Ethereal-users: Re: [Ethereal-users] Packet Timestamp

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Richard Olson" <ocsrdo@xxxxxxxxxxx>
Date: Sun, 06 Mar 2005 16:50:01 -0500
I attaching three files. For security reasons I can not send the whole file. I will try to put together a full file that I can send. Until then, I have removed everything but the three way session handshake. Telnet-Session.cap - Sniffer Pro capture file with everything removed but the three way
                                 handshake
Sniffer-Print-3Way.handshake.txt - Text files created using the Sniffer Pro print facility to print
                                 the three packets
Sniffer-Export-3Way-Handshake.csv - An exported CSV file from Sniffer Pro


From: Kevin Johnson <kjohnson@xxxxxxxxxxxxxxx>
Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
Subject: Re: [Ethereal-users] Packet Timestamp
Date: Fri, 04 Mar 2005 21:45:16 -0500

On Mon, 2005-02-28 at 12:21, Richard Olson wrote:
> Ethereal 0.10.9 ( latest from web )
>
> >
> >On Sat, 2005-02-26 at 17:10, Richard Olson wrote:
> > > I have been looking at a trace file in Ethereal that was created by
> >Sniffer
> > > Pro. It looks like the  packet times differ by 40 minutes in
> > > Ethereal(Ethereal packet time is 40 minutes earlier than the time of the
> > > same packet in Sniffer Pro). I downloaded Netasyst and looked at the
> >same
> > > trace file and the packet times are the same as in Sniffer Pro. The
> >capture
> > > file is a compressed(caz) file. I also noticed that I can't use filters
> >on
> > > this file. I must first load the file(.caz) and then save it as .cap
> >file
> > > and then load the .cap file.
> >

Hi-

If you could provide the file, I would be willing to check it out.

Kevin

<< signature.asc >>
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Attachment: Telnet-Session.cap
Description: Binary data


- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - -
Frame Status Source                        Destination
Summary
Bytes Rel Time     Delta Time   Abs time
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
    1 M      [10.210.0.231]                [10.95.0.1]
TCP: D=23 S=1905 SYN SEQ=1321931906 LEN=0 WIN=65535
  62 0:00:00.000  0.000.000    02/16/2005 02:15:35 PM
DLC:  ----- DLC Header -----
     DLC:
DLC: Frame 1 arrived at 14:15:35.3899; frame size is 62 (003E hex) bytes.
     DLC:  Destination = Station Radwre020A02
     DLC:  Source      = Station Cisco 58F3A1
     DLC:  Ethertype   = 0800 (IP)
     DLC:
IP: ----- IP Header -----
     IP:
     IP: Version = 4, header length = 20 bytes
     IP: Type of service = 00
     IP:       000. ....   = routine
     IP:       ...0 .... = normal delay
     IP:       .... 0... = normal throughput
     IP:       .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
     IP:       .... ...0 = CE bit - no congestion
     IP: Total length    = 48 bytes
     IP: Identification  = 29841
     IP: Flags           = 4X
     IP:       .1.. .... = don't fragment
     IP:       ..0. .... = last fragment
     IP: Fragment offset = 0 bytes
     IP: Time to live    = 123 seconds/hops
     IP: Protocol        = 6 (TCP)
     IP: Header checksum = 751E (correct)
     IP: Source address      = [10.210.0.231]
     IP: Destination address = [10.95.0.1]
     IP: No options
     IP:
TCP: ----- TCP header -----
     TCP:
     TCP: Source port             =  1905
     TCP: Destination port        =    23 (Telnet)
     TCP: Initial sequence number = 1321931906
     TCP: Next expected Seq number= 1321931907
     TCP: Data offset             = 28 bytes (4 bits)
     TCP: Reserved Bits: Reserved for Future Use (6 bits)
     TCP: Flags                   = 02
     TCP:               ..0. .... = (No urgent pointer)
     TCP:               ...0 .... = (No acknowledgment)
     TCP:               .... 0... = (No push)
     TCP:               .... .0.. = (No reset)
     TCP:               .... ..1. = SYN
     TCP:               .... ...0 = (No FIN)
     TCP: Window                  = 65535
     TCP: Checksum                = 0282 (correct)
     TCP: Urgent pointer          = 0
     TCP:
     TCP: Options follow
     TCP: Maximum segment size = 1380
     TCP: No-Operation
     TCP: No-Operation
     TCP: SACK-Permitted Option
     TCP:
ADDR  HEX                                               ASCII
0000: 00 03 b2 02 0a 02 00 09 b7 58 f3 a1 08 00 45 00 | ..�.....�X�..E.
0010: 00 30 74 91 40 00 7b 06 75 1e 0a d2 00 e7 0a 5f | .0t�@.{.u..�.�._
0020: 00 01 07 71 00 17 4e cb 14 82 00 00 00 00 70 02 | ...q..N�.�....p.
0030: ff ff 02 82 00 00 02 04 05 64 01 01 04 02       | ��.�.....d....

- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - -
Frame Status Source                        Destination
Summary
Bytes Rel Time     Delta Time   Abs time
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2        [10.95.0.1]                   [10.210.0.231]
TCP: D=1905 S=23 SYN ACK=1321931907 SEQ=696708700 LEN=0 WIN=24840
  62 0:00:00.008  0.008.394    02/16/2005 02:15:35 PM
DLC:  ----- DLC Header -----
     DLC:
DLC: Frame 2 arrived at 14:15:35.3983; frame size is 62 (003E hex) bytes.
     DLC:  Destination = Station Cisco 58F3A1
     DLC:  Source      = Station Radwre020A02
     DLC:  Ethertype   = 0800 (IP)
     DLC:
IP: ----- IP Header -----
     IP:
     IP: Version = 4, header length = 20 bytes
     IP: Type of service = 00
     IP:       000. ....   = routine
     IP:       ...0 .... = normal delay
     IP:       .... 0... = normal throughput
     IP:       .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
     IP:       .... ...0 = CE bit - no congestion
     IP: Total length    = 48 bytes
     IP: Identification  = 1309
     IP: Flags           = 4X
     IP:       .1.. .... = don't fragment
     IP:       ..0. .... = last fragment
     IP: Fragment offset = 0 bytes
     IP: Time to live    = 63 seconds/hops
     IP: Protocol        = 6 (TCP)
     IP: Header checksum = 2093 (correct)
     IP: Source address      = [10.95.0.1]
     IP: Destination address = [10.210.0.231]
     IP: No options
     IP:
TCP: ----- TCP header -----
     TCP:
     TCP: Source port             =    23 (Telnet)
     TCP: Destination port        =  1905
     TCP: Initial sequence number = 696708700
     TCP: Next expected Seq number= 696708701
     TCP: Acknowledgment number   = 1321931907
     TCP: Data offset             = 28 bytes (4 bits)
     TCP: Reserved Bits: Reserved for Future Use (6 bits)
     TCP: Flags                   = 12
     TCP:               ..0. .... = (No urgent pointer)
     TCP:               ...1 .... = Acknowledgment
     TCP:               .... 0... = (No push)
     TCP:               .... .0.. = (No reset)
     TCP:               .... ..1. = SYN
     TCP:               .... ...0 = (No FIN)
     TCP: Window                  = 24840
     TCP: Checksum                = 8935 (correct)
     TCP: Urgent pointer          = 0
     TCP:
     TCP: Options follow
     TCP: No-Operation
     TCP: No-Operation
     TCP: SACK-Permitted Option
     TCP: Maximum segment size = 1460
     TCP:
ADDR  HEX                                               ASCII
0000: 00 09 b7 58 f3 a1 00 03 b2 02 0a 02 08 00 45 00 | ..�X�..�.....E.
0010: 00 30 05 1d 40 00 3f 06 20 93 0a 5f 00 01 0a d2 | .0..@.?. �._...�
0020: 00 e7 00 17 07 71 29 86 ee 5c 4e cb 14 83 70 12 | .�...q)��\N�.�p.
0030: 61 08 89 35 00 00 01 01 04 02 02 04 05 b4       | a.�5.........�

- - - - - - - - - - - - - - - - - - - - Frame 3 - - - - - - - - - - - - - - - - - - - -
Frame Status Source                        Destination
Summary
Bytes Rel Time     Delta Time   Abs time
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
    3        [10.210.0.231]                [10.95.0.1]
TCP: D=23 S=1905     ACK=696708701 WIN=65535
  60 0:00:00.012  0.004.176    02/16/2005 02:15:35 PM
DLC:  ----- DLC Header -----
     DLC:
DLC: Frame 3 arrived at 14:15:35.4025; frame size is 60 (003C hex) bytes.
     DLC:  Destination = Station Radwre020A02
     DLC:  Source      = Station Cisco 58F3A1
     DLC:  Ethertype   = 0800 (IP)
     DLC:
IP: ----- IP Header -----
     IP:
     IP: Version = 4, header length = 20 bytes
     IP: Type of service = 00
     IP:       000. ....   = routine
     IP:       ...0 .... = normal delay
     IP:       .... 0... = normal throughput
     IP:       .... .0.. = normal reliability
IP: .... ..0. = ECT bit - transport protocol will ignore the CE bit
     IP:       .... ...0 = CE bit - no congestion
     IP: Total length    = 40 bytes
     IP: Identification  = 29842
     IP: Flags           = 4X
     IP:       .1.. .... = don't fragment
     IP:       ..0. .... = last fragment
     IP: Fragment offset = 0 bytes
     IP: Time to live    = 123 seconds/hops
     IP: Protocol        = 6 (TCP)
     IP: Header checksum = 7525 (correct)
     IP: Source address      = [10.210.0.231]
     IP: Destination address = [10.95.0.1]
     IP: No options
     IP:
TCP: ----- TCP header -----
     TCP:
     TCP: Source port             =  1905
     TCP: Destination port        =    23 (Telnet)
     TCP: Sequence number         = 1321931907
     TCP: Next expected Seq number= 1321931907
     TCP: Acknowledgment number   = 696708701
     TCP: Data offset             = 20 bytes (4 bits)
     TCP: Reserved Bits: Reserved for Future Use (6 bits)
     TCP: Flags                   = 10
     TCP:               ..0. .... = (No urgent pointer)
     TCP:               ...1 .... = Acknowledgment
     TCP:               .... 0... = (No push)
     TCP:               .... .0.. = (No reset)
     TCP:               .... ..0. = (No SYN)
     TCP:               .... ...0 = (No FIN)
     TCP: Window                  = 65535
     TCP: Checksum                = 1702 (correct)
     TCP: Urgent pointer          = 0
     TCP: No TCP options
     TCP:
DLC:  Frame padding= 6 bytes
ADDR  HEX                                               ASCII
0000: 00 03 b2 02 0a 02 00 09 b7 58 f3 a1 08 00 45 00 | ..�.....�X�..E.
0010: 00 28 74 92 40 00 7b 06 75 25 0a d2 00 e7 0a 5f | .(t�@.{.u%.�.�._
0020: 00 01 07 71 00 17 4e cb 14 83 29 86 ee 5d 50 10 | ...q..N�.�)��]P.
0030: ff ff 17 02 00 00 00 00 00 00 00 00             | ��..........

Attachment: Sniffer-Export-3Way-Handshake.csv
Description: MS-Excel spreadsheet