Ethereal-users: Re: [Ethereal-users] Packet Timestamp
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Richard Olson" <ocsrdo@xxxxxxxxxxx>
Date: Sun, 06 Mar 2005 16:50:01 -0500
I attaching three files. For security reasons I can not send the whole file.
I will try to put together a full file that I can send. Until then, I have
removed everything but the three way session handshake.
Telnet-Session.cap - Sniffer Pro capture file with everything removed
but the three way
handshake
Sniffer-Print-3Way.handshake.txt - Text files created using the Sniffer
Pro print facility to print
the three packets
Sniffer-Export-3Way-Handshake.csv - An exported CSV file from Sniffer
Pro
From: Kevin Johnson <kjohnson@xxxxxxxxxxxxxxx> Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx> To: Ethereal user support <ethereal-users@xxxxxxxxxxxx> Subject: Re: [Ethereal-users] Packet Timestamp Date: Fri, 04 Mar 2005 21:45:16 -0500 On Mon, 2005-02-28 at 12:21, Richard Olson wrote: > Ethereal 0.10.9 ( latest from web ) > > > > >On Sat, 2005-02-26 at 17:10, Richard Olson wrote: > > > I have been looking at a trace file in Ethereal that was created by > >Sniffer > > > Pro. It looks like the packet times differ by 40 minutes in> > > Ethereal(Ethereal packet time is 40 minutes earlier than the time of the> > > same packet in Sniffer Pro). I downloaded Netasyst and looked at the > >same > > > trace file and the packet times are the same as in Sniffer Pro. The > >capture> > > file is a compressed(caz) file. I also noticed that I can't use filters> >on > > > this file. I must first load the file(.caz) and then save it as .cap > >file > > > and then load the .cap file. > > Hi- If you could provide the file, I would be willing to check it out. Kevin << signature.asc >> _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
Attachment:
Telnet-Session.cap
Description: Binary data
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Destination
Summary
Bytes Rel Time Delta Time Abs time
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
1 M [10.210.0.231] [10.95.0.1]
TCP: D=23 S=1905 SYN SEQ=1321931906 LEN=0 WIN=65535
62 0:00:00.000 0.000.000 02/16/2005 02:15:35 PM
DLC: ----- DLC Header -----
DLC:
DLC: Frame 1 arrived at 14:15:35.3899; frame size is 62 (003E hex)
bytes.
DLC: Destination = Station Radwre020A02
DLC: Source = Station Cisco 58F3A1
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE
bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 48 bytes
IP: Identification = 29841
IP: Flags = 4X
IP: .1.. .... = don't fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 123 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 751E (correct)
IP: Source address = [10.210.0.231]
IP: Destination address = [10.95.0.1]
IP: No options
IP:
TCP: ----- TCP header -----
TCP:
TCP: Source port = 1905
TCP: Destination port = 23 (Telnet)
TCP: Initial sequence number = 1321931906
TCP: Next expected Seq number= 1321931907
TCP: Data offset = 28 bytes (4 bits)
TCP: Reserved Bits: Reserved for Future Use (6 bits)
TCP: Flags = 02
TCP: ..0. .... = (No urgent pointer)
TCP: ...0 .... = (No acknowledgment)
TCP: .... 0... = (No push)
TCP: .... .0.. = (No reset)
TCP: .... ..1. = SYN
TCP: .... ...0 = (No FIN)
TCP: Window = 65535
TCP: Checksum = 0282 (correct)
TCP: Urgent pointer = 0
TCP:
TCP: Options follow
TCP: Maximum segment size = 1380
TCP: No-Operation
TCP: No-Operation
TCP: SACK-Permitted Option
TCP:
ADDR HEX ASCII
0000: 00 03 b2 02 0a 02 00 09 b7 58 f3 a1 08 00 45 00 | ..².....·Xó¡..E.
0010: 00 30 74 91 40 00 7b 06 75 1e 0a d2 00 e7 0a 5f | .0t@.{.u..Ò.ç._
0020: 00 01 07 71 00 17 4e cb 14 82 00 00 00 00 70 02 | ...q..NË.....p.
0030: ff ff 02 82 00 00 02 04 05 64 01 01 04 02 | ÿÿ......d....
- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - -
- - - - - -
Frame Status Source Destination
Summary
Bytes Rel Time Delta Time Abs time
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
2 [10.95.0.1] [10.210.0.231]
TCP: D=1905 S=23 SYN ACK=1321931907 SEQ=696708700 LEN=0 WIN=24840
62 0:00:00.008 0.008.394 02/16/2005 02:15:35 PM
DLC: ----- DLC Header -----
DLC:
DLC: Frame 2 arrived at 14:15:35.3983; frame size is 62 (003E hex)
bytes.
DLC: Destination = Station Cisco 58F3A1
DLC: Source = Station Radwre020A02
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE
bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 48 bytes
IP: Identification = 1309
IP: Flags = 4X
IP: .1.. .... = don't fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 63 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 2093 (correct)
IP: Source address = [10.95.0.1]
IP: Destination address = [10.210.0.231]
IP: No options
IP:
TCP: ----- TCP header -----
TCP:
TCP: Source port = 23 (Telnet)
TCP: Destination port = 1905
TCP: Initial sequence number = 696708700
TCP: Next expected Seq number= 696708701
TCP: Acknowledgment number = 1321931907
TCP: Data offset = 28 bytes (4 bits)
TCP: Reserved Bits: Reserved for Future Use (6 bits)
TCP: Flags = 12
TCP: ..0. .... = (No urgent pointer)
TCP: ...1 .... = Acknowledgment
TCP: .... 0... = (No push)
TCP: .... .0.. = (No reset)
TCP: .... ..1. = SYN
TCP: .... ...0 = (No FIN)
TCP: Window = 24840
TCP: Checksum = 8935 (correct)
TCP: Urgent pointer = 0
TCP:
TCP: Options follow
TCP: No-Operation
TCP: No-Operation
TCP: SACK-Permitted Option
TCP: Maximum segment size = 1460
TCP:
ADDR HEX ASCII
0000: 00 09 b7 58 f3 a1 00 03 b2 02 0a 02 08 00 45 00 | ..·Xó¡..².....E.
0010: 00 30 05 1d 40 00 3f 06 20 93 0a 5f 00 01 0a d2 | .0..@.?. ._...Ò
0020: 00 e7 00 17 07 71 29 86 ee 5c 4e cb 14 83 70 12 | .ç...q)î\NË.p.
0030: 61 08 89 35 00 00 01 01 04 02 02 04 05 b4 | a.5.........´
- - - - - - - - - - - - - - - - - - - - Frame 3 - - - - - - - - - - - - - -
- - - - - -
Frame Status Source Destination
Summary
Bytes Rel Time Delta Time Abs time
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
3 [10.210.0.231] [10.95.0.1]
TCP: D=23 S=1905 ACK=696708701 WIN=65535
60 0:00:00.012 0.004.176 02/16/2005 02:15:35 PM
DLC: ----- DLC Header -----
DLC:
DLC: Frame 3 arrived at 14:15:35.4025; frame size is 60 (003C hex)
bytes.
DLC: Destination = Station Radwre020A02
DLC: Source = Station Cisco 58F3A1
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE
bit
IP: .... ...0 = CE bit - no congestion
IP: Total length = 40 bytes
IP: Identification = 29842
IP: Flags = 4X
IP: .1.. .... = don't fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 123 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 7525 (correct)
IP: Source address = [10.210.0.231]
IP: Destination address = [10.95.0.1]
IP: No options
IP:
TCP: ----- TCP header -----
TCP:
TCP: Source port = 1905
TCP: Destination port = 23 (Telnet)
TCP: Sequence number = 1321931907
TCP: Next expected Seq number= 1321931907
TCP: Acknowledgment number = 696708701
TCP: Data offset = 20 bytes (4 bits)
TCP: Reserved Bits: Reserved for Future Use (6 bits)
TCP: Flags = 10
TCP: ..0. .... = (No urgent pointer)
TCP: ...1 .... = Acknowledgment
TCP: .... 0... = (No push)
TCP: .... .0.. = (No reset)
TCP: .... ..0. = (No SYN)
TCP: .... ...0 = (No FIN)
TCP: Window = 65535
TCP: Checksum = 1702 (correct)
TCP: Urgent pointer = 0
TCP: No TCP options
TCP:
DLC: Frame padding= 6 bytes
ADDR HEX ASCII
0000: 00 03 b2 02 0a 02 00 09 b7 58 f3 a1 08 00 45 00 | ..².....·Xó¡..E.
0010: 00 28 74 92 40 00 7b 06 75 25 0a d2 00 e7 0a 5f | .(t@.{.u%.Ò.ç._
0020: 00 01 07 71 00 17 4e cb 14 83 29 86 ee 5d 50 10 | ...q..NË.)î]P.
0030: ff ff 17 02 00 00 00 00 00 00 00 00 | ÿÿ..........
Attachment:
Sniffer-Export-3Way-Handshake.csv
Description: MS-Excel spreadsheet
- Prev by Date: Re: [Ethereal-users] RE: "Malformed" ASF RMCP ACK packets
- Next by Date: [Ethereal-users] packet times for Sniffer traces
- Previous by thread: Re: [Ethereal-users] Packet Timestamp
- Next by thread: [Ethereal-users] info
- Index(es):
