This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCPdump review

0

What is going on with this packet? 4500 0030 0d69 4000 8006 3188 c0a8 1d01 c0a8 1d85 0453 008b 69f0 5c23 0000 0000 7002 4000 bc56 0000 0204 05b4 0101 0402

4500 0030 0277 4000 8006 3c7a c0a8 1d85 c0a8 1d01 008b 0453 3e29 8d15 69f0 5c24 7012 faf0 3616 0000 0204 05b4 0101 8d16

4500 0070 0d6b 4000 8006 3146 c0a8 1d01 C0a8 1d85 0453 008b 69f0 5c24 3e29 8d16 5018 4470 a92e 0000 8100 0044 2043 4b46

asked 14 Nov '14, 19:46

nooniebunn's gravatar image

nooniebunn
1111
accept rate: 0%


One Answer:

1

I'm not sure what exactly you are asking here but this is a strange 3-way (2-way) handshake.

  • The SYN_ACK has the SACK option overridden with 0x8d16
  • The ACK packet contains data

It would certainly save time if you'd provide a capture file instead of a truncated hexadecimal print of packets.

answered 14 Nov '14, 22:35

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%