Ethereal-users: Re: [Ethereal-users] Packet Timestamp
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Richard Olson" <ocsrdo@xxxxxxxxxxx>
Date: Sun, 06 Mar 2005 16:50:01 -0500
I attaching three files. For security reasons I can not send the whole file.
I will try to put together a full file that I can send. Until then, I have
removed everything but the three way session handshake.
Telnet-Session.cap - Sniffer Pro capture file with everything removed
but the three way
handshakeSniffer-Print-3Way.handshake.txt - Text files created using the Sniffer Pro print facility to print
the three packetsSniffer-Export-3Way-Handshake.csv - An exported CSV file from Sniffer Pro
From: Kevin Johnson <kjohnson@xxxxxxxxxxxxxxx> Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx> To: Ethereal user support <ethereal-users@xxxxxxxxxxxx> Subject: Re: [Ethereal-users] Packet Timestamp Date: Fri, 04 Mar 2005 21:45:16 -0500 On Mon, 2005-02-28 at 12:21, Richard Olson wrote: > Ethereal 0.10.9 ( latest from web ) > > > > >On Sat, 2005-02-26 at 17:10, Richard Olson wrote: > > > I have been looking at a trace file in Ethereal that was created by > >Sniffer > > > Pro. It looks like the packet times differ by 40 minutes in> > > Ethereal(Ethereal packet time is 40 minutes earlier than the time of the> > > same packet in Sniffer Pro). I downloaded Netasyst and looked at the > >same > > > trace file and the packet times are the same as in Sniffer Pro. The > >capture> > > file is a compressed(caz) file. I also noticed that I can't use filters> >on > > > this file. I must first load the file(.caz) and then save it as .cap > >file > > > and then load the .cap file. > > Hi- If you could provide the file, I would be willing to check it out. Kevin << signature.asc >> _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
Attachment:
Telnet-Session.cap
Description: Binary data
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Destination Summary Bytes Rel Time Delta Time Abs time --------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1 M [10.210.0.231] [10.95.0.1] TCP: D=23 S=1905 SYN SEQ=1321931906 LEN=0 WIN=65535 62 0:00:00.000 0.000.000 02/16/2005 02:15:35 PM DLC: ----- DLC Header ----- DLC:DLC: Frame 1 arrived at 14:15:35.3899; frame size is 62 (003E hex) bytes.
DLC: Destination = Station Radwre020A02 DLC: Source = Station Cisco 58F3A1 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliabilityIP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion IP: Total length = 48 bytes IP: Identification = 29841 IP: Flags = 4X IP: .1.. .... = don't fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 123 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = 751E (correct) IP: Source address = [10.210.0.231] IP: Destination address = [10.95.0.1] IP: No options IP: TCP: ----- TCP header ----- TCP: TCP: Source port = 1905 TCP: Destination port = 23 (Telnet) TCP: Initial sequence number = 1321931906 TCP: Next expected Seq number= 1321931907 TCP: Data offset = 28 bytes (4 bits) TCP: Reserved Bits: Reserved for Future Use (6 bits) TCP: Flags = 02 TCP: ..0. .... = (No urgent pointer) TCP: ...0 .... = (No acknowledgment) TCP: .... 0... = (No push) TCP: .... .0.. = (No reset) TCP: .... ..1. = SYN TCP: .... ...0 = (No FIN) TCP: Window = 65535 TCP: Checksum = 0282 (correct) TCP: Urgent pointer = 0 TCP: TCP: Options follow TCP: Maximum segment size = 1380 TCP: No-Operation TCP: No-Operation TCP: SACK-Permitted Option TCP: ADDR HEX ASCII 0000: 00 03 b2 02 0a 02 00 09 b7 58 f3 a1 08 00 45 00 | ..�.....�X�..E. 0010: 00 30 74 91 40 00 7b 06 75 1e 0a d2 00 e7 0a 5f | .0t�@.{.u..�.�._ 0020: 00 01 07 71 00 17 4e cb 14 82 00 00 00 00 70 02 | ...q..N�.�....p. 0030: ff ff 02 82 00 00 02 04 05 64 01 01 04 02 | ��.�.....d....- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Destination Summary Bytes Rel Time Delta Time Abs time --------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2 [10.95.0.1] [10.210.0.231] TCP: D=1905 S=23 SYN ACK=1321931907 SEQ=696708700 LEN=0 WIN=24840 62 0:00:00.008 0.008.394 02/16/2005 02:15:35 PM DLC: ----- DLC Header ----- DLC:DLC: Frame 2 arrived at 14:15:35.3983; frame size is 62 (003E hex) bytes.
DLC: Destination = Station Cisco 58F3A1 DLC: Source = Station Radwre020A02 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliabilityIP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion IP: Total length = 48 bytes IP: Identification = 1309 IP: Flags = 4X IP: .1.. .... = don't fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 63 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = 2093 (correct) IP: Source address = [10.95.0.1] IP: Destination address = [10.210.0.231] IP: No options IP: TCP: ----- TCP header ----- TCP: TCP: Source port = 23 (Telnet) TCP: Destination port = 1905 TCP: Initial sequence number = 696708700 TCP: Next expected Seq number= 696708701 TCP: Acknowledgment number = 1321931907 TCP: Data offset = 28 bytes (4 bits) TCP: Reserved Bits: Reserved for Future Use (6 bits) TCP: Flags = 12 TCP: ..0. .... = (No urgent pointer) TCP: ...1 .... = Acknowledgment TCP: .... 0... = (No push) TCP: .... .0.. = (No reset) TCP: .... ..1. = SYN TCP: .... ...0 = (No FIN) TCP: Window = 24840 TCP: Checksum = 8935 (correct) TCP: Urgent pointer = 0 TCP: TCP: Options follow TCP: No-Operation TCP: No-Operation TCP: SACK-Permitted Option TCP: Maximum segment size = 1460 TCP: ADDR HEX ASCII 0000: 00 09 b7 58 f3 a1 00 03 b2 02 0a 02 08 00 45 00 | ..�X�..�.....E. 0010: 00 30 05 1d 40 00 3f 06 20 93 0a 5f 00 01 0a d2 | .0..@.?. �._...� 0020: 00 e7 00 17 07 71 29 86 ee 5c 4e cb 14 83 70 12 | .�...q)��\N�.�p. 0030: 61 08 89 35 00 00 01 01 04 02 02 04 05 b4 | a.�5.........�- - - - - - - - - - - - - - - - - - - - Frame 3 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Destination Summary Bytes Rel Time Delta Time Abs time --------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3 [10.210.0.231] [10.95.0.1] TCP: D=23 S=1905 ACK=696708701 WIN=65535 60 0:00:00.012 0.004.176 02/16/2005 02:15:35 PM DLC: ----- DLC Header ----- DLC:DLC: Frame 3 arrived at 14:15:35.4025; frame size is 60 (003C hex) bytes.
DLC: Destination = Station Radwre020A02 DLC: Source = Station Cisco 58F3A1 DLC: Ethertype = 0800 (IP) DLC: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: 000. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliabilityIP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
IP: .... ...0 = CE bit - no congestion IP: Total length = 40 bytes IP: Identification = 29842 IP: Flags = 4X IP: .1.. .... = don't fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 123 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = 7525 (correct) IP: Source address = [10.210.0.231] IP: Destination address = [10.95.0.1] IP: No options IP: TCP: ----- TCP header ----- TCP: TCP: Source port = 1905 TCP: Destination port = 23 (Telnet) TCP: Sequence number = 1321931907 TCP: Next expected Seq number= 1321931907 TCP: Acknowledgment number = 696708701 TCP: Data offset = 20 bytes (4 bits) TCP: Reserved Bits: Reserved for Future Use (6 bits) TCP: Flags = 10 TCP: ..0. .... = (No urgent pointer) TCP: ...1 .... = Acknowledgment TCP: .... 0... = (No push) TCP: .... .0.. = (No reset) TCP: .... ..0. = (No SYN) TCP: .... ...0 = (No FIN) TCP: Window = 65535 TCP: Checksum = 1702 (correct) TCP: Urgent pointer = 0 TCP: No TCP options TCP: DLC: Frame padding= 6 bytes ADDR HEX ASCII 0000: 00 03 b2 02 0a 02 00 09 b7 58 f3 a1 08 00 45 00 | ..�.....�X�..E. 0010: 00 28 74 92 40 00 7b 06 75 25 0a d2 00 e7 0a 5f | .(t�@.{.u%.�.�._ 0020: 00 01 07 71 00 17 4e cb 14 83 29 86 ee 5d 50 10 | ...q..N�.�)��]P. 0030: ff ff 17 02 00 00 00 00 00 00 00 00 | ��..........
Attachment:
Sniffer-Export-3Way-Handshake.csv
Description: MS-Excel spreadsheet
- Prev by Date: Re: [Ethereal-users] RE: "Malformed" ASF RMCP ACK packets
- Next by Date: [Ethereal-users] packet times for Sniffer traces
- Previous by thread: Re: [Ethereal-users] Packet Timestamp
- Next by thread: [Ethereal-users] info
- Index(es):