This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What is going on with this packet? 4500 0030 0d69 4000 8006 3188 c0a8 1d01 c0a8 1d85 0453 008b 69f0 5c23 0000 0000 7002 4000 bc56 0000 0204 05b4 0101 0402

4500 0030 0277 4000 8006 3c7a c0a8 1d85 c0a8 1d01 008b 0453 3e29 8d15 69f0 5c24 7012 faf0 3616 0000 0204 05b4 0101 8d16

4500 0070 0d6b 4000 8006 3146 c0a8 1d01 C0a8 1d85 0453 008b 69f0 5c24 3e29 8d16 5018 4470 a92e 0000 8100 0044 2043 4b46

asked 14 Nov '14, 19:46

nooniebunn's gravatar image

nooniebunn
1111
accept rate: 0%


I'm not sure what exactly you are asking here but this is a strange 3-way (2-way) handshake.

  • The SYN_ACK has the SACK option overridden with 0x8d16
  • The ACK packet contains data

It would certainly save time if you'd provide a capture file instead of a truncated hexadecimal print of packets.

permanent link

answered 14 Nov '14, 22:35

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×17

question asked: 14 Nov '14, 19:46

question was seen: 1,535 times

last updated: 14 Nov '14, 22:35

p​o​w​e​r​e​d by O​S​Q​A