number (raw): 3951498809 [Next Sequence Number: 1290 (relative sequence number)] Acknowledgment Number: 205 (relative ack number) Acknowledgment number (raw): 1607889555 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x5e42 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.440079000 seconds] [Time since previous frame in this TCP stream: 0.921391000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021735c6ad4003c99876c3c78a3f050bc6328003ef74861e58a06f6a65275… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 346 5.456371 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 346: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.203190000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.203190000 seconds [Time delta from previous captured frame: 0.016292000 seconds] [Time delta from previous displayed frame: 0.016292000 seconds] [Time since reference or first frame: 5.456371000 seconds] Frame Number: 346 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e16 (7702) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79b8 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1290, Ack: 205, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1290 (relative sequence number) Sequence Number (raw): 3951498852 [Next Sequence Number: 1333 (relative sequence number)] Acknowledgment Number: 205 (relative ack number) Acknowledgment number (raw): 1607889555 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xd01a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.456371000 seconds] [Time since previous frame in this TCP stream: 0.016292000 seconds] [SEQ/ACK analysis] [Bytes in flight: 86] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 0000000000002174ba2a2dbf33eef98a1bad31f995b9662c35432d02abd48ce7b07facdd… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 347 5.456400 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=205 Ack=1333 Win=63461 Len=0 Frame 347: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.203219000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.203219000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 5.456400000 seconds] Frame Number: 347 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb3a (56122) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 205, Ack: 1333, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 205 (relative sequence number) Sequence Number (raw): 1607889555 [Next Sequence Number: 205 (relative sequence number)] Acknowledgment Number: 1333 (relative ack number) Acknowledgment number (raw): 3951498895 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63461 [Calculated window size: 63461] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.456400000 seconds] [Time since previous frame in this TCP stream: 0.000029000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 346] [The RTT to ACK the segment was: 0.000029000 seconds] No. Time Source Destination Protocol Length Info 348 5.472229 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 348: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.219048000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.219048000 seconds [Time delta from previous captured frame: 0.015829000 seconds] [Time delta from previous displayed frame: 0.015829000 seconds] [Time since reference or first frame: 5.472229000 seconds] Frame Number: 348 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e17 (7703) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79b0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1333, Ack: 205, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 1333 (relative sequence number) Sequence Number (raw): 3951498895 [Next Sequence Number: 1383 (relative sequence number)] Acknowledgment Number: 205 (relative ack number) Acknowledgment number (raw): 1607889555 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x926e [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.472229000 seconds] [Time since previous frame in this TCP stream: 0.015829000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002175d6d2ada0c7273fe9726a0a578d406e130539e5da77e575247f28aaec… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 349 5.503234 134.188.170.175 134.188.170.174 TLSv1.2 105 Application Data Frame 349: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.250053000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.250053000 seconds [Time delta from previous captured frame: 0.031005000 seconds] [Time delta from previous displayed frame: 0.031005000 seconds] [Time since reference or first frame: 5.503234000 seconds] Frame Number: 349 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0xdb3b (56123) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 205, Ack: 1383, Len: 51 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 51] Sequence Number: 205 (relative sequence number) Sequence Number (raw): 1607889555 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1383 (relative ack number) Acknowledgment number (raw): 3951498945 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 63411 [Calculated window size: 63411] [Window size scaling factor: -1 (unknown)] Checksum: 0x6324 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.503234000 seconds] [Time since previous frame in this TCP stream: 0.031005000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 348] [The RTT to ACK the segment was: 0.031005000 seconds] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] TCP payload (51 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 46 Encrypted Application Data: 000000000000165dbaa52a6ed80e9e85e7312864ac0be8a92b0e7931949f5ae1ed4acac5… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 350 5.503427 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 350: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.250246000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.250246000 seconds [Time delta from previous captured frame: 0.000193000 seconds] [Time delta from previous displayed frame: 0.000193000 seconds] [Time since reference or first frame: 5.503427000 seconds] Frame Number: 350 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb3c (56124) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.496003000 seconds] [Time since previous frame: 0.176331000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0be ReceiveWindowSize: 11998 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c0000000000002924344adafb snResetSeqNum: 0xcf1af4d0 No. Time Source Destination Protocol Length Info 351 5.503455 134.188.170.175 134.188.170.174 RDPUDP 904 CORRELATIONID,AOA Frame 351: 904 bytes on wire (7232 bits), 904 bytes captured (7232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.250274000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.250274000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 5.503455000 seconds] Frame Number: 351 Frame Length: 904 bytes (7232 bits) Capture Length: 904 bytes (7232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 890 Identification: 0xdb3d (56125) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 870 Checksum: 0x664e [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.496031000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (862 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0a04c0bf ReceiveWindowSize: 11999 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 59042ac120c2b4a6224cd03ceae9487d snResetSeqNum: 0xabb9216a No. Time Source Destination Protocol Length Info 352 5.506329 134.188.170.174 134.188.170.175 RDPUDP 152 CORRELATIONID,SYNEX Frame 352: 152 bytes on wire (1216 bits), 152 bytes captured (1216 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.253148000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.253148000 seconds [Time delta from previous captured frame: 0.002874000 seconds] [Time delta from previous displayed frame: 0.002874000 seconds] [Time since reference or first frame: 5.506329000 seconds] Frame Number: 352 Frame Length: 152 bytes (1216 bits) Capture Length: 152 bytes (1216 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 138 Identification: 0x1e18 (7704) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb974 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 118 Checksum: 0x4aff [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.498905000 seconds] [Time since previous frame: 0.002874000 seconds] UDP payload (110 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc605c0bf ReceiveWindowSize: 11807 Flags: 0x7ae0, CN, CWR, Syn lossy, Correlation id, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...1 .... .... .... = SynEx: True Correlation Id: 020146aa10cc0f170303005a00000000 SynEx Flags: 0x54da .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 353 5.530224 134.188.170.175 134.188.170.174 RDPUDP 56 [Malformed Packet] Frame 353: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.277043000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.277043000 seconds [Time delta from previous captured frame: 0.023895000 seconds] [Time delta from previous displayed frame: 0.023895000 seconds] [Time since reference or first frame: 5.530224000 seconds] Frame Number: 353 Frame Length: 56 bytes (448 bits) Capture Length: 56 bytes (448 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 42 Identification: 0xdb3e (56126) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 22 Checksum: 0x62fe [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.522800000 seconds] [Time since previous frame: 0.023895000 seconds] UDP payload (14 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc741c1aa ReceiveWindowSize: 4340 Flags: 0x5fe0, CN, CWR, Ack of Acks, Syn lossy, Ack delayed, Correlation id, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...1 .... .... .... = SynEx: True [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 354 5.548700 134.188.170.174 134.188.170.175 TCP 60 52728 → 3389 [ACK] Seq=1383 Ack=256 Win=8211 Len=0 Frame 354: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.295519000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.295519000 seconds [Time delta from previous captured frame: 0.018476000 seconds] [Time delta from previous displayed frame: 0.018476000 seconds] [Time since reference or first frame: 5.548700000 seconds] Frame Number: 354 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1e19 (7705) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79e0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1383, Ack: 256, Len: 0 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 1383 (relative sequence number) Sequence Number (raw): 3951498945 [Next Sequence Number: 1383 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x7ccf [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.548700000 seconds] [Time since previous frame in this TCP stream: 0.045466000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 349] [The RTT to ACK the segment was: 0.045466000 seconds] No. Time Source Destination Protocol Length Info 355 5.568133 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 355: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.314952000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.314952000 seconds [Time delta from previous captured frame: 0.019433000 seconds] [Time delta from previous displayed frame: 0.019433000 seconds] [Time since reference or first frame: 5.568133000 seconds] Frame Number: 355 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb3f (56127) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.560709000 seconds] [Time since previous frame: 0.037909000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0c0 ReceiveWindowSize: 12000 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c0000000000002926d90f82e6 snResetSeqNum: 0x2d96a3e7 No. Time Source Destination Protocol Length Info 356 5.568171 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 356: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.314990000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.314990000 seconds [Time delta from previous captured frame: 0.000038000 seconds] [Time delta from previous displayed frame: 0.000038000 seconds] [Time since reference or first frame: 5.568171000 seconds] Frame Number: 356 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb40 (56128) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.560747000 seconds] [Time since previous frame: 0.000038000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c0c1 ReceiveWindowSize: 12001 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: f23a39712d6c66166b05c8eb0444f774 snResetSeqNum: 0xff6a9729 No. Time Source Destination Protocol Length Info 357 5.568192 134.188.170.175 134.188.170.174 RDPUDP 817 CORRELATIONID,AOA Frame 357: 817 bytes on wire (6536 bits), 817 bytes captured (6536 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.315011000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.315011000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 5.568192000 seconds] Frame Number: 357 Frame Length: 817 bytes (6536 bits) Capture Length: 817 bytes (6536 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 803 Identification: 0xdb41 (56129) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 783 Checksum: 0x65f7 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.560768000 seconds] [Time since previous frame: 0.000021000 seconds] UDP payload (775 bytes) UDP Remote Desktop Protocol snSourceAck: 0x8a04c0c2 ReceiveWindowSize: 12002 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: fcca51918ae63ed93841e36f20efb752 snResetSeqNum: 0x3f21a08c No. Time Source Destination Protocol Length Info 358 5.584236 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 358: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.331055000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.331055000 seconds [Time delta from previous captured frame: 0.016044000 seconds] [Time delta from previous displayed frame: 0.016044000 seconds] [Time since reference or first frame: 5.584236000 seconds] Frame Number: 358 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e1a (7706) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79b4 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1383, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1383 (relative sequence number) Sequence Number (raw): 3951498945 [Next Sequence Number: 1426 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x5889 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.584236000 seconds] [Time since previous frame in this TCP stream: 0.035536000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021761d3f1d5347ae07a5761c254593eac7f969e177e023decf9f4b41a862… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 359 5.588781 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 359: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.335600000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.335600000 seconds [Time delta from previous captured frame: 0.004545000 seconds] [Time delta from previous displayed frame: 0.004545000 seconds] [Time since reference or first frame: 5.588781000 seconds] Frame Number: 359 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x1e1b (7707) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9d3 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 20 Checksum: 0xee51 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 5.581357000 seconds] [Time since previous frame: 0.020589000 seconds] UDP payload (12 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc601c0c2 ReceiveWindowSize: 11926 Flags: 0xb9e0, CN, CWR, Ack of Acks, Correlation id, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...1 .... .... .... = SynEx: True [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 360 5.599845 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 360: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.346664000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.346664000 seconds [Time delta from previous captured frame: 0.011064000 seconds] [Time delta from previous displayed frame: 0.011064000 seconds] [Time since reference or first frame: 5.599845000 seconds] Frame Number: 360 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e1c (7708) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79b2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1426, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1426 (relative sequence number) Sequence Number (raw): 3951498988 [Next Sequence Number: 1469 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x84e1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.599845000 seconds] [Time since previous frame in this TCP stream: 0.015609000 seconds] [SEQ/ACK analysis] [Bytes in flight: 86] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000217770a78499809a9eb87ee1e73ee9b644f8da6bab4b30c6de9a66885e99… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 361 5.599872 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=1469 Win=63325 Len=0 Frame 361: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.346691000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.346691000 seconds [Time delta from previous captured frame: 0.000027000 seconds] [Time delta from previous displayed frame: 0.000027000 seconds] [Time since reference or first frame: 5.599872000 seconds] Frame Number: 361 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb42 (56130) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 1469, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1469 (relative ack number) Acknowledgment number (raw): 3951499031 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63325 [Calculated window size: 63325] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.599872000 seconds] [Time since previous frame in this TCP stream: 0.000027000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 360] [The RTT to ACK the segment was: 0.000027000 seconds] No. Time Source Destination Protocol Length Info 362 5.616208 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 362: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.363027000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.363027000 seconds [Time delta from previous captured frame: 0.016336000 seconds] [Time delta from previous displayed frame: 0.016336000 seconds] [Time since reference or first frame: 5.616208000 seconds] Frame Number: 362 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e1d (7709) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79b1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1469, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1469 (relative sequence number) Sequence Number (raw): 3951499031 [Next Sequence Number: 1512 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xd2cc [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.616208000 seconds] [Time since previous frame in this TCP stream: 0.016336000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021783dbdb90ad1ee20ce19be97cdce4c3dd8cebb0b0280875df2edcb2bf6… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 363 5.670670 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=1512 Win=63282 Len=0 Frame 363: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.417489000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.417489000 seconds [Time delta from previous captured frame: 0.054462000 seconds] [Time delta from previous displayed frame: 0.054462000 seconds] [Time since reference or first frame: 5.670670000 seconds] Frame Number: 363 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb43 (56131) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 1512, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1512 (relative ack number) Acknowledgment number (raw): 3951499074 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63282 [Calculated window size: 63282] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.670670000 seconds] [Time since previous frame in this TCP stream: 0.054462000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 362] [The RTT to ACK the segment was: 0.054462000 seconds] No. Time Source Destination Protocol Length Info 364 5.672243 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 364: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.419062000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.419062000 seconds [Time delta from previous captured frame: 0.001573000 seconds] [Time delta from previous displayed frame: 0.001573000 seconds] [Time since reference or first frame: 5.672243000 seconds] Frame Number: 364 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e1e (7710) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79b0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1512, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1512 (relative sequence number) Sequence Number (raw): 3951499074 [Next Sequence Number: 1555 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xf429 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.672243000 seconds] [Time since previous frame in this TCP stream: 0.001573000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 0000000000002179a2ef1357e258c2e4c6a845c48f83dfde96b94e27c6def8d107cd2e0c… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 365 5.696262 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 365: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.443081000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.443081000 seconds [Time delta from previous captured frame: 0.024019000 seconds] [Time delta from previous displayed frame: 0.024019000 seconds] [Time since reference or first frame: 5.696262000 seconds] Frame Number: 365 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e1f (7711) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79af [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1555, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1555 (relative sequence number) Sequence Number (raw): 3951499117 [Next Sequence Number: 1598 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xbdee [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.696262000 seconds] [Time since previous frame in this TCP stream: 0.024019000 seconds] [SEQ/ACK analysis] [Bytes in flight: 86] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000217a2648be3e3984f0c7f49a922af05a0a1ea0c87f12d7983ab823147fe3… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 366 5.696287 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=1598 Win=63196 Len=0 Frame 366: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.443106000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.443106000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.000025000 seconds] [Time since reference or first frame: 5.696287000 seconds] Frame Number: 366 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb44 (56132) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 1598, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1598 (relative ack number) Acknowledgment number (raw): 3951499160 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63196 [Calculated window size: 63196] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.696287000 seconds] [Time since previous frame in this TCP stream: 0.000025000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 365] [The RTT to ACK the segment was: 0.000025000 seconds] No. Time Source Destination Protocol Length Info 367 5.704001 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 367: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.450820000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.450820000 seconds [Time delta from previous captured frame: 0.007714000 seconds] [Time delta from previous displayed frame: 0.007714000 seconds] [Time since reference or first frame: 5.704001000 seconds] Frame Number: 367 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e20 (7712) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79ae [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1598, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1598 (relative sequence number) Sequence Number (raw): 3951499160 [Next Sequence Number: 1641 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xaa60 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.704001000 seconds] [Time since previous frame in this TCP stream: 0.007714000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000217b9422f125f736f49dc16d9cb5f677da04eaf70b9b3bb8b663fd308604… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 368 5.720080 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 368: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.466899000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.466899000 seconds [Time delta from previous captured frame: 0.016079000 seconds] [Time delta from previous displayed frame: 0.016079000 seconds] [Time since reference or first frame: 5.720080000 seconds] Frame Number: 368 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e21 (7713) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79a6 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1641, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 1641 (relative sequence number) Sequence Number (raw): 3951499203 [Next Sequence Number: 1691 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xba81 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.720080000 seconds] [Time since previous frame in this TCP stream: 0.016079000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000217c7a11bc61588c27077dd93d073eb440518769bcdddf18f0eb8d462ccf… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 369 5.720104 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=1691 Win=63103 Len=0 Frame 369: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.466923000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.466923000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.720104000 seconds] Frame Number: 369 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb45 (56133) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 1691, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1691 (relative ack number) Acknowledgment number (raw): 3951499253 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63103 [Calculated window size: 63103] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.720104000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 368] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 370 5.728398 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 370: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.475217000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.475217000 seconds [Time delta from previous captured frame: 0.008294000 seconds] [Time delta from previous displayed frame: 0.008294000 seconds] [Time since reference or first frame: 5.728398000 seconds] Frame Number: 370 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e22 (7714) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79ac [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1691, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1691 (relative sequence number) Sequence Number (raw): 3951499253 [Next Sequence Number: 1734 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x9626 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.728398000 seconds] [Time since previous frame in this TCP stream: 0.008294000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000217de0ccc674bc74b24b1c68c7a043828a2ff0488be2deaa9ebb9d48320d… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 371 5.752222 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 371: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.499041000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.499041000 seconds [Time delta from previous captured frame: 0.023824000 seconds] [Time delta from previous displayed frame: 0.023824000 seconds] [Time since reference or first frame: 5.752222000 seconds] Frame Number: 371 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e23 (7715) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x799d [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1734, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 1734 (relative sequence number) Sequence Number (raw): 3951499296 [Next Sequence Number: 1791 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xe3b0 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.752222000 seconds] [Time since previous frame in this TCP stream: 0.023824000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 000000000000217eee0a5028f3cc028f30be6402f3119f013a79a04520d76fe6f6b0b7ad… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 372 5.752246 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=1791 Win=63003 Len=0 Frame 372: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.499065000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.499065000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.752246000 seconds] Frame Number: 372 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb46 (56134) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 1791, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1791 (relative ack number) Acknowledgment number (raw): 3951499353 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63003 [Calculated window size: 63003] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.752246000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 371] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 373 5.768404 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 373: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.515223000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.515223000 seconds [Time delta from previous captured frame: 0.016158000 seconds] [Time delta from previous displayed frame: 0.016158000 seconds] [Time since reference or first frame: 5.768404000 seconds] Frame Number: 373 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e24 (7716) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79a3 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1791, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 1791 (relative sequence number) Sequence Number (raw): 3951499353 [Next Sequence Number: 1841 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xa3a1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.768404000 seconds] [Time since previous frame in this TCP stream: 0.016158000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000217f4063da9dcfa03d4426611f2a0cab249fbc0926ab445600c54e1878fc… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 374 5.784283 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 374: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.531102000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.531102000 seconds [Time delta from previous captured frame: 0.015879000 seconds] [Time delta from previous displayed frame: 0.015879000 seconds] [Time since reference or first frame: 5.784283000 seconds] Frame Number: 374 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e25 (7717) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79a2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1841, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 1841 (relative sequence number) Sequence Number (raw): 3951499403 [Next Sequence Number: 1891 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x8e8b [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.784283000 seconds] [Time since previous frame in this TCP stream: 0.015879000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002180e6db7ce4bede9c55b96f39cfdaf53877213880b710c3c00dabcc1d39… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 375 5.784307 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=1891 Win=62903 Len=0 Frame 375: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.531126000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.531126000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.784307000 seconds] Frame Number: 375 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb47 (56135) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 1891, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1891 (relative ack number) Acknowledgment number (raw): 3951499453 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62903 [Calculated window size: 62903] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.784307000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 374] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 376 5.800455 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 376: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.547274000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.547274000 seconds [Time delta from previous captured frame: 0.016148000 seconds] [Time delta from previous displayed frame: 0.016148000 seconds] [Time since reference or first frame: 5.800455000 seconds] Frame Number: 376 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e26 (7718) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79a1 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1891, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 1891 (relative sequence number) Sequence Number (raw): 3951499453 [Next Sequence Number: 1941 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x0022 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.800455000 seconds] [Time since previous frame in this TCP stream: 0.016148000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002181c4a531bfcc337873a8dd0006281f473e603fc58267676226306a6255… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 377 5.808433 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 377: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.555252000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.555252000 seconds [Time delta from previous captured frame: 0.007978000 seconds] [Time delta from previous displayed frame: 0.007978000 seconds] [Time since reference or first frame: 5.808433000 seconds] Frame Number: 377 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e27 (7719) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79a7 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1941, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 1941 (relative sequence number) Sequence Number (raw): 3951499503 [Next Sequence Number: 1984 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xae22 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.808433000 seconds] [Time since previous frame in this TCP stream: 0.007978000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 0000000000002182dbbd19e3794548b97d0d872a451dc48eb266b98d7b06bd18ac0988fb… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 378 5.808457 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=1984 Win=62810 Len=0 Frame 378: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.555276000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.555276000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.808457000 seconds] Frame Number: 378 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb48 (56136) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 1984, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 1984 (relative ack number) Acknowledgment number (raw): 3951499546 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62810 [Calculated window size: 62810] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.808457000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 377] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 379 5.832270 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 379: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.579089000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.579089000 seconds [Time delta from previous captured frame: 0.023813000 seconds] [Time delta from previous displayed frame: 0.023813000 seconds] [Time since reference or first frame: 5.832270000 seconds] Frame Number: 379 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e28 (7720) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7998 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 1984, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 1984 (relative sequence number) Sequence Number (raw): 3951499546 [Next Sequence Number: 2041 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xe931 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.832270000 seconds] [Time since previous frame in this TCP stream: 0.023813000 seconds] [SEQ/ACK analysis] [Bytes in flight: 57] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 0000000000002183d0fad1ab3806742edcb42ff6ab8768621a31b0c2374a7d49e434b960… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 380 5.840154 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 380: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.586973000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.586973000 seconds [Time delta from previous captured frame: 0.007884000 seconds] [Time delta from previous displayed frame: 0.007884000 seconds] [Time since reference or first frame: 5.840154000 seconds] Frame Number: 380 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e29 (7721) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79a5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2041, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 2041 (relative sequence number) Sequence Number (raw): 3951499603 [Next Sequence Number: 2084 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x2b4c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.840154000 seconds] [Time since previous frame in this TCP stream: 0.007884000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 0000000000002184a7d32e31c4c82111c020ac957013347fb0a6386c1c1998f71705d19b… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 381 5.840178 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2084 Win=62710 Len=0 Frame 381: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.586997000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.586997000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.840178000 seconds] Frame Number: 381 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb49 (56137) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2084, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2084 (relative ack number) Acknowledgment number (raw): 3951499646 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62710 [Calculated window size: 62710] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.840178000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 380] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 382 5.864510 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 382: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.611329000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.611329000 seconds [Time delta from previous captured frame: 0.024332000 seconds] [Time delta from previous displayed frame: 0.024332000 seconds] [Time since reference or first frame: 5.864510000 seconds] Frame Number: 382 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e2a (7722) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7996 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2084, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 2084 (relative sequence number) Sequence Number (raw): 3951499646 [Next Sequence Number: 2141 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xed3a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.864510000 seconds] [Time since previous frame in this TCP stream: 0.024332000 seconds] [SEQ/ACK analysis] [Bytes in flight: 57] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 0000000000002185e45f1bde2859c272283e30b4e8e4146a429a92df0280d7a7f4e16167… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 383 5.872185 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 383: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.619004000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.619004000 seconds [Time delta from previous captured frame: 0.007675000 seconds] [Time delta from previous displayed frame: 0.007675000 seconds] [Time since reference or first frame: 5.872185000 seconds] Frame Number: 383 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e2b (7723) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x79a3 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2141, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 2141 (relative sequence number) Sequence Number (raw): 3951499703 [Next Sequence Number: 2184 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xf7be [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.872185000 seconds] [Time since previous frame in this TCP stream: 0.007675000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 0000000000002186d584c7267ef53770a69deca5b0d9156945fa0e62536a9e97a11ca29a… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 384 5.872209 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2184 Win=62610 Len=0 Frame 384: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.619028000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.619028000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.872209000 seconds] Frame Number: 384 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb4a (56138) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2184, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2184 (relative ack number) Acknowledgment number (raw): 3951499746 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62610 [Calculated window size: 62610] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.872209000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 383] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 385 5.896282 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 385: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.643101000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.643101000 seconds [Time delta from previous captured frame: 0.024073000 seconds] [Time delta from previous displayed frame: 0.024073000 seconds] [Time since reference or first frame: 5.896282000 seconds] Frame Number: 385 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e2c (7724) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7994 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2184, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 2184 (relative sequence number) Sequence Number (raw): 3951499746 [Next Sequence Number: 2241 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xbbcf [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.896282000 seconds] [Time since previous frame in this TCP stream: 0.024073000 seconds] [SEQ/ACK analysis] [Bytes in flight: 57] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 00000000000021870ccff8f51ffdbb55ed0d34f1ed5294f87ab4311faa57418bd9435374… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 386 5.920480 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 386: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.667299000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.667299000 seconds [Time delta from previous captured frame: 0.024198000 seconds] [Time delta from previous displayed frame: 0.024198000 seconds] [Time since reference or first frame: 5.920480000 seconds] Frame Number: 386 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e2d (7725) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x799a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2241, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2241 (relative sequence number) Sequence Number (raw): 3951499803 [Next Sequence Number: 2291 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x98a1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.920480000 seconds] [Time since previous frame in this TCP stream: 0.024198000 seconds] [SEQ/ACK analysis] [Bytes in flight: 107] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002188e72d3131e9ff85d8ee46ba0f44169ace8851c8d665b689731a6aef45… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 387 5.920504 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2291 Win=64000 Len=0 Frame 387: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.667323000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.667323000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.920504000 seconds] Frame Number: 387 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb4b (56139) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2291, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2291 (relative ack number) Acknowledgment number (raw): 3951499853 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 64000 [Calculated window size: 64000] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.920504000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 386] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 388 5.944287 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 388: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.691106000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.691106000 seconds [Time delta from previous captured frame: 0.023783000 seconds] [Time delta from previous displayed frame: 0.023783000 seconds] [Time since reference or first frame: 5.944287000 seconds] Frame Number: 388 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e2e (7726) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7992 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2291, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 2291 (relative sequence number) Sequence Number (raw): 3951499853 [Next Sequence Number: 2348 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xdda8 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.944287000 seconds] [Time since previous frame in this TCP stream: 0.023783000 seconds] [SEQ/ACK analysis] [Bytes in flight: 57] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 00000000000021891d6607c706df00a2db78703b030fb2138b20bbf90a5b2ba0db71f415… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 389 5.952202 134.188.170.103 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1 Frame 389: 216 bytes on wire (1728 bits), 216 bytes captured (1728 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.699021000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.699021000 seconds [Time delta from previous captured frame: 0.007915000 seconds] [Time delta from previous displayed frame: 0.007915000 seconds] [Time since reference or first frame: 5.952202000 seconds] Frame Number: 389 Frame Length: 216 bytes (1728 bits) Capture Length: 216 bytes (1728 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 202 Identification: 0x9047 (36935) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07be [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64230, Dst Port: 1900 Source Port: 64230 Destination Port: 1900 Length: 182 Checksum: 0xd654 [unverified] [Checksum Status: Unverified] [Stream index: 4] [Timestamps] [Time since first frame: 3.037420000 seconds] [Time since previous frame: 1.010171000 seconds] UDP payload (174 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Google Chrome/108.0.5359.99 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 4/4] [Prev request in frame: 334] No. Time Source Destination Protocol Length Info 390 5.952472 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 390: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.699291000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.699291000 seconds [Time delta from previous captured frame: 0.000270000 seconds] [Time delta from previous displayed frame: 0.000270000 seconds] [Time since reference or first frame: 5.952472000 seconds] Frame Number: 390 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e2f (7727) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x799f [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2348, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 2348 (relative sequence number) Sequence Number (raw): 3951499910 [Next Sequence Number: 2391 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x9fbe [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.952472000 seconds] [Time since previous frame in this TCP stream: 0.008185000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000218a351d7ba3d7e05f8f2338f14feb6e365d35e1cf7429d96cade0f53ea2… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 391 5.952496 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2391 Win=63900 Len=0 Frame 391: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.699315000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.699315000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.952496000 seconds] Frame Number: 391 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb4c (56140) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2391, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2391 (relative ack number) Acknowledgment number (raw): 3951499953 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63900 [Calculated window size: 63900] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.952496000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 390] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 392 5.969756 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 392: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.716575000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.716575000 seconds [Time delta from previous captured frame: 0.017260000 seconds] [Time delta from previous displayed frame: 0.017260000 seconds] [Time since reference or first frame: 5.969756000 seconds] Frame Number: 392 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e30 (7728) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7997 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2391, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2391 (relative sequence number) Sequence Number (raw): 3951499953 [Next Sequence Number: 2441 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x7a40 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.969756000 seconds] [Time since previous frame in this TCP stream: 0.017260000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000218bfb720a95130263b1817dd76c1856553df9a9c0f3fbef29fdcee48676… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 393 5.984419 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 393: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.731238000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.731238000 seconds [Time delta from previous captured frame: 0.014663000 seconds] [Time delta from previous displayed frame: 0.014663000 seconds] [Time since reference or first frame: 5.984419000 seconds] Frame Number: 393 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e31 (7729) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7996 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2441, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2441 (relative sequence number) Sequence Number (raw): 3951500003 [Next Sequence Number: 2491 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x8c4b [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.984419000 seconds] [Time since previous frame in this TCP stream: 0.014663000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000218cb9b9c1ff0019518580c9f7373f5304d8c20efaa5d1b4203db21cebca… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 394 5.984443 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2491 Win=63800 Len=0 Frame 394: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.731262000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.731262000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 5.984443000 seconds] Frame Number: 394 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb4d (56141) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2491, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2491 (relative ack number) Acknowledgment number (raw): 3951500053 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63800 [Calculated window size: 63800] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 5.984443000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 393] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 395 5.997427 134.188.170.103 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1 Frame 395: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.744246000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.744246000 seconds [Time delta from previous captured frame: 0.012984000 seconds] [Time delta from previous displayed frame: 0.012984000 seconds] [Time since reference or first frame: 5.997427000 seconds] Frame Number: 395 Frame Length: 217 bytes (1736 bits) Capture Length: 217 bytes (1736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:ssdp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: LCFCHefe_42:03:77 (6c:24:08:42:03:77), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: LCFCHefe_42:03:77 (6c:24:08:42:03:77) Address: LCFCHefe_42:03:77 (6c:24:08:42:03:77) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.103, Dst: 239.255.255.250 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 203 Identification: 0x9048 (36936) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: UDP (17) Header Checksum: 0x07bc [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.103 Destination Address: 239.255.255.250 User Datagram Protocol, Src Port: 64233, Dst Port: 1900 Source Port: 64233 Destination Port: 1900 Length: 183 Checksum: 0x5571 [unverified] [Checksum Status: Unverified] [Stream index: 5] [Timestamps] [Time since first frame: 3.037890000 seconds] [Time since previous frame: 1.010125000 seconds] UDP payload (175 bytes) Simple Service Discovery Protocol M-SEARCH * HTTP/1.1\r\n [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n] [M-SEARCH * HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 HOST: 239.255.255.250:1900\r\n MAN: "ssdp:discover"\r\n MX: 1\r\n ST: urn:dial-multiscreen-org:service:dial:1\r\n USER-AGENT: Microsoft Edge/108.0.1462.46 Windows\r\n \r\n [Full request URI: http://239.255.255.250:1900*] [HTTP request 4/4] [Prev request in frame: 335] No. Time Source Destination Protocol Length Info 396 6.000095 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 396: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.746914000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.746914000 seconds [Time delta from previous captured frame: 0.002668000 seconds] [Time delta from previous displayed frame: 0.002668000 seconds] [Time since reference or first frame: 6.000095000 seconds] Frame Number: 396 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e32 (7730) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7995 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2491, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2491 (relative sequence number) Sequence Number (raw): 3951500053 [Next Sequence Number: 2541 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x3174 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.000095000 seconds] [Time since previous frame in this TCP stream: 0.015652000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000218d1101305c9a5ddf584b400201173c86629b30d6940291290df6f4a53d… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 397 6.024320 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 397: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.771139000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.771139000 seconds [Time delta from previous captured frame: 0.024225000 seconds] [Time delta from previous displayed frame: 0.024225000 seconds] [Time since reference or first frame: 6.024320000 seconds] Frame Number: 397 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e33 (7731) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798d [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2541, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 2541 (relative sequence number) Sequence Number (raw): 3951500103 [Next Sequence Number: 2598 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x988c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.024320000 seconds] [Time since previous frame in this TCP stream: 0.024225000 seconds] [SEQ/ACK analysis] [Bytes in flight: 107] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 000000000000218e2e75469c81a2717cda8f71a0cfe1ec3df43f21883f5f1723e395e9b2… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 398 6.024350 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2598 Win=63693 Len=0 Frame 398: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.771169000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.771169000 seconds [Time delta from previous captured frame: 0.000030000 seconds] [Time delta from previous displayed frame: 0.000030000 seconds] [Time since reference or first frame: 6.024350000 seconds] Frame Number: 398 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb4e (56142) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2598, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2598 (relative ack number) Acknowledgment number (raw): 3951500160 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63693 [Calculated window size: 63693] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.024350000 seconds] [Time since previous frame in this TCP stream: 0.000030000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 397] [The RTT to ACK the segment was: 0.000030000 seconds] No. Time Source Destination Protocol Length Info 399 6.032333 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 399: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.779152000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.779152000 seconds [Time delta from previous captured frame: 0.007983000 seconds] [Time delta from previous displayed frame: 0.007983000 seconds] [Time since reference or first frame: 6.032333000 seconds] Frame Number: 399 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e34 (7732) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x799a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2598, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 2598 (relative sequence number) Sequence Number (raw): 3951500160 [Next Sequence Number: 2641 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xbd11 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.032333000 seconds] [Time since previous frame in this TCP stream: 0.007983000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000218f0453e2a9d207b3861652f47a6ba19dcadf984f5a59e214463e72c398… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 400 6.034249 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 400: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.781068000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.781068000 seconds [Time delta from previous captured frame: 0.001916000 seconds] [Time delta from previous displayed frame: 0.001916000 seconds] [Time since reference or first frame: 6.034249000 seconds] Frame Number: 400 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb4f (56143) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.026825000 seconds] [Time since previous frame: 0.445468000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0c3 ReceiveWindowSize: 12003 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 030304eb0000000000002929cf01a5fe snResetSeqNum: 0x0320c23f No. Time Source Destination Protocol Length Info 401 6.034287 134.188.170.175 134.188.170.174 RDPUDP 83 CORRELATIONID[Malformed Packet] Frame 401: 83 bytes on wire (664 bits), 83 bytes captured (664 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.781106000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.781106000 seconds [Time delta from previous captured frame: 0.000038000 seconds] [Time delta from previous displayed frame: 0.000038000 seconds] [Time since reference or first frame: 6.034287000 seconds] Frame Number: 401 Frame Length: 83 bytes (664 bits) Capture Length: 83 bytes (664 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 69 Identification: 0xdb50 (56144) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 49 Checksum: 0x6319 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.026863000 seconds] [Time since previous frame: 0.000038000 seconds] UDP payload (41 bytes) UDP Remote Desktop Protocol snSourceAck: 0xe204c0c4 ReceiveWindowSize: 12004 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: be1f63880c056dd80da1343e608a555b [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 402 6.048616 134.188.170.174 134.188.170.175 RDPUDP 60 Frame 402: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.795435000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.795435000 seconds [Time delta from previous captured frame: 0.014329000 seconds] [Time delta from previous displayed frame: 0.014329000 seconds] [Time since reference or first frame: 6.048616000 seconds] Frame Number: 402 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1e35 (7733) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9ba [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0x054a [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.041192000 seconds] [Time since previous frame: 0.014329000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc801c0c4 ReceiveWindowSize: 11996 Flags: 0x80e0, CN, CWR .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 403 6.048747 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 403: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.795566000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.795566000 seconds [Time delta from previous captured frame: 0.000131000 seconds] [Time delta from previous displayed frame: 0.000131000 seconds] [Time since reference or first frame: 6.048747000 seconds] Frame Number: 403 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e36 (7734) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7991 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2641, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2641 (relative sequence number) Sequence Number (raw): 3951500203 [Next Sequence Number: 2691 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x9640 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.048747000 seconds] [Time since previous frame in this TCP stream: 0.016414000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 000000000000219012f77bb58bf320c748bd7271f28e1692792780fa1e11a059738b0708… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 404 6.048786 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2691 Win=63600 Len=0 Frame 404: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.795605000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.795605000 seconds [Time delta from previous captured frame: 0.000039000 seconds] [Time delta from previous displayed frame: 0.000039000 seconds] [Time since reference or first frame: 6.048786000 seconds] Frame Number: 404 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb51 (56145) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2691, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2691 (relative ack number) Acknowledgment number (raw): 3951500253 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63600 [Calculated window size: 63600] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.048786000 seconds] [Time since previous frame in this TCP stream: 0.000039000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 403] [The RTT to ACK the segment was: 0.000039000 seconds] No. Time Source Destination Protocol Length Info 405 6.064254 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 405: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.811073000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.811073000 seconds [Time delta from previous captured frame: 0.015468000 seconds] [Time delta from previous displayed frame: 0.015468000 seconds] [Time since reference or first frame: 6.064254000 seconds] Frame Number: 405 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e37 (7735) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7990 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2691, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2691 (relative sequence number) Sequence Number (raw): 3951500253 [Next Sequence Number: 2741 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x0801 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.064254000 seconds] [Time since previous frame in this TCP stream: 0.015468000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002191950a96cd837ff73066d3b9fd4070058e39547b4caf2aecbb0a12a0a3… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 406 6.064703 134.188.170.175 134.188.170.174 RDPUDP 162 CORRELATIONID,AOA Frame 406: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.811522000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.811522000 seconds [Time delta from previous captured frame: 0.000449000 seconds] [Time delta from previous displayed frame: 0.000449000 seconds] [Time since reference or first frame: 6.064703000 seconds] Frame Number: 406 Frame Length: 162 bytes (1296 bits) Capture Length: 162 bytes (1296 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 148 Identification: 0xdb52 (56146) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 128 Checksum: 0x6368 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.057279000 seconds] [Time since previous frame: 0.016087000 seconds] UDP payload (120 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0c5 ReceiveWindowSize: 12005 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303006c000000000000292a73361672 snResetSeqNum: 0x9ea70049 No. Time Source Destination Protocol Length Info 407 6.078942 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 407: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.825761000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.825761000 seconds [Time delta from previous captured frame: 0.014239000 seconds] [Time delta from previous displayed frame: 0.014239000 seconds] [Time since reference or first frame: 6.078942000 seconds] Frame Number: 407 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1e38 (7736) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9b8 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0x32d9 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.071518000 seconds] [Time since previous frame: 0.014239000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc801c0c5 ReceiveWindowSize: 11855 Flags: 0x9ee0, CN, CWR, Syn lossy, Ack delayed, Correlation id, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...1 .... .... .... = SynEx: True [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 408 6.079760 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 408: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.826579000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.826579000 seconds [Time delta from previous captured frame: 0.000818000 seconds] [Time delta from previous displayed frame: 0.000818000 seconds] [Time since reference or first frame: 6.079760000 seconds] Frame Number: 408 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e39 (7737) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798e [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2741, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2741 (relative sequence number) Sequence Number (raw): 3951500303 [Next Sequence Number: 2791 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xe98a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.079760000 seconds] [Time since previous frame in this TCP stream: 0.015506000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002192849865258b4062e0f3b2fa3bbb79706bdd58a415a318f2feba18b3a3… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 409 6.079799 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2791 Win=63500 Len=0 Frame 409: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.826618000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.826618000 seconds [Time delta from previous captured frame: 0.000039000 seconds] [Time delta from previous displayed frame: 0.000039000 seconds] [Time since reference or first frame: 6.079799000 seconds] Frame Number: 409 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb53 (56147) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2791, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2791 (relative ack number) Acknowledgment number (raw): 3951500353 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63500 [Calculated window size: 63500] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.079799000 seconds] [Time since previous frame in this TCP stream: 0.000039000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 408] [The RTT to ACK the segment was: 0.000039000 seconds] No. Time Source Destination Protocol Length Info 410 6.096263 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 410: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.843082000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.843082000 seconds [Time delta from previous captured frame: 0.016464000 seconds] [Time delta from previous displayed frame: 0.016464000 seconds] [Time since reference or first frame: 6.096263000 seconds] Frame Number: 410 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e3a (7738) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798d [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2791, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2791 (relative sequence number) Sequence Number (raw): 3951500353 [Next Sequence Number: 2841 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xd647 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.096263000 seconds] [Time since previous frame in this TCP stream: 0.016464000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 00000000000021934ab9b37740ef2f526835db3c3ab93b4a23c459c9f9b29599927324e6… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 411 6.100273 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 411: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.847092000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.847092000 seconds [Time delta from previous captured frame: 0.004010000 seconds] [Time delta from previous displayed frame: 0.004010000 seconds] [Time since reference or first frame: 6.100273000 seconds] Frame Number: 411 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb54 (56148) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.092849000 seconds] [Time since previous frame: 0.021331000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0c6 ReceiveWindowSize: 12006 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c000000000000292b49f814c8 snResetSeqNum: 0x0560dc2e No. Time Source Destination Protocol Length Info 412 6.100306 134.188.170.175 134.188.170.174 RDPUDP 1052 CORRELATIONID,AOA Frame 412: 1052 bytes on wire (8416 bits), 1052 bytes captured (8416 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.847125000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.847125000 seconds [Time delta from previous captured frame: 0.000033000 seconds] [Time delta from previous displayed frame: 0.000033000 seconds] [Time since reference or first frame: 6.100306000 seconds] Frame Number: 412 Frame Length: 1052 bytes (8416 bits) Capture Length: 1052 bytes (8416 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1038 Identification: 0xdb55 (56149) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1018 Checksum: 0x66e2 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.092882000 seconds] [Time since previous frame: 0.000033000 seconds] UDP payload (1010 bytes) UDP Remote Desktop Protocol snSourceAck: 0xdf04c0c7 ReceiveWindowSize: 12007 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: ce943d8bd0aa9044529ac79fe1d224ce snResetSeqNum: 0xa14e99ba No. Time Source Destination Protocol Length Info 413 6.101298 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 413: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.848117000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.848117000 seconds [Time delta from previous captured frame: 0.000992000 seconds] [Time delta from previous displayed frame: 0.000992000 seconds] [Time since reference or first frame: 6.101298000 seconds] Frame Number: 413 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb56 (56150) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.093874000 seconds] [Time since previous frame: 0.000992000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0c8 ReceiveWindowSize: 12008 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c000000000000292d1eefc3f6 snResetSeqNum: 0xb04b8e4a No. Time Source Destination Protocol Length Info 414 6.101326 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 414: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.848145000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.848145000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 6.101326000 seconds] Frame Number: 414 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb57 (56151) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.093902000 seconds] [Time since previous frame: 0.000028000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x6f04c0c9 ReceiveWindowSize: 12009 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 64a3b07a858fe9395bbcaaa444ea45ad snResetSeqNum: 0x75071df4 No. Time Source Destination Protocol Length Info 415 6.101346 134.188.170.175 134.188.170.174 RDPUDP 168 CORRELATIONID,AOA Frame 415: 168 bytes on wire (1344 bits), 168 bytes captured (1344 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.848165000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.848165000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 6.101346000 seconds] Frame Number: 415 Frame Length: 168 bytes (1344 bits) Capture Length: 168 bytes (1344 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 154 Identification: 0xdb58 (56152) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 134 Checksum: 0x636e [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.093922000 seconds] [Time since previous frame: 0.000020000 seconds] UDP payload (126 bytes) UDP Remote Desktop Protocol snSourceAck: 0x4f04c0ca ReceiveWindowSize: 12010 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 6a89d383ff0eb297961320cf282cdfc6 snResetSeqNum: 0xc6d884c4 No. Time Source Destination Protocol Length Info 416 6.111929 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 416: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.858748000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.858748000 seconds [Time delta from previous captured frame: 0.010583000 seconds] [Time delta from previous displayed frame: 0.010583000 seconds] [Time since reference or first frame: 6.111929000 seconds] Frame Number: 416 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e3b (7739) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2841, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2841 (relative sequence number) Sequence Number (raw): 3951500403 [Next Sequence Number: 2891 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xbc4e [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.111929000 seconds] [Time since previous frame in this TCP stream: 0.015666000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 00000000000021949473b9a5059c944cb3ca14f520255b207c25d4f1145dea3354f98ba1… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 417 6.111967 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2891 Win=63400 Len=0 Frame 417: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.858786000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.858786000 seconds [Time delta from previous captured frame: 0.000038000 seconds] [Time delta from previous displayed frame: 0.000038000 seconds] [Time since reference or first frame: 6.111967000 seconds] Frame Number: 417 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb59 (56153) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2891, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2891 (relative ack number) Acknowledgment number (raw): 3951500453 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63400 [Calculated window size: 63400] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.111967000 seconds] [Time since previous frame in this TCP stream: 0.000038000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 416] [The RTT to ACK the segment was: 0.000038000 seconds] No. Time Source Destination Protocol Length Info 418 6.118681 134.188.170.174 134.188.170.175 RDPUDP 60 Frame 418: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.865500000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.865500000 seconds [Time delta from previous captured frame: 0.006714000 seconds] [Time delta from previous displayed frame: 0.006714000 seconds] [Time since reference or first frame: 6.118681000 seconds] Frame Number: 418 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 42 Identification: 0x1e3c (7740) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9b0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 22 Checksum: 0x4fae [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.111257000 seconds] [Time since previous frame: 0.017335000 seconds] UDP payload (14 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc801c0ca ReceiveWindowSize: 11800 Flags: 0xc2e0, CN, CWR, Syn lossy .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 0... .... .... = Correlation id: False ...0 .... .... .... = SynEx: False No. Time Source Destination Protocol Length Info 419 6.135962 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 419: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.882781000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.882781000 seconds [Time delta from previous captured frame: 0.017281000 seconds] [Time delta from previous displayed frame: 0.017281000 seconds] [Time since reference or first frame: 6.135962000 seconds] Frame Number: 419 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e3d (7741) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2891, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2891 (relative sequence number) Sequence Number (raw): 3951500453 [Next Sequence Number: 2941 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x1a98 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.135962000 seconds] [Time since previous frame in this TCP stream: 0.023995000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002195ca58970ef98dd67d618fc100e049925b408770864e32ff981c6a175d… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 420 6.143997 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 420: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.890816000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.890816000 seconds [Time delta from previous captured frame: 0.008035000 seconds] [Time delta from previous displayed frame: 0.008035000 seconds] [Time since reference or first frame: 6.143997000 seconds] Frame Number: 420 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e3e (7742) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7990 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2941, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 2941 (relative sequence number) Sequence Number (raw): 3951500503 [Next Sequence Number: 2984 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x647c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.143997000 seconds] [Time since previous frame in this TCP stream: 0.008035000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000219656fd6adf791b468b9617eee6dc531dcce643448bfa9c6a3c34451778… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 421 6.144026 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=2984 Win=63307 Len=0 Frame 421: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.890845000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.890845000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 6.144026000 seconds] Frame Number: 421 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb5a (56154) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 2984, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 2984 (relative ack number) Acknowledgment number (raw): 3951500546 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63307 [Calculated window size: 63307] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.144026000 seconds] [Time since previous frame in this TCP stream: 0.000029000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 420] [The RTT to ACK the segment was: 0.000029000 seconds] No. Time Source Destination Protocol Length Info 422 6.157566 134.188.170.175 134.188.170.174 RDPUDP 339 CORRELATIONID,AOA Frame 422: 339 bytes on wire (2712 bits), 339 bytes captured (2712 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.904385000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.904385000 seconds [Time delta from previous captured frame: 0.013540000 seconds] [Time delta from previous displayed frame: 0.013540000 seconds] [Time since reference or first frame: 6.157566000 seconds] Frame Number: 422 Frame Length: 339 bytes (2712 bits) Capture Length: 339 bytes (2712 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 325 Identification: 0xdb5b (56155) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 305 Checksum: 0x6419 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.150142000 seconds] [Time since previous frame: 0.038885000 seconds] UDP payload (297 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0cb ReceiveWindowSize: 12011 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303011d000000000000292fb9044dad snResetSeqNum: 0xe95f525d No. Time Source Destination Protocol Length Info 423 6.161915 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 423: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.908734000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.908734000 seconds [Time delta from previous captured frame: 0.004349000 seconds] [Time delta from previous displayed frame: 0.004349000 seconds] [Time since reference or first frame: 6.161915000 seconds] Frame Number: 423 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e3f (7743) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7988 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 2984, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 2984 (relative sequence number) Sequence Number (raw): 3951500546 [Next Sequence Number: 3034 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xf34f [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.161915000 seconds] [Time since previous frame in this TCP stream: 0.017889000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 0000000000002197f34f8364e234f0fd5e1640f6aa685eab90256451155f06a448856180… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 424 6.168734 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 424: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.915553000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.915553000 seconds [Time delta from previous captured frame: 0.006819000 seconds] [Time delta from previous displayed frame: 0.006819000 seconds] [Time since reference or first frame: 6.168734000 seconds] Frame Number: 424 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1e40 (7744) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9b0 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0xdb69 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.161310000 seconds] [Time since previous frame: 0.011168000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc801c0cb ReceiveWindowSize: 11960 Flags: 0xf8e0, CN, CWR, Correlation id, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...1 .... .... .... = SynEx: True [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 425 6.175820 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 425: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.922639000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.922639000 seconds [Time delta from previous captured frame: 0.007086000 seconds] [Time delta from previous displayed frame: 0.007086000 seconds] [Time since reference or first frame: 6.175820000 seconds] Frame Number: 425 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e41 (7745) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798d [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3034, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3034 (relative sequence number) Sequence Number (raw): 3951500596 [Next Sequence Number: 3077 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x2e95 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.175820000 seconds] [Time since previous frame in this TCP stream: 0.013905000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021986d65f16a316f220473c39df817481e0635ea31aa9554656ab6696249… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 426 6.175845 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3077 Win=63214 Len=0 Frame 426: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.922664000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.922664000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.000025000 seconds] [Time since reference or first frame: 6.175845000 seconds] Frame Number: 426 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb5c (56156) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3077, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3077 (relative ack number) Acknowledgment number (raw): 3951500639 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63214 [Calculated window size: 63214] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.175845000 seconds] [Time since previous frame in this TCP stream: 0.000025000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 425] [The RTT to ACK the segment was: 0.000025000 seconds] No. Time Source Destination Protocol Length Info 427 6.192013 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 427: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.938832000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.938832000 seconds [Time delta from previous captured frame: 0.016168000 seconds] [Time delta from previous displayed frame: 0.016168000 seconds] [Time since reference or first frame: 6.192013000 seconds] Frame Number: 427 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e42 (7746) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3077, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3077 (relative sequence number) Sequence Number (raw): 3951500639 [Next Sequence Number: 3120 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x6818 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.192013000 seconds] [Time since previous frame in this TCP stream: 0.016168000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000219960315ac7d0db1738705739fcaaebb5e33fa6d6dfefaa38b5ad755c9d… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 428 6.233197 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3120 Win=63171 Len=0 Frame 428: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.980016000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.980016000 seconds [Time delta from previous captured frame: 0.041184000 seconds] [Time delta from previous displayed frame: 0.041184000 seconds] [Time since reference or first frame: 6.233197000 seconds] Frame Number: 428 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb5d (56157) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3120, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3120 (relative ack number) Acknowledgment number (raw): 3951500682 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63171 [Calculated window size: 63171] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.233197000 seconds] [Time since previous frame in this TCP stream: 0.041184000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 427] [The RTT to ACK the segment was: 0.041184000 seconds] No. Time Source Destination Protocol Length Info 429 6.249156 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 429: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:42.995975000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010662.995975000 seconds [Time delta from previous captured frame: 0.015959000 seconds] [Time delta from previous displayed frame: 0.015959000 seconds] [Time since reference or first frame: 6.249156000 seconds] Frame Number: 429 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e43 (7747) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x798b [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3120, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3120 (relative sequence number) Sequence Number (raw): 3951500682 [Next Sequence Number: 3163 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x422f [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.249156000 seconds] [Time since previous frame in this TCP stream: 0.015959000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000219a00c9401409ad58ef097337a42a8318685071fd15b3d9bc769292094b… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 430 6.260753 134.188.170.1 224.0.0.18 VRRP 60 Announcement (v2) Frame 430: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.007572000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.007572000 seconds [Time delta from previous captured frame: 0.011597000 seconds] [Time delta from previous displayed frame: 0.011597000 seconds] [Time since reference or first frame: 6.260753000 seconds] Frame Number: 430 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:vrrp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: IPv4mcast_12 (01:00:5e:00:00:12) Destination: IPv4mcast_12 (01:00:5e:00:00:12) Address: IPv4mcast_12 (01:00:5e:00:00:12) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 134.188.170.1, Dst: 224.0.0.18 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x0000 (0) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 255 Protocol: VRRP (112) Header Checksum: 0xa9d5 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.1 Destination Address: 224.0.0.18 Virtual Router Redundancy Protocol Version 2, Packet type 1 (Advertisement) 0010 .... = VRRP protocol version: 2 .... 0001 = VRRP packet type: Advertisement (1) Virtual Rtr ID: 170 Priority: 255 (This VRRP router owns the virtual router's IP address(es)) Addr Count: 1 Auth Type: No Authentication (0) Adver Int: 1 Checksum: 0xae94 [correct] [Checksum Status: Good] IP Address: 134.188.170.1 No. Time Source Destination Protocol Length Info 431 6.270093 IETF-VRRP-VRID_aa Broadcast ARP 60 Who has 134.188.170.188? Tell 134.188.170.1 Frame 431: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.016912000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.016912000 seconds [Time delta from previous captured frame: 0.009340000 seconds] [Time delta from previous displayed frame: 0.009340000 seconds] [Time since reference or first frame: 6.270093000 seconds] Frame Number: 431 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:arp] [Coloring Rule Name: ARP] [Coloring Rule String: arp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Address: Broadcast (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: ARP (0x0806) Padding: 000000000000000000000000000000000000 Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (1) Sender MAC address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Sender IP address: 134.188.170.1 Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00) Target IP address: 134.188.170.188 No. Time Source Destination Protocol Length Info 432 6.271163 IETF-VRRP-VRID_aa Broadcast ARP 60 Who has 134.188.170.132? Tell 134.188.170.1 Frame 432: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.017982000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.017982000 seconds [Time delta from previous captured frame: 0.001070000 seconds] [Time delta from previous displayed frame: 0.001070000 seconds] [Time since reference or first frame: 6.271163000 seconds] Frame Number: 432 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:arp] [Coloring Rule Name: ARP] [Coloring Rule String: arp] Ethernet II, Src: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Address: Broadcast (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: ARP (0x0806) Padding: 000000000000000000000000000000000000 Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (1) Sender MAC address: IETF-VRRP-VRID_aa (00:00:5e:00:01:aa) Sender IP address: 134.188.170.1 Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00) Target IP address: 134.188.170.132 No. Time Source Destination Protocol Length Info 433 6.271895 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 433: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.018714000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.018714000 seconds [Time delta from previous captured frame: 0.000732000 seconds] [Time delta from previous displayed frame: 0.000732000 seconds] [Time since reference or first frame: 6.271895000 seconds] Frame Number: 433 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e44 (7748) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x797c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3163, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 3163 (relative sequence number) Sequence Number (raw): 3951500725 [Next Sequence Number: 3220 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x5861 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.271895000 seconds] [Time since previous frame in this TCP stream: 0.022739000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 000000000000219b20494713283acf504221e0e807e19616c0ce127e4ad781cd9ee6f4b8… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 434 6.271920 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3220 Win=63071 Len=0 Frame 434: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.018739000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.018739000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.000025000 seconds] [Time since reference or first frame: 6.271920000 seconds] Frame Number: 434 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb5e (56158) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3220, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3220 (relative ack number) Acknowledgment number (raw): 3951500782 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63071 [Calculated window size: 63071] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.271920000 seconds] [Time since previous frame in this TCP stream: 0.000025000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 433] [The RTT to ACK the segment was: 0.000025000 seconds] No. Time Source Destination Protocol Length Info 435 6.278213 134.188.170.2 224.0.0.5 OSPF 82 Hello Packet Frame 435: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.025032000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.025032000 seconds [Time delta from previous captured frame: 0.006293000 seconds] [Time delta from previous displayed frame: 0.006293000 seconds] [Time since reference or first frame: 6.278213000 seconds] Frame Number: 435 Frame Length: 82 bytes (656 bits) Capture Length: 82 bytes (656 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:ospf] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] Ethernet II, Src: ProCurve_cd:c5:00 (00:1b:3f:cd:c5:00), Dst: IPv4mcast_05 (01:00:5e:00:00:05) Destination: IPv4mcast_05 (01:00:5e:00:00:05) Address: IPv4mcast_05 (01:00:5e:00:00:05) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: ProCurve_cd:c5:00 (00:1b:3f:cd:c5:00) Address: ProCurve_cd:c5:00 (00:1b:3f:cd:c5:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.2, Dst: 224.0.0.5 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 68 Identification: 0xbeed (48877) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 1 Protocol: OSPF IGP (89) Header Checksum: 0xe8ef [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.2 Destination Address: 224.0.0.5 Open Shortest Path First OSPF Header Version: 2 Message Type: Hello Packet (1) Packet Length: 48 Source OSPF Router: 134.188.235.212 Area ID: 0.0.3.4 Checksum: 0xb4f7 [correct] Auth Type: Null (0) Auth Data (none): 0000000000000000 OSPF Hello Packet Network Mask: 255.255.255.0 Hello Interval [sec]: 10 Options: 0x00 0... .... = DN: Not set .0.. .... = O: Not set ..0. .... = (DC) Demand Circuits: Not supported ...0 .... = (L) LLS Data block: Not Present .... 0... = (N) NSSA: Not supported .... .0.. = (MC) Multicast: Not capable .... ..0. = (E) External Routing: Not capable .... ...0 = (MT) Multi-Topology Routing: No Router Priority: 1 Router Dead Interval [sec]: 40 Designated Router: 134.188.170.2 Backup Designated Router: 134.188.170.1 Active Neighbor: 134.188.235.211 No. Time Source Destination Protocol Length Info 436 6.279963 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 436: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.026782000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.026782000 seconds [Time delta from previous captured frame: 0.001750000 seconds] [Time delta from previous displayed frame: 0.001750000 seconds] [Time since reference or first frame: 6.279963000 seconds] Frame Number: 436 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e45 (7749) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7989 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3220, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3220 (relative sequence number) Sequence Number (raw): 3951500782 [Next Sequence Number: 3263 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x13ba [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.279963000 seconds] [Time since previous frame in this TCP stream: 0.008043000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000219cd28fd1cb47a54a008bbcb9e5baeba7db4d00b8ef17f572b84542234d… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 437 6.304358 134.188.170.174 134.188.170.175 TLSv1.2 111 Application Data Frame 437: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.051177000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.051177000 seconds [Time delta from previous captured frame: 0.024395000 seconds] [Time delta from previous displayed frame: 0.024395000 seconds] [Time since reference or first frame: 6.304358000 seconds] Frame Number: 437 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 97 Identification: 0x1e46 (7750) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x797a [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3263, Ack: 256, Len: 57 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 57] Sequence Number: 3263 (relative sequence number) Sequence Number (raw): 3951500825 [Next Sequence Number: 3320 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xa498 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.304358000 seconds] [Time since previous frame in this TCP stream: 0.024395000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 57] TCP payload (57 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 52 Encrypted Application Data: 000000000000219daff180118c0fac7f481d163483c3c559f7131c28eb77a14d62b713fc… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 438 6.304382 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3320 Win=62971 Len=0 Frame 438: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.051201000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.051201000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 6.304382000 seconds] Frame Number: 438 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb5f (56159) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3320, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3320 (relative ack number) Acknowledgment number (raw): 3951500882 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62971 [Calculated window size: 62971] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.304382000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 437] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 439 6.312230 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 439: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.059049000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.059049000 seconds [Time delta from previous captured frame: 0.007848000 seconds] [Time delta from previous displayed frame: 0.007848000 seconds] [Time since reference or first frame: 6.312230000 seconds] Frame Number: 439 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e47 (7751) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7987 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3320, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3320 (relative sequence number) Sequence Number (raw): 3951500882 [Next Sequence Number: 3363 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xcc8c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.312230000 seconds] [Time since previous frame in this TCP stream: 0.007848000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000219e728dcb78d82417832623e41682e010a2d72c2d49d55b624c8184dd3d… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 440 6.344220 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 440: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.091039000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.091039000 seconds [Time delta from previous captured frame: 0.031990000 seconds] [Time delta from previous displayed frame: 0.031990000 seconds] [Time since reference or first frame: 6.344220000 seconds] Frame Number: 440 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e48 (7752) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7986 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3363, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3363 (relative sequence number) Sequence Number (raw): 3951500925 [Next Sequence Number: 3406 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xf7d2 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.344220000 seconds] [Time since previous frame in this TCP stream: 0.031990000 seconds] [SEQ/ACK analysis] [Bytes in flight: 86] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 000000000000219f68f35e2a39fb4eda041ee66391697aa35106f033c8f498e9d04d9b9c… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 441 6.344253 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3406 Win=62885 Len=0 Frame 441: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.091072000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.091072000 seconds [Time delta from previous captured frame: 0.000033000 seconds] [Time delta from previous displayed frame: 0.000033000 seconds] [Time since reference or first frame: 6.344253000 seconds] Frame Number: 441 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb60 (56160) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3406, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3406 (relative ack number) Acknowledgment number (raw): 3951500968 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62885 [Calculated window size: 62885] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.344253000 seconds] [Time since previous frame in this TCP stream: 0.000033000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 440] [The RTT to ACK the segment was: 0.000033000 seconds] No. Time Source Destination Protocol Length Info 442 6.344892 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 442: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.091711000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.091711000 seconds [Time delta from previous captured frame: 0.000639000 seconds] [Time delta from previous displayed frame: 0.000639000 seconds] [Time since reference or first frame: 6.344892000 seconds] Frame Number: 442 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb61 (56161) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.337468000 seconds] [Time since previous frame: 0.176158000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0cc ReceiveWindowSize: 12012 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 030305cd00000000000029308eb4acf5 snResetSeqNum: 0xdb7b75f2 No. Time Source Destination Protocol Length Info 443 6.344921 134.188.170.175 134.188.170.174 RDPUDP 309 CORRELATIONID,AOA Frame 443: 309 bytes on wire (2472 bits), 309 bytes captured (2472 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.091740000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.091740000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 6.344921000 seconds] Frame Number: 443 Frame Length: 309 bytes (2472 bits) Capture Length: 309 bytes (2472 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 295 Identification: 0xdb62 (56162) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 275 Checksum: 0x63fb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.337497000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (267 bytes) UDP Remote Desktop Protocol snSourceAck: 0x0304c0cd ReceiveWindowSize: 12013 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 40ecdc8d14fe6e8017a1e763e43deedd snResetSeqNum: 0xe92eb764 No. Time Source Destination Protocol Length Info 444 6.358955 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 444: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.105774000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.105774000 seconds [Time delta from previous captured frame: 0.014034000 seconds] [Time delta from previous displayed frame: 0.014034000 seconds] [Time since reference or first frame: 6.358955000 seconds] Frame Number: 444 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1e49 (7753) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9a6 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0xea3a [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.351531000 seconds] [Time since previous frame: 0.014034000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc901c0cd ReceiveWindowSize: 12002 Flags: 0xafe0, CN, CWR, Ack of Acks, Syn lossy, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 445 6.359944 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 445: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.106763000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.106763000 seconds [Time delta from previous captured frame: 0.000989000 seconds] [Time delta from previous displayed frame: 0.000989000 seconds] [Time since reference or first frame: 6.359944000 seconds] Frame Number: 445 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e4a (7754) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7984 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3406, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3406 (relative sequence number) Sequence Number (raw): 3951500968 [Next Sequence Number: 3449 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xb920 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.359944000 seconds] [Time since previous frame in this TCP stream: 0.015691000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021a062d65f8925bbd5d59517ad4f397207b8eb89dab17aa04dbd12ac2e86… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 446 6.375832 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 446: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.122651000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.122651000 seconds [Time delta from previous captured frame: 0.015888000 seconds] [Time delta from previous displayed frame: 0.015888000 seconds] [Time since reference or first frame: 6.375832000 seconds] Frame Number: 446 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e4b (7755) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7983 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3449, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3449 (relative sequence number) Sequence Number (raw): 3951501011 [Next Sequence Number: 3492 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xdd8f [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.375832000 seconds] [Time since previous frame in this TCP stream: 0.015888000 seconds] [SEQ/ACK analysis] [Bytes in flight: 86] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021a162d73411eea70ed2e464d8625024e3d1161a9d66ed629bddd70a4028… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 447 6.375860 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3492 Win=62799 Len=0 Frame 447: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.122679000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.122679000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 6.375860000 seconds] Frame Number: 447 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb63 (56163) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3492, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3492 (relative ack number) Acknowledgment number (raw): 3951501054 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62799 [Calculated window size: 62799] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.375860000 seconds] [Time since previous frame in this TCP stream: 0.000028000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 446] [The RTT to ACK the segment was: 0.000028000 seconds] No. Time Source Destination Protocol Length Info 448 6.400232 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 448: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.147051000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.147051000 seconds [Time delta from previous captured frame: 0.024372000 seconds] [Time delta from previous displayed frame: 0.024372000 seconds] [Time since reference or first frame: 6.400232000 seconds] Frame Number: 448 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e4c (7756) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7982 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3492, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3492 (relative sequence number) Sequence Number (raw): 3951501054 [Next Sequence Number: 3535 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xefeb [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.400232000 seconds] [Time since previous frame in this TCP stream: 0.024372000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021a292334ec382c1d9a525737e482f122bbab99ce9cfbb47bce7ea9bbe46… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 449 6.407070 134.188.170.175 134.188.170.174 RDPUDP 116 CORRELATIONID,AOA Frame 449: 116 bytes on wire (928 bits), 116 bytes captured (928 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.153889000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.153889000 seconds [Time delta from previous captured frame: 0.006838000 seconds] [Time delta from previous displayed frame: 0.006838000 seconds] [Time since reference or first frame: 6.407070000 seconds] Frame Number: 449 Frame Length: 116 bytes (928 bits) Capture Length: 116 bytes (928 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 102 Identification: 0xdb64 (56164) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 82 Checksum: 0x633a [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.399646000 seconds] [Time since previous frame: 0.048115000 seconds] UDP payload (74 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0ce ReceiveWindowSize: 12014 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303003e000000000000293114e2ef00 snResetSeqNum: 0x7ba24121 No. Time Source Destination Protocol Length Info 450 6.413197 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 450: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.160016000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.160016000 seconds [Time delta from previous captured frame: 0.006127000 seconds] [Time delta from previous displayed frame: 0.006127000 seconds] [Time since reference or first frame: 6.413197000 seconds] Frame Number: 450 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e4d (7757) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7981 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3535, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3535 (relative sequence number) Sequence Number (raw): 3951501097 [Next Sequence Number: 3578 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x2519 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.413197000 seconds] [Time since previous frame in this TCP stream: 0.012965000 seconds] [SEQ/ACK analysis] [Bytes in flight: 86] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021a3fec5d837686cb24e0069978277b68c69c214b3df077b2f2c73281f07… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 451 6.413223 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3578 Win=62713 Len=0 Frame 451: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.160042000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.160042000 seconds [Time delta from previous captured frame: 0.000026000 seconds] [Time delta from previous displayed frame: 0.000026000 seconds] [Time since reference or first frame: 6.413223000 seconds] Frame Number: 451 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb65 (56165) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3578, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3578 (relative ack number) Acknowledgment number (raw): 3951501140 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62713 [Calculated window size: 62713] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.413223000 seconds] [Time since previous frame in this TCP stream: 0.000026000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 450] [The RTT to ACK the segment was: 0.000026000 seconds] No. Time Source Destination Protocol Length Info 452 6.418935 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 452: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.165754000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.165754000 seconds [Time delta from previous captured frame: 0.005712000 seconds] [Time delta from previous displayed frame: 0.005712000 seconds] [Time since reference or first frame: 6.418935000 seconds] Frame Number: 452 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 38 Identification: 0x1e4e (7758) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb9a2 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 18 Checksum: 0xe64d [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.411511000 seconds] [Time since previous frame: 0.011865000 seconds] UDP payload (10 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc901c0ce ReceiveWindowSize: 11985 Flags: 0xece0, CN, CWR, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 453 6.424217 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 453: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.171036000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.171036000 seconds [Time delta from previous captured frame: 0.005282000 seconds] [Time delta from previous displayed frame: 0.005282000 seconds] [Time since reference or first frame: 6.424217000 seconds] Frame Number: 453 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e4f (7759) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7978 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3578, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 3578 (relative sequence number) Sequence Number (raw): 3951501140 [Next Sequence Number: 3628 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xe83a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.424217000 seconds] [Time since previous frame in this TCP stream: 0.010994000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 00000000000021a46bb0bdc03c48a1d428a79ec80a7519cc53ba3d7496ebb3178f3230ff… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 454 6.424891 ProCurve_ae:14:2e Spanning-tree-(for-bridges)_00 STP 119 MST. Root = 32768/0/00:1b:3f:59:00:00 Cost = 1 Port = 0x80d2 Frame 454: 119 bytes on wire (952 bits), 119 bytes captured (952 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.171710000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.171710000 seconds [Time delta from previous captured frame: 0.000674000 seconds] [Time delta from previous displayed frame: 0.000674000 seconds] [Time since reference or first frame: 6.424891000 seconds] Frame Number: 454 Frame Length: 119 bytes (952 bits) Capture Length: 119 bytes (952 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:llc:stp] [Coloring Rule Name: Broadcast] [Coloring Rule String: eth[0] & 1] IEEE 802.3 Ethernet Destination: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) Address: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) Address: ProCurve_ae:14:2e (00:1b:3f:ae:14:2e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Length: 105 Logical-Link Control DSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = IG Bit: Individual SSAP: Spanning Tree BPDU (0x42) 0100 001. = SAP: Spanning Tree BPDU .... ...0 = CR Bit: Command Control field: U, func=UI (0x03) 000. 00.. = Command: Unnumbered Information (0x00) .... ..11 = Frame type: Unnumbered frame (0x3) Spanning Tree Protocol Protocol Identifier: Spanning Tree Protocol (0x0000) Protocol Version Identifier: Multiple Spanning Tree (3) BPDU Type: Rapid/Multiple Spanning Tree (0x02) BPDU flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated 0... .... = Topology Change Acknowledgment: No .1.. .... = Agreement: Yes ..1. .... = Forwarding: Yes ...1 .... = Learning: Yes .... 11.. = Port Role: Designated (3) .... ..0. = Proposal: No .... ...0 = Topology Change: No Root Identifier: 32768 / 0 / 00:1b:3f:59:00:00 Root Bridge Priority: 32768 Root Bridge System ID Extension: 0 Root Bridge System ID: ProCurve_59:00:00 (00:1b:3f:59:00:00) Root Path Cost: 1 Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 Bridge Priority: 32768 Bridge System ID Extension: 0 Bridge System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) Port identifier: 0x80d2 Message Age: 1 Max Age: 20 Hello Time: 2 Forward Delay: 15 Version 1 Length: 0 Version 3 Length: 64 MST Extension MST Config ID format selector: 0 MST Config name: 001b3fae0400 MST Config revision: 0 MST Config digest: ac36177f50283cd4b83821d8ab26de62 CIST Internal Root Path Cost: 0 CIST Bridge Identifier: 32768 / 0 / 00:1b:3f:ae:04:00 CIST Bridge Priority: 32768 CIST Bridge Identifier System ID Extension: 0 CIST Bridge Identifier System ID: ProCurve_ae:04:00 (00:1b:3f:ae:04:00) CIST Remaining hops: 20 No. Time Source Destination Protocol Length Info 455 6.440153 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 455: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.186972000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.186972000 seconds [Time delta from previous captured frame: 0.015262000 seconds] [Time delta from previous displayed frame: 0.015262000 seconds] [Time since reference or first frame: 6.440153000 seconds] Frame Number: 455 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e50 (7760) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7977 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3628, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 3628 (relative sequence number) Sequence Number (raw): 3951501190 [Next Sequence Number: 3678 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x888c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.440153000 seconds] [Time since previous frame in this TCP stream: 0.015936000 seconds] [SEQ/ACK analysis] [Bytes in flight: 100] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 00000000000021a59a61e40fda9c846bf667b9b7a5f89837d6a016c1cd5e64ce3c0dff71… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 456 6.440187 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3678 Win=62613 Len=0 Frame 456: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.187006000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.187006000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.000034000 seconds] [Time since reference or first frame: 6.440187000 seconds] Frame Number: 456 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb66 (56166) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3678, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3678 (relative ack number) Acknowledgment number (raw): 3951501240 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 62613 [Calculated window size: 62613] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.440187000 seconds] [Time since previous frame in this TCP stream: 0.000034000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 455] [The RTT to ACK the segment was: 0.000034000 seconds] No. Time Source Destination Protocol Length Info 457 6.455823 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 457: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.202642000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.202642000 seconds [Time delta from previous captured frame: 0.015636000 seconds] [Time delta from previous displayed frame: 0.015636000 seconds] [Time since reference or first frame: 6.455823000 seconds] Frame Number: 457 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e51 (7761) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7976 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3678, Ack: 256, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 3678 (relative sequence number) Sequence Number (raw): 3951501240 [Next Sequence Number: 3728 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x1279 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.455823000 seconds] [Time since previous frame in this TCP stream: 0.015636000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 00000000000021a662998a7a63039a858401e0083977240d8d03d0ec4ccc2857c9ec3414… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 458 6.464362 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 458: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.211181000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.211181000 seconds [Time delta from previous captured frame: 0.008539000 seconds] [Time delta from previous displayed frame: 0.008539000 seconds] [Time since reference or first frame: 6.464362000 seconds] Frame Number: 458 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e52 (7762) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x797c [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3728, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3728 (relative sequence number) Sequence Number (raw): 3951501290 [Next Sequence Number: 3771 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x7dd1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.464362000 seconds] [Time since previous frame in this TCP stream: 0.008539000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021a73e58635557cb64baf473c6967750cc06ae479c41fec4009a73a9b34c… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 459 6.464387 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3771 Win=64000 Len=0 Frame 459: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.211206000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.211206000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.000025000 seconds] [Time since reference or first frame: 6.464387000 seconds] Frame Number: 459 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb67 (56167) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3771, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3771 (relative ack number) Acknowledgment number (raw): 3951501333 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 64000 [Calculated window size: 64000] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.464387000 seconds] [Time since previous frame in this TCP stream: 0.000025000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 458] [The RTT to ACK the segment was: 0.000025000 seconds] No. Time Source Destination Protocol Length Info 460 6.495902 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 460: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.242721000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.242721000 seconds [Time delta from previous captured frame: 0.031515000 seconds] [Time delta from previous displayed frame: 0.031515000 seconds] [Time since reference or first frame: 6.495902000 seconds] Frame Number: 460 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e53 (7763) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x797b [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3771, Ack: 256, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3771 (relative sequence number) Sequence Number (raw): 3951501333 [Next Sequence Number: 3814 (relative sequence number)] Acknowledgment Number: 256 (relative ack number) Acknowledgment number (raw): 1607889606 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x95cf [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.495902000 seconds] [Time since previous frame in this TCP stream: 0.031515000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021a84b078a4178b30d45d0e96808059eac0ccb98100ca235c203ee108dec… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 461 6.503576 134.188.170.175 134.188.170.174 RDPUDP 1176 CORRELATIONID,AOA Frame 461: 1176 bytes on wire (9408 bits), 1176 bytes captured (9408 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.250395000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.250395000 seconds [Time delta from previous captured frame: 0.007674000 seconds] [Time delta from previous displayed frame: 0.007674000 seconds] [Time since reference or first frame: 6.503576000 seconds] Frame Number: 461 Frame Length: 1176 bytes (9408 bits) Capture Length: 1176 bytes (9408 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1162 Identification: 0xdb68 (56168) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1142 Checksum: 0x675e [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.496152000 seconds] [Time since previous frame: 0.084641000 seconds] UDP payload (1134 bytes) UDP Remote Desktop Protocol snSourceAck: 0x2e04c1e9 ReceiveWindowSize: 2560 Flags: 0xcfe0, CN, CWR, Ack of Acks, Syn lossy, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: ef2d170303045f00000000000029322d snResetSeqNum: 0xa1061467 No. Time Source Destination Protocol Length Info 462 6.524540 134.188.170.174 134.188.170.175 RDPUDP 60 [Malformed Packet] Frame 462: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.271359000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.271359000 seconds [Time delta from previous captured frame: 0.020964000 seconds] [Time delta from previous displayed frame: 0.020964000 seconds] [Time since reference or first frame: 6.524540000 seconds] Frame Number: 462 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 00000000000000 Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0x1e54 (7764) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb99b [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 19 Checksum: 0x74f2 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.517116000 seconds] [Time since previous frame: 0.020964000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xca41c0cf ReceiveWindowSize: 12010 Flags: 0x4ae0, CN, CWR, Syn lossy, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False [Malformed Packet: RDPUDP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] No. Time Source Destination Protocol Length Info 463 6.545670 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=256 Ack=3814 Win=63957 Len=0 Frame 463: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.292489000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.292489000 seconds [Time delta from previous captured frame: 0.021130000 seconds] [Time delta from previous displayed frame: 0.021130000 seconds] [Time since reference or first frame: 6.545670000 seconds] Frame Number: 463 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb69 (56169) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3814, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 256 (relative sequence number)] Acknowledgment Number: 3814 (relative ack number) Acknowledgment number (raw): 3951501376 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63957 [Calculated window size: 63957] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.545670000 seconds] [Time since previous frame in this TCP stream: 0.049768000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 460] [The RTT to ACK the segment was: 0.049768000 seconds] No. Time Source Destination Protocol Length Info 464 6.568658 134.188.170.175 134.188.170.174 TLSv1.2 105 Application Data Frame 464: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.315477000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.315477000 seconds [Time delta from previous captured frame: 0.022988000 seconds] [Time delta from previous displayed frame: 0.022988000 seconds] [Time since reference or first frame: 6.568658000 seconds] Frame Number: 464 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0xdb6a (56170) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 256, Ack: 3814, Len: 51 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 51] Sequence Number: 256 (relative sequence number) Sequence Number (raw): 1607889606 [Next Sequence Number: 307 (relative sequence number)] Acknowledgment Number: 3814 (relative ack number) Acknowledgment number (raw): 3951501376 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 63957 [Calculated window size: 63957] [Window size scaling factor: -1 (unknown)] Checksum: 0x6324 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.568658000 seconds] [Time since previous frame in this TCP stream: 0.022988000 seconds] [SEQ/ACK analysis] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] TCP payload (51 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 46 Encrypted Application Data: 000000000000165e79ce45eb37f916fe9be6e45508bfca46e3f29499393a09da0124db51… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 465 6.568791 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 465: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.315610000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.315610000 seconds [Time delta from previous captured frame: 0.000133000 seconds] [Time delta from previous displayed frame: 0.000133000 seconds] [Time since reference or first frame: 6.568791000 seconds] Frame Number: 465 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb6b (56171) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.561367000 seconds] [Time since previous frame: 0.044251000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0d0 ReceiveWindowSize: 12016 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000029335e8875b6 snResetSeqNum: 0xa65cdf36 No. Time Source Destination Protocol Length Info 466 6.568837 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 466: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.315656000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.315656000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000046000 seconds] [Time since reference or first frame: 6.568837000 seconds] Frame Number: 466 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb6c (56172) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.561413000 seconds] [Time since previous frame: 0.000046000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x9004c0d1 ReceiveWindowSize: 12017 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: f5f0679cd433e143e83bca7ea77525ef snResetSeqNum: 0x732cff58 No. Time Source Destination Protocol Length Info 467 6.568866 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 467: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.315685000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.315685000 seconds [Time delta from previous captured frame: 0.000029000 seconds] [Time delta from previous displayed frame: 0.000029000 seconds] [Time since reference or first frame: 6.568866000 seconds] Frame Number: 467 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb6d (56173) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.561442000 seconds] [Time since previous frame: 0.000029000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xf104c0d2 ReceiveWindowSize: 12018 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 6b8bd2eab898371823971492ebd611eb snResetSeqNum: 0xa32cb96b No. Time Source Destination Protocol Length Info 468 6.568986 134.188.170.175 134.188.170.174 RDPUDP 103 CORRELATIONID,AOA Frame 468: 103 bytes on wire (824 bits), 103 bytes captured (824 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.315805000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.315805000 seconds [Time delta from previous captured frame: 0.000120000 seconds] [Time delta from previous displayed frame: 0.000120000 seconds] [Time since reference or first frame: 6.568986000 seconds] Frame Number: 468 Frame Length: 103 bytes (824 bits) Capture Length: 103 bytes (824 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 89 Identification: 0xdb6e (56174) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 69 Checksum: 0x632d [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.561562000 seconds] [Time since previous frame: 0.000120000 seconds] UDP payload (61 bytes) UDP Remote Desktop Protocol snSourceAck: 0xc904c0d3 ReceiveWindowSize: 12019 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 5b6a25b40dedef10e876265e86b23966 snResetSeqNum: 0x61ff2e4d No. Time Source Destination Protocol Length Info 469 6.569726 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 469: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.316545000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.316545000 seconds [Time delta from previous captured frame: 0.000740000 seconds] [Time delta from previous displayed frame: 0.000740000 seconds] [Time since reference or first frame: 6.569726000 seconds] Frame Number: 469 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb6f (56175) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.562302000 seconds] [Time since previous frame: 0.000740000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0x1704c0d4 ReceiveWindowSize: 12020 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0303065c00000000000029363c57e5f2 snResetSeqNum: 0x9283b30d No. Time Source Destination Protocol Length Info 470 6.569763 134.188.170.175 134.188.170.174 RDPUDP 1279 CORRELATIONID,AOA Frame 470: 1279 bytes on wire (10232 bits), 1279 bytes captured (10232 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.316582000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.316582000 seconds [Time delta from previous captured frame: 0.000037000 seconds] [Time delta from previous displayed frame: 0.000037000 seconds] [Time since reference or first frame: 6.569763000 seconds] Frame Number: 470 Frame Length: 1279 bytes (10232 bits) Capture Length: 1279 bytes (10232 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1265 Identification: 0xdb70 (56176) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 1245 Checksum: 0x67c5 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.562339000 seconds] [Time since previous frame: 0.000037000 seconds] UDP payload (1237 bytes) UDP Remote Desktop Protocol snSourceAck: 0xd304c0d5 ReceiveWindowSize: 12021 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 0dae7526f4de2d66b70dbcd661cd95ae snResetSeqNum: 0xf11bc0b4 No. Time Source Destination Protocol Length Info 471 6.569809 134.188.170.175 134.188.170.174 RDPUDP 487 CORRELATIONID,AOA Frame 471: 487 bytes on wire (3896 bits), 487 bytes captured (3896 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.316628000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.316628000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000046000 seconds] [Time since reference or first frame: 6.569809000 seconds] Frame Number: 471 Frame Length: 487 bytes (3896 bits) Capture Length: 487 bytes (3896 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 473 Identification: 0xdb71 (56177) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 453 Checksum: 0x64ad [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.562385000 seconds] [Time since previous frame: 0.000046000 seconds] UDP payload (445 bytes) UDP Remote Desktop Protocol snSourceAck: 0xfa04c0d6 ReceiveWindowSize: 12022 Flags: 0x2de0, CN, CWR, Ack of Acks, Ack delayed, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 87fe95f3a08b8e17686580eb7a292ee6 snResetSeqNum: 0xcafa343a No. Time Source Destination Protocol Length Info 472 6.576276 134.188.170.174 134.188.170.175 RDPUDP 278 CORRELATIONID,AOA Frame 472: 278 bytes on wire (2224 bits), 278 bytes captured (2224 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.323095000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.323095000 seconds [Time delta from previous captured frame: 0.006467000 seconds] [Time delta from previous displayed frame: 0.006467000 seconds] [Time since reference or first frame: 6.576276000 seconds] Frame Number: 472 Frame Length: 278 bytes (2224 bits) Capture Length: 278 bytes (2224 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 264 Identification: 0x1e55 (7765) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0xb8b9 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 User Datagram Protocol, Src Port: 63973, Dst Port: 3389 Source Port: 63973 Destination Port: 3389 Length: 244 Checksum: 0xbf11 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.568852000 seconds] [Time since previous frame: 0.006467000 seconds] UDP payload (236 bytes) UDP Remote Desktop Protocol snSourceAck: 0xca45c0d6 ReceiveWindowSize: 11873 Flags: 0x8be0, CN, CWR, Ack of Acks, Syn lossy, Correlation id .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...1 .... .... = Ack of Acks: True .... ..1. .... .... = Syn lossy: True .... .0.. .... .... = Ack delayed: False .... 1... .... .... = Correlation id: True ...0 .... .... .... = SynEx: False Correlation Id: 05161216cb091d2c05ab10cd0f170303 snResetSeqNum: 0x924ff92e No. Time Source Destination Protocol Length Info 473 6.591961 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 473: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.338780000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.338780000 seconds [Time delta from previous captured frame: 0.015685000 seconds] [Time delta from previous displayed frame: 0.015685000 seconds] [Time since reference or first frame: 6.591961000 seconds] Frame Number: 473 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e56 (7766) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7978 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3814, Ack: 307, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3814 (relative sequence number) Sequence Number (raw): 3951501376 [Next Sequence Number: 3857 (relative sequence number)] Acknowledgment Number: 307 (relative ack number) Acknowledgment number (raw): 1607889657 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xde38 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.591961000 seconds] [Time since previous frame in this TCP stream: 0.023303000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 464] [The RTT to ACK the segment was: 0.023303000 seconds] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021a93f0a9aa89e804681d39fc7d1cdbc0c783dabd9d2a5b7e655d19480ca… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 474 6.592672 134.188.170.175 134.188.170.174 RDPUDP 53 SYNEX Frame 474: 53 bytes on wire (424 bits), 53 bytes captured (424 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.339491000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.339491000 seconds [Time delta from previous captured frame: 0.000711000 seconds] [Time delta from previous displayed frame: 0.000711000 seconds] [Time since reference or first frame: 6.592672000 seconds] Frame Number: 474 Frame Length: 53 bytes (424 bits) Capture Length: 53 bytes (424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:rdpudp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 39 Identification: 0xdb72 (56178) 000. .... = Flags: 0x0 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 User Datagram Protocol, Src Port: 3389, Dst Port: 63973 Source Port: 3389 Destination Port: 63973 Length: 19 Checksum: 0x62fb [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 6.585248000 seconds] [Time since previous frame: 0.016396000 seconds] UDP payload (11 bytes) UDP Remote Desktop Protocol snSourceAck: 0xcb41c0ab ReceiveWindowSize: 4307 Flags: 0x74e0, CN, CWR, Ack delayed, SynEx .... .... .... ...0 = Syn: False .... .... .... ..0. = Fin: False .... .... .... .0.. = Ack: False .... .... .... 0... = Data: False .... .... ...0 .... = FECData: False .... .... ..1. .... = CN: True .... .... .1.. .... = CWR: True .... ...0 .... .... = Ack of Acks: False .... ..0. .... .... = Syn lossy: False .... .1.. .... .... = Ack delayed: True .... 0... .... .... = Correlation id: False ...1 .... .... .... = SynEx: True SynEx Flags: 0x1000 .... ...0 = Version info: False No. Time Source Destination Protocol Length Info 475 6.608176 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 475: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.354995000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.354995000 seconds [Time delta from previous captured frame: 0.015504000 seconds] [Time delta from previous displayed frame: 0.015504000 seconds] [Time since reference or first frame: 6.608176000 seconds] Frame Number: 475 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e57 (7767) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7977 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3857, Ack: 307, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3857 (relative sequence number) Sequence Number (raw): 3951501419 [Next Sequence Number: 3900 (relative sequence number)] Acknowledgment Number: 307 (relative ack number) Acknowledgment number (raw): 1607889657 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x720d [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.608176000 seconds] [Time since previous frame in this TCP stream: 0.016215000 seconds] [SEQ/ACK analysis] [Bytes in flight: 86] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021aa5170f9b59c45eb23ae60eac702562a6d9a6f7b89142049c04905487e… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 476 6.608229 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=307 Ack=3900 Win=63871 Len=0 Frame 476: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.355048000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.355048000 seconds [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.000053000 seconds] [Time since reference or first frame: 6.608229000 seconds] Frame Number: 476 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb73 (56179) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 307, Ack: 3900, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 307 (relative sequence number) Sequence Number (raw): 1607889657 [Next Sequence Number: 307 (relative sequence number)] Acknowledgment Number: 3900 (relative ack number) Acknowledgment number (raw): 3951501462 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63871 [Calculated window size: 63871] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.608229000 seconds] [Time since previous frame in this TCP stream: 0.000053000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 475] [The RTT to ACK the segment was: 0.000053000 seconds] No. Time Source Destination Protocol Length Info 477 6.632257 134.188.170.174 134.188.170.175 TLSv1.2 104 Application Data Frame 477: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.379076000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.379076000 seconds [Time delta from previous captured frame: 0.024028000 seconds] [Time delta from previous displayed frame: 0.024028000 seconds] [Time since reference or first frame: 6.632257000 seconds] Frame Number: 477 Frame Length: 104 bytes (832 bits) Capture Length: 104 bytes (832 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 90 Identification: 0x1e58 (7768) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x796f [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3900, Ack: 307, Len: 50 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 50] Sequence Number: 3900 (relative sequence number) Sequence Number (raw): 3951501462 [Next Sequence Number: 3950 (relative sequence number)] Acknowledgment Number: 307 (relative ack number) Acknowledgment number (raw): 1607889657 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xc78a [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.632257000 seconds] [Time since previous frame in this TCP stream: 0.024028000 seconds] [SEQ/ACK analysis] [Bytes in flight: 50] [Bytes sent since last PSH flag: 50] TCP payload (50 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 45 Encrypted Application Data: 00000000000021abb421f41a0689cdb083af907282ef1cadae012bb639402db8c8ea1e88… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 478 6.639890 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 478: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.386709000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.386709000 seconds [Time delta from previous captured frame: 0.007633000 seconds] [Time delta from previous displayed frame: 0.007633000 seconds] [Time since reference or first frame: 6.639890000 seconds] Frame Number: 478 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e59 (7769) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7975 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3950, Ack: 307, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3950 (relative sequence number) Sequence Number (raw): 3951501512 [Next Sequence Number: 3993 (relative sequence number)] Acknowledgment Number: 307 (relative ack number) Acknowledgment number (raw): 1607889657 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0x4e25 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.639890000 seconds] [Time since previous frame in this TCP stream: 0.007633000 seconds] [SEQ/ACK analysis] [Bytes in flight: 93] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021ac2cbaead7ca731a25316c9ec6c01d5fc894eb5c983cc14ea51ebaa534… [Application Data Protocol: TPKT - ISO on TCP - RFC1006] No. Time Source Destination Protocol Length Info 479 6.639914 134.188.170.175 134.188.170.174 TCP 54 3389 → 52728 [ACK] Seq=307 Ack=3993 Win=63778 Len=0 Frame 479: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.386733000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.386733000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.000024000 seconds] [Time since reference or first frame: 6.639914000 seconds] Frame Number: 479 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: FujitsuT_11:23:49 (90:1b:0e:11:23:49), Dst: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Destination: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.175, Dst: 134.188.170.174 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xdb74 (56180) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.175 Destination Address: 134.188.170.174 Transmission Control Protocol, Src Port: 3389, Dst Port: 52728, Seq: 307, Ack: 3993, Len: 0 Source Port: 3389 Destination Port: 52728 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 0] Sequence Number: 307 (relative sequence number) Sequence Number (raw): 1607889657 [Next Sequence Number: 307 (relative sequence number)] Acknowledgment Number: 3993 (relative ack number) Acknowledgment number (raw): 3951501555 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 63778 [Calculated window size: 63778] [Window size scaling factor: -1 (unknown)] Checksum: 0x62f1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.639914000 seconds] [Time since previous frame in this TCP stream: 0.000024000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 478] [The RTT to ACK the segment was: 0.000024000 seconds] No. Time Source Destination Protocol Length Info 480 6.656188 134.188.170.174 134.188.170.175 TLSv1.2 97 Application Data Frame 480: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}, id 0 Section number: 1 Interface id: 0 (\Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B}) Interface name: \Device\NPF_{33602CCE-19C0-4AAE-AECC-78912587524B} Interface description: Ethernet Encapsulation type: Ethernet (1) Arrival Time: Dec 14, 2022 10:37:43.403007000 W. Europe Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1671010663.403007000 seconds [Time delta from previous captured frame: 0.016274000 seconds] [Time delta from previous displayed frame: 0.016274000 seconds] [Time since reference or first frame: 6.656188000 seconds] Frame Number: 480 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15), Dst: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Destination: FujitsuT_11:23:49 (90:1b:0e:11:23:49) Address: FujitsuT_11:23:49 (90:1b:0e:11:23:49) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) Address: Fujitsu_b0:3f:15 (a0:66:10:b0:3f:15) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 134.188.170.174, Dst: 134.188.170.175 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 83 Identification: 0x1e5a (7770) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x7974 [validation disabled] [Header checksum status: Unverified] Source Address: 134.188.170.174 Destination Address: 134.188.170.175 Transmission Control Protocol, Src Port: 52728, Dst Port: 3389, Seq: 3993, Ack: 307, Len: 43 Source Port: 52728 Destination Port: 3389 [Stream index: 0] [Conversation completeness: Incomplete (12)] [TCP Segment Len: 43] Sequence Number: 3993 (relative sequence number) Sequence Number (raw): 3951501555 [Next Sequence Number: 4036 (relative sequence number)] Acknowledgment Number: 307 (relative ack number) Acknowledgment number (raw): 1607889657 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 8211 [Calculated window size: 8211] [Window size scaling factor: -1 (unknown)] Checksum: 0xcd38 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 6.656188000 seconds] [Time since previous frame in this TCP stream: 0.016274000 seconds] [SEQ/ACK analysis] [Bytes in flight: 43] [Bytes sent since last PSH flag: 43] TCP payload (43 bytes) Transport Layer Security TLSv1.2 Record Layer: Application Data Protocol: TPKT - ISO on TCP - RFC1006 Content Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 38 Encrypted Application Data: 00000000000021ad15033b905bda144eed8bd221e0598d2bc18efaaf5a3086da5ebe9d8b… [Application Data Protocol: TPKT - ISO on TCP - RFC1006]