This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have tried to decrypt https traffic with tshark. The command that I used was as below:

tshark -r 1.pcap -o ssl.keys_list:"10.140.8.27","443","http","test_ca.pem" -o ssl.debug_file:"ssldebug.log" -V

The same pcap file can be decrypted by the same key file with wireshark 2.2.6. However, it failed with tshark 1.8.

tshark SSL debug log:

Private key imported: KeyID d3:3a:0a:2a:4f:97:3a:c1:df:62:1b:d9:5c:2a:77:6d:...
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init IPv4 addr '10.140.8.27' (10.140.8.27) port '443' filename 'test_ca.pem' password(only for p12 file) ''
ssl_init private key file test_ca.pem successfully loaded.
association_add TCP port 443 protocol http handle 0x1058760

dissect_ssl enter frame #1 (first time)
ssl_session_init: initializing ptr 0x7f48afd920f0 size 680
  conversation = 0x7f48afd91dc8, ssl_session = 0x7f48afd920f0
  record: offset = 0, reported_length_remaining = 81
  need_desegmentation: offset = 0, reported_length_remaining = 81

dissect_ssl enter frame #3 (first time)
  conversation = 0x7f48afd91dc8, ssl_session = 0x7f48afd920f0
  record: offset = 0, reported_length_remaining = 1121
  need_desegmentation: offset = 0, reported_length_remaining = 1121

dissect_ssl enter frame #9 (first time)
ssl_session_init: initializing ptr 0x7f48afd92978 size 680
  conversation = 0x7f48afd92650, ssl_session = 0x7f48afd92978
  record: offset = 0, reported_length_remaining = 109
  need_desegmentation: offset = 0, reported_length_remaining = 109

dissect_ssl enter frame #11 (first time)
  conversation = 0x7f48afd92650, ssl_session = 0x7f48afd92978
  record: offset = 0, reported_length_remaining = 864
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x10
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 53, ssl state 0x10
association_find: TCP port 443 found 0x1ac91d0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 49 bytes, remaining 58
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x12
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x0035 -> state 0x16
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x16 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
  record: offset = 58, reported_length_remaining = 806
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 796, ssl state 0x16
association_find: TCP port 443 found 0x1ac91d0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 63 length 792 bytes, remaining 859
  record: offset = 859, reported_length_remaining = 5
  need_desegmentation: offset = 859, reported_length_remaining = 5

dissect_ssl enter frame #13 (first time)
  conversation = 0x7f48afd92650, ssl_session = 0x7f48afd92978
  record: offset = 0, reported_length_remaining = 322
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 262, ssl state 0x16
association_find: TCP port 44716 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
trying to use SSL keylog in
failed to open SSL keylog
  record: offset = 267, reported_length_remaining = 55
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
association_find: TCP port 44716 found (nil)
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 273, reported_length_remaining = 49
  need_desegmentation: offset = 273, reported_length_remaining = 49

dissect_ssl enter frame #15 (first time)
  conversation = 0x7f48afd92650, ssl_session = 0x7f48afd92978
  record: offset = 0, reported_length_remaining = 262
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 202, ssl state 0x16
association_find: TCP port 443 found 0x1ac91d0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 198 bytes, remaining 207
  record: offset = 207, reported_length_remaining = 55
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
association_find: TCP port 443 found 0x1ac91d0
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
  record: offset = 213, reported_length_remaining = 49
  need_desegmentation: offset = 213, reported_length_remaining = 49

dissect_ssl enter frame #16 (first time)
  conversation = 0x7f48afd92650, ssl_session = 0x7f48afd92978
  record: offset = 0, reported_length_remaining = 182
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x16
association_find: TCP port 44716 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 44716 found (nil)
association_find: TCP port 443 found 0x1ac91d0
  record: offset = 37, reported_length_remaining = 145
  need_desegmentation: offset = 37, reported_length_remaining = 145

dissect_ssl enter frame #18 (first time)
  conversation = 0x7f48afd92650, ssl_session = 0x7f48afd92978
  record: offset = 0, reported_length_remaining = 544
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x16
association_find: TCP port 443 found 0x1ac91d0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0x1ac91d0
  record: offset = 37, reported_length_remaining = 507
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 384, ssl state 0x16
association_find: TCP port 443 found 0x1ac91d0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0x1ac91d0
  record: offset = 426, reported_length_remaining = 118
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x16
association_find: TCP port 443 found 0x1ac91d0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0x1ac91d0
  record: offset = 463, reported_length_remaining = 81
  need_desegmentation: offset = 463, reported_length_remaining = 81

dissect_ssl enter frame #21 (first time)
  conversation = 0x7f48afd92650, ssl_session = 0x7f48afd92978
  record: offset = 0, reported_length_remaining = 33
  need_desegmentation: offset = 0, reported_length_remaining = 33

command output:

frame:0:151:Frame 1: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:45.947506000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369265.947506000 seconds
0:0:    [Time delta from previous captured frame: 0.000000000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000000000 seconds]
0:0:    [Time since reference or first frame: 0.000000000 seconds]
0:0:    Frame Number: 1
0:0:    Frame Length: 151 bytes (1208 bits)
0:0:    Capture Length: 151 bytes (1208 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
147:4:    Frame check sequence: 0x40f19622 [incorrect, should be 0xb0ad2882]
147:4:        [FCS Good: False]
147:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 173.36.7.6 (173.36.7.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 137
18:2:    Identification: 0x6cbf (27839)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 111
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0xd7de [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 173.36.7.6 (173.36.7.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 50101 (50101), Seq: 1, Ack: 1, Len: 81
34:2:    Source port: https (443)
36:2:    Destination port: 50101 (50101)
34:0:    [Stream index: 0]
38:4:    Sequence number: 1    (relative sequence number)
34:0:    [Next sequence number: 82    (relative sequence number)]
42:4:    Acknowledgment number: 1    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 511
48:2:    [Calculated window size: 511]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0xcb50 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 344870702, TSecr 1325455116
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 344870702
62:4:            Timestamp echo reply: 1325455116
34:0:    [SEQ/ACK analysis]
34:0:        [Bytes in flight: 81]
66:81:    TCP segment data (81 bytes)
ssl:66:81:Secure Sockets Layer

frame:0:66:Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:45.947601000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369265.947601000 seconds
0:0:    [Time delta from previous captured frame: 0.000095000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000095000 seconds]
0:0:    [Time since reference or first frame: 0.000095000 seconds]
0:0:    Frame Number: 2
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0x148e4f2e [incorrect, should be 0x2a9e80cf]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 173.36.7.6 (173.36.7.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0xaf4e (44878)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0xc4a4 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 173.36.7.6 (173.36.7.6)
tcp:34:32:Transmission Control Protocol, Src Port: 50101 (50101), Dst Port: https (443), Seq: 1338627855, Ack: 4017034065
34:2:    Source port: 50101 (50101)
36:2:    Destination port: https (443)
34:0:    [Stream index: 0]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1338627855    (relative sequence number)
42:4:    Acknowledgment number: 4017034065    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4093
48:2:    [Calculated window size: 4093]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0xc6f7 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:1191:Frame 3: 1191 bytes on wire (9528 bits), 1191 bytes captured (9528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:45.947757000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369265.947757000 seconds
0:0:    [Time delta from previous captured frame: 0.000156000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000156000 seconds]
0:0:    [Time since reference or first frame: 0.000251000 seconds]
0:0:    Frame Number: 3
0:0:    Frame Length: 1191 bytes (9528 bits)
0:0:    Capture Length: 1191 bytes (9528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
1187:4:    Frame check sequence: 0xdae3d5af [incorrect, should be 0xc78d91bf]
1187:4:        [FCS Good: False]
1187:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 173.36.7.6 (173.36.7.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 1177
18:2:    Identification: 0x6cc0 (27840)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 111
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0xd3cd [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 173.36.7.6 (173.36.7.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 50101 (50101), Seq: 86, Ack: 1, Len: 1121
34:2:    Source port: https (443)
36:2:    Destination port: 50101 (50101)
34:0:    [Stream index: 0]
38:4:    Sequence number: 86    (relative sequence number)
34:0:    [Next sequence number: 1207    (relative sequence number)]
42:4:    Acknowledgment number: 1    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 511
48:2:    [Calculated window size: 511]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0xefe0 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 344870702, TSecr 1325455116
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 344870702
62:4:            Timestamp echo reply: 1325455116
34:0:    [SEQ/ACK analysis]
34:0:        [TCP Analysis Flags]
34:0:            [A segment before this frame wasn't captured]
expert:0:0:                [Expert Info (Warn/Sequence): Previous segment not captured (common at capture start)]
0:0:                    [Message: Previous segment not captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
66:1121:    TCP segment data (1121 bytes)
ssl:66:1121:Secure Sockets Layer

frame:0:66:Frame 4: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:45.947809000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369265.947809000 seconds
0:0:    [Time delta from previous captured frame: 0.000052000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000052000 seconds]
0:0:    [Time since reference or first frame: 0.000303000 seconds]
0:0:    Frame Number: 4
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0x148e4f2e [incorrect, should be 0x172daf2c]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 173.36.7.6 (173.36.7.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x6812 (26642)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0x0be1 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 173.36.7.6 (173.36.7.6)
tcp:34:32:Transmission Control Protocol, Src Port: 50101 (50101), Dst Port: https (443), Seq: 1338627855, Ack: 4017035190
34:2:    Source port: 50101 (50101)
36:2:    Destination port: https (443)
34:0:    [Stream index: 0]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1338627855    (relative sequence number)
42:4:    Acknowledgment number: 4017035190    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4060
48:2:    [Calculated window size: 4060]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0xc6f7 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:74:Frame 5: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.261631000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.261631000 seconds
0:0:    [Time delta from previous captured frame: 3.313822000 seconds]
0:0:    [Time delta from previous displayed frame: 3.313822000 seconds]
0:0:    [Time since reference or first frame: 3.314125000 seconds]
0:0:    Frame Number: 5
0:0:    Frame Length: 74 bytes (592 bits)
0:0:    Capture Length: 74 bytes (592 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
70:4:    Frame check sequence: 0x01030307 [incorrect, should be 0x98521542]
70:4:        [FCS Good: False]
70:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 60
18:2:    Identification: 0x68db (26843)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x8ce5 [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:40:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 3115282787
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 3115282787    (relative sequence number)
46:1:    Header length: 40 bytes
46:2:    Flags: 0x002 (SYN)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...0 .... = Acknowledgment: Not set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..1. = Syn: Set
expert:0:0:            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port https]
0:0:                [Message: Connection establish request (SYN): server port https]
0:0:                [Severity level: Chat]
0:0:                [Group: Sequence]
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 14600
48:2:    [Calculated window size: 14600]
50:2:    Checksum: 0x289e [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:78:Frame 6: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.261783000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.261783000 seconds
0:0:    [Time delta from previous captured frame: 0.000152000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000152000 seconds]
0:0:    [Time since reference or first frame: 3.314277000 seconds]
0:0:    Frame Number: 6
0:0:    Frame Length: 78 bytes (624 bits)
0:0:    Capture Length: 78 bytes (624 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
74:4:    Frame check sequence: 0x04020000 [incorrect, should be 0xaa9638ad]
74:4:        [FCS Good: False]
74:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 64
18:2:    Identification: 0x3d12 (15634)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0xb2aa (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:44:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1959621331, Ack: 3115282788
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1959621331    (relative sequence number)
42:4:    Acknowledgment number: 3115282788    (relative ack number)
46:1:    Header length: 44 bytes
46:2:    Flags: 0x012 (SYN, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..1. = Syn: Set
expert:0:0:            [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port https]
0:0:                [Message: Connection establish acknowledge (SYN+ACK): server port https]
0:0:                [Severity level: Chat]
0:0:                [Group: Sequence]
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 65535
48:2:    [Calculated window size: 65535]
50:2:    Checksum: 0x4b2e [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:66:Frame 7: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.262151000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.262151000 seconds
0:0:    [Time delta from previous captured frame: 0.000368000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000368000 seconds]
0:0:    [Time since reference or first frame: 3.314645000 seconds]
0:0:    Frame Number: 7
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0x4f0192d6 [incorrect, should be 0xe9b1f1d4]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x68dc (26844)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x8cec [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 3115282788, Ack: 1959621332
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 3115282788    (relative sequence number)
42:4:    Acknowledgment number: 1959621332    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 115
48:2:    [Calculated window size: 115]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0xc675 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:66:Frame 8: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.262181000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.262181000 seconds
0:0:    [Time delta from previous captured frame: 0.000030000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000030000 seconds]
0:0:    [Time since reference or first frame: 3.314675000 seconds]
0:0:    Frame Number: 8
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0xa62b19b8 [incorrect, should be 0x49829acc]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0xf163 (61795)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0xfe64 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1959621332, Ack: 3115282788
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1959621332    (relative sequence number)
42:4:    Acknowledgment number: 3115282788    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4117
48:2:    [Calculated window size: 4117]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4b22 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:179:Frame 9: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.262353000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.262353000 seconds
0:0:    [Time delta from previous captured frame: 0.000172000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000172000 seconds]
0:0:    [Time since reference or first frame: 3.314847000 seconds]
0:0:    Frame Number: 9
0:0:    Frame Length: 179 bytes (1432 bits)
0:0:    Capture Length: 179 bytes (1432 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
175:4:    Frame check sequence: 0x00230000 [incorrect, should be 0x97c956c0]
175:4:        [FCS Good: False]
175:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 165
18:2:    Identification: 0x68dd (26845)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x8c7a [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 1, Ack: 1, Len: 109
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
38:4:    Sequence number: 1    (relative sequence number)
34:0:    [Next sequence number: 110    (relative sequence number)]
42:4:    Acknowledgment number: 1    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 115
48:2:    [Calculated window size: 115]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x63f5 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 2787842489, TSecr 1325503190
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 2787842489
62:4:            Timestamp echo reply: 1325503190
34:0:    [SEQ/ACK analysis]
34:0:        [Bytes in flight: 109]
66:109:    TCP segment data (109 bytes)
ssl:66:109:Secure Sockets Layer

frame:0:66:Frame 10: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.262387000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.262387000 seconds
0:0:    [Time delta from previous captured frame: 0.000034000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000034000 seconds]
0:0:    [Time since reference or first frame: 3.314881000 seconds]
0:0:    Frame Number: 10
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0xa62b19b9 [incorrect, should be 0x2036bf16]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0xbed3 (48851)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0x30f5 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1959621332, Ack: 3115282901
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1959621332    (relative sequence number)
42:4:    Acknowledgment number: 3115282901    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4114
48:2:    [Calculated window size: 4114]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4b22 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:934:Frame 11: 934 bytes on wire (7472 bits), 934 bytes captured (7472 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.263053000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.263053000 seconds
0:0:    [Time delta from previous captured frame: 0.000666000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000666000 seconds]
0:0:    [Time since reference or first frame: 3.315547000 seconds]
0:0:    Frame Number: 11
0:0:    Frame Length: 934 bytes (7472 bits)
0:0:    Capture Length: 934 bytes (7472 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
930:4:    Frame check sequence: 0x0e000000 [incorrect, should be 0x988536b8]
930:4:        [FCS Good: False]
930:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 920
18:2:    Identification: 0xc88f (51343)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0x23d5 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1, Ack: 114, Len: 864
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
38:4:    Sequence number: 1    (relative sequence number)
34:0:    [Next sequence number: 865    (relative sequence number)]
42:4:    Acknowledgment number: 114    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4114
48:2:    [Calculated window size: 4114]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4e86 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 1325503191, TSecr 2787842489
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 1325503191
62:4:            Timestamp echo reply: 2787842489
34:0:    [SEQ/ACK analysis]
34:0:        [Bytes in flight: 864]
34:0:        [TCP Analysis Flags]
34:0:            [This frame ACKs a segment we have not seen]
expert:0:0:                [Expert Info (Warn/Sequence): ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Message: ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
925:5:    TCP segment data (5 bytes)
ssl:66:864:Secure Sockets Layer
66:58:    TLSv1 Record Layer: Handshake Protocol: Server Hello
66:1:        Content Type: Handshake (22)
67:2:        Version: TLS 1.0 (0x0301)
69:2:        Length: 53
71:53:        Handshake Protocol: Server Hello
71:1:            Handshake Type: Server Hello (2)
72:3:            Length: 49
75:2:            Version: TLS 1.0 (0x0301)
text:77:32:            Random
77:4:                gmt_unix_time: Mar 25, 2050 22:49:28.000000000 UTC
81:28:                random_bytes: a6749ab12a7308416d3fdedbc00a73681102b8da8b4b7a9c...
109:1:            Session ID Length: 0
110:2:            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
112:1:            Compression Method: null (0)
113:2:            Extensions Length: 9
text:115:5:            Extension: renegotiation_info
115:2:                Type: renegotiation_info (0xff01)
117:2:                Length: 1
text:119:1:                Renegotiation Info extension
119:1:                    Renegotiation info extension length: 0
text:120:4:            Extension: SessionTicket TLS
120:2:                Type: SessionTicket TLS (0x0023)
122:2:                Length: 0
124:0:                Data (0 bytes)
124:801:    TLSv1 Record Layer: Handshake Protocol: Certificate
124:1:        Content Type: Handshake (22)
125:2:        Version: TLS 1.0 (0x0301)
127:2:        Length: 796
129:796:        Handshake Protocol: Certificate
129:1:            Handshake Type: Certificate (11)
130:3:            Length: 792
133:3:            Certificates Length: 789
136:789:            Certificates (789 bytes)
136:3:                Certificate Length: 786
139:786:                Certificate (id-at-commonName=test_ca,id-at-organizationName=Cisco,id-at-localityName=SH,id-at-stateOrProvinceName=SH,id-at-countryName=CN)
143:506:                    signedCertificate
text:149:9:                        serialNumber : 0x00fe771004b47eef3a
158:15:                        signature (shaWithRSAEncryption)
162:9:                            Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
173:75:                        issuer: rdnSequence (0)
175:73:                            rdnSequence: 5 items (id-at-commonName=test_ca,id-at-organizationName=Cisco,id-at-localityName=SH,id-at-stateOrProvinceName=SH,id-at-countryName=CN)
177:11:                                RDNSequence item: 1 item (id-at-countryName=CN)
177:11:                                    RelativeDistinguishedName item (id-at-countryName=CN)
181:3:                                        Id: 2.5.4.6 (id-at-countryName)
186:2:                                        CountryName: CN
190:11:                                RDNSequence item: 1 item (id-at-stateOrProvinceName=SH)
190:11:                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=SH)
194:3:                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
197:4:                                        DirectoryString: printableString (1)
199:2:                                            printableString: SH
203:11:                                RDNSequence item: 1 item (id-at-localityName=SH)
203:11:                                    RelativeDistinguishedName item (id-at-localityName=SH)
207:3:                                        Id: 2.5.4.7 (id-at-localityName)
210:4:                                        DirectoryString: printableString (1)
212:2:                                            printableString: SH
216:14:                                RDNSequence item: 1 item (id-at-organizationName=Cisco)
216:14:                                    RelativeDistinguishedName item (id-at-organizationName=Cisco)
220:3:                                        Id: 2.5.4.10 (id-at-organizationName)
223:7:                                        DirectoryString: printableString (1)
225:5:                                            printableString: Cisco
232:16:                                RDNSequence item: 1 item (id-at-commonName=test_ca)
232:16:                                    RelativeDistinguishedName item (id-at-commonName=test_ca)
236:3:                                        Id: 2.5.4.3 (id-at-commonName)
239:9:                                        DirectoryString: teletexString (0)
241:7:                                            teletexString: test_ca
248:32:                        validity
250:15:                            notBefore: utcTime (0)
252:13:                                utcTime: 17-04-28 05:52:10 (UTC)
265:15:                            notAfter: utcTime (0)
267:13:                                utcTime: 27-04-26 05:52:10 (UTC)
280:75:                        subject: rdnSequence (0)
282:73:                            rdnSequence: 5 items (id-at-commonName=test_ca,id-at-organizationName=Cisco,id-at-localityName=SH,id-at-stateOrProvinceName=SH,id-at-countryName=CN)
284:11:                                RDNSequence item: 1 item (id-at-countryName=CN)
284:11:                                    RelativeDistinguishedName item (id-at-countryName=CN)
288:3:                                        Id: 2.5.4.6 (id-at-countryName)
293:2:                                        CountryName: CN
297:11:                                RDNSequence item: 1 item (id-at-stateOrProvinceName=SH)
297:11:                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=SH)
301:3:                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
304:4:                                        DirectoryString: printableString (1)
306:2:                                            printableString: SH
310:11:                                RDNSequence item: 1 item (id-at-localityName=SH)
310:11:                                    RelativeDistinguishedName item (id-at-localityName=SH)
314:3:                                        Id: 2.5.4.7 (id-at-localityName)
317:4:                                        DirectoryString: printableString (1)
319:2:                                            printableString: SH
323:14:                                RDNSequence item: 1 item (id-at-organizationName=Cisco)
323:14:                                    RelativeDistinguishedName item (id-at-organizationName=Cisco)
327:3:                                        Id: 2.5.4.10 (id-at-organizationName)
330:7:                                        DirectoryString: printableString (1)
332:5:                                            printableString: Cisco
339:16:                                RDNSequence item: 1 item (id-at-commonName=test_ca)
339:16:                                    RelativeDistinguishedName item (id-at-commonName=test_ca)
343:3:                                        Id: 2.5.4.3 (id-at-commonName)
346:9:                                        DirectoryString: teletexString (0)
348:7:                                            teletexString: test_ca
355:294:                        subjectPublicKeyInfo
359:15:                            algorithm (rsaEncryption)
363:9:                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
378:1:                            Padding: 0
379:270:                            subjectPublicKey: 3082010a0282010100b5ca8f507bc2b7aaf780f1579cf75c...
649:15:                    algorithmIdentifier (shaWithRSAEncryption)
653:9:                        Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
668:1:                    Padding: 0
669:256:                    encrypted: 51786d103611f86bdf3ca77a99f7fd7e17d09e7e251aa34a...

frame:0:66:Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.263455000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.263455000 seconds
0:0:    [Time delta from previous captured frame: 0.000402000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000402000 seconds]
0:0:    [Time since reference or first frame: 3.315949000 seconds]
0:0:    Frame Number: 12
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0x4f0192d7 [incorrect, should be 0x8c48b6d4]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x68de (26846)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x8cea [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 3115282901, Ack: 1959622200
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 3115282901    (relative sequence number)
42:4:    Acknowledgment number: 1959622200    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 128
48:2:    [Calculated window size: 128]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0xc290 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:392:Frame 13: 392 bytes on wire (3136 bits), 392 bytes captured (3136 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.263955000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.263955000 seconds
0:0:    [Time delta from previous captured frame: 0.000500000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000500000 seconds]
0:0:    [Time since reference or first frame: 3.316449000 seconds]
0:0:    Frame Number: 13
0:0:    Frame Length: 392 bytes (3136 bits)
0:0:    Capture Length: 392 bytes (3136 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
388:4:    Frame check sequence: 0x5bc2edf1 [incorrect, should be 0x8cab1d1e]
388:4:        [FCS Good: False]
388:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 378
18:2:    Identification: 0x68df (26847)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x8ba3 [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 114, Ack: 869, Len: 322
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
38:4:    Sequence number: 114    (relative sequence number)
34:0:    [Next sequence number: 436    (relative sequence number)]
42:4:    Acknowledgment number: 869    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 128
48:2:    [Calculated window size: 128]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x11dd [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 2787842490, TSecr 1325503191
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 2787842490
62:4:            Timestamp echo reply: 1325503191
34:0:    [SEQ/ACK analysis]
34:0:        [TCP Analysis Flags]
34:0:            [A segment before this frame wasn't captured]
expert:0:0:                [Expert Info (Warn/Sequence): Previous segment not captured (common at capture start)]
0:0:                    [Message: Previous segment not captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
34:0:            [This frame ACKs a segment we have not seen]
expert:0:0:                [Expert Info (Warn/Sequence): ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Message: ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
339:49:    TCP segment data (49 bytes)
ssl:66:322:Secure Sockets Layer
66:267:    TLSv1 Record Layer: Handshake Protocol: Client Key Exchange
66:1:        Content Type: Handshake (22)
67:2:        Version: TLS 1.0 (0x0301)
69:2:        Length: 262
71:262:        Handshake Protocol: Client Key Exchange
71:1:            Handshake Type: Client Key Exchange (16)
72:3:            Length: 258
text:75:258:            RSA Encrypted PreMaster Secret
75:2:                Encrypted PreMaster length: 256
77:256:                Encrypted PreMaster: 8d18212a0338ab9dabd92c07a430f3b696a157a1559d4906...
333:6:    TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
333:1:        Content Type: Change Cipher Spec (20)
334:2:        Version: TLS 1.0 (0x0301)
336:2:        Length: 1
338:1:        Change Cipher Spec Message

frame:0:66:Frame 14: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.263981000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.263981000 seconds
0:0:    [Time delta from previous captured frame: 0.000026000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000026000 seconds]
0:0:    [Time since reference or first frame: 3.316475000 seconds]
0:0:    Frame Number: 14
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0xa62b19ba [incorrect, should be 0x75fb3dda]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x1d98 (7576)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0xd230 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1959622200, Ack: 3115283227
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1959622200    (relative sequence number)
42:4:    Acknowledgment number: 3115283227    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4104
48:2:    [Calculated window size: 4104]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4b22 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:332:Frame 15: 332 bytes on wire (2656 bits), 332 bytes captured (2656 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.305811000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.305811000 seconds
0:0:    [Time delta from previous captured frame: 0.041830000 seconds]
0:0:    [Time delta from previous displayed frame: 0.041830000 seconds]
0:0:    [Time since reference or first frame: 3.358305000 seconds]
0:0:    Frame Number: 15
0:0:    Frame Length: 332 bytes (2656 bits)
0:0:    Capture Length: 332 bytes (2656 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
328:4:    Frame check sequence: 0x04c79a64 [incorrect, should be 0xd1f92cbf]
328:4:        [FCS Good: False]
328:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 318
18:2:    Identification: 0x306c (12396)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0xbe52 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 869, Ack: 440, Len: 262
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
38:4:    Sequence number: 869    (relative sequence number)
34:0:    [Next sequence number: 1131    (relative sequence number)]
42:4:    Acknowledgment number: 440    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4104
48:2:    [Calculated window size: 4104]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4c2c [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 1325503232, TSecr 2787842490
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 1325503232
62:4:            Timestamp echo reply: 2787842490
34:0:    [SEQ/ACK analysis]
34:0:        [TCP Analysis Flags]
34:0:            [A segment before this frame wasn't captured]
expert:0:0:                [Expert Info (Warn/Sequence): Previous segment not captured (common at capture start)]
0:0:                    [Message: Previous segment not captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
34:0:            [This frame ACKs a segment we have not seen]
expert:0:0:                [Expert Info (Warn/Sequence): ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Message: ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
279:49:    TCP segment data (49 bytes)
ssl:66:262:Secure Sockets Layer
66:207:    TLSv1 Record Layer: Handshake Protocol: New Session Ticket
66:1:        Content Type: Handshake (22)
67:2:        Version: TLS 1.0 (0x0301)
69:2:        Length: 202
71:202:        Handshake Protocol: New Session Ticket
71:1:            Handshake Type: New Session Ticket (4)
72:3:            Length: 198
text:75:198:            TLS Session Ticket
75:4:                Session Ticket Lifetime Hint: 300
79:2:                Session Ticket Length: 192
81:192:                Session Ticket: e265f83b3f31816110128fd37bfb7411eb57860e3d9fc93d...
273:6:    TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
273:1:        Content Type: Change Cipher Spec (20)
274:2:        Version: TLS 1.0 (0x0301)
276:2:        Length: 1
278:1:        Change Cipher Spec Message

frame:0:252:Frame 16: 252 bytes on wire (2016 bits), 252 bytes captured (2016 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.306535000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.306535000 seconds
0:0:    [Time delta from previous captured frame: 0.000724000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000724000 seconds]
0:0:    [Time since reference or first frame: 3.359029000 seconds]
0:0:    Frame Number: 16
0:0:    Frame Length: 252 bytes (2016 bits)
0:0:    Capture Length: 252 bytes (2016 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
248:4:    Frame check sequence: 0xca7709f6 [incorrect, should be 0x93642189]
248:4:        [FCS Good: False]
248:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 238
18:2:    Identification: 0x68e0 (26848)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x8c2e [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 440, Ack: 1135, Len: 182
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
38:4:    Sequence number: 440    (relative sequence number)
34:0:    [Next sequence number: 622    (relative sequence number)]
42:4:    Acknowledgment number: 1135    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 142
48:2:    [Calculated window size: 142]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x330e [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 2787842533, TSecr 1325503232
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 2787842533
62:4:            Timestamp echo reply: 1325503232
34:0:    [SEQ/ACK analysis]
34:0:        [TCP Analysis Flags]
34:0:            [A segment before this frame wasn't captured]
expert:0:0:                [Expert Info (Warn/Sequence): Previous segment not captured (common at capture start)]
0:0:                    [Message: Previous segment not captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
34:0:            [This frame ACKs a segment we have not seen]
expert:0:0:                [Expert Info (Warn/Sequence): ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Message: ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
103:145:    TCP segment data (145 bytes)
ssl:66:182:Secure Sockets Layer
66:37:    TLSv1 Record Layer: Application Data Protocol: http
66:1:        Content Type: Application Data (23)
67:2:        Version: TLS 1.0 (0x0301)
69:2:        Length: 32
71:32:        Encrypted Application Data: bcac7bb15372231b6186397c24dfa33661885e77bca09cb2...

frame:0:66:Frame 17: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.306581000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.306581000 seconds
0:0:    [Time delta from previous captured frame: 0.000046000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000046000 seconds]
0:0:    [Time since reference or first frame: 3.359075000 seconds]
0:0:    Frame Number: 17
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0xa62b19e5 [incorrect, should be 0x7117b2ac]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x4859 (18521)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0xa76f (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1959622466, Ack: 3115283413
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1959622466    (relative sequence number)
42:4:    Acknowledgment number: 3115283413    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4098
48:2:    [Calculated window size: 4098]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4b22 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:614:Frame 18: 614 bytes on wire (4912 bits), 614 bytes captured (4912 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.308134000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.308134000 seconds
0:0:    [Time delta from previous captured frame: 0.001553000 seconds]
0:0:    [Time delta from previous displayed frame: 0.001553000 seconds]
0:0:    [Time since reference or first frame: 3.360628000 seconds]
0:0:    Frame Number: 18
0:0:    Frame Length: 614 bytes (4912 bits)
0:0:    Capture Length: 614 bytes (4912 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
610:4:    Frame check sequence: 0xa8d1e1f2 [incorrect, should be 0x0d798732]
610:4:        [FCS Good: False]
610:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 600
18:2:    Identification: 0xe29f (58015)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0x0b05 (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1135, Ack: 626, Len: 544
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
38:4:    Sequence number: 1135    (relative sequence number)
34:0:    [Next sequence number: 1679    (relative sequence number)]
42:4:    Acknowledgment number: 626    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4098
48:2:    [Calculated window size: 4098]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4d46 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 1325503233, TSecr 2787842533
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 1325503233
62:4:            Timestamp echo reply: 2787842533
34:0:    [SEQ/ACK analysis]
34:0:        [TCP Analysis Flags]
34:0:            [A segment before this frame wasn't captured]
expert:0:0:                [Expert Info (Warn/Sequence): Previous segment not captured (common at capture start)]
0:0:                    [Message: Previous segment not captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
34:0:            [This frame ACKs a segment we have not seen]
expert:0:0:                [Expert Info (Warn/Sequence): ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Message: ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
529:81:    TCP segment data (81 bytes)
ssl:66:544:Secure Sockets Layer
66:37:    TLSv1 Record Layer: Application Data Protocol: http
66:1:        Content Type: Application Data (23)
67:2:        Version: TLS 1.0 (0x0301)
69:2:        Length: 32
71:32:        Encrypted Application Data: 0cb8d85909e4ccbc7de74d8e3fd32955a213314fc162b21c...
103:389:    TLSv1 Record Layer: Application Data Protocol: http
103:1:        Content Type: Application Data (23)
104:2:        Version: TLS 1.0 (0x0301)
106:2:        Length: 384
108:384:        Encrypted Application Data: 8d9d9b321f5dde9219cf2bcfeacbc36503fe967e59dea13f...
492:37:    TLSv1 Record Layer: Application Data Protocol: http
492:1:        Content Type: Application Data (23)
493:2:        Version: TLS 1.0 (0x0301)
495:2:        Length: 32
497:32:        Encrypted Application Data: 3f9e5b01ea6773b3641bd3557c630e2be184ccc73d9bd1ae...

frame:0:66:Frame 19: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.309407000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.309407000 seconds
0:0:    [Time delta from previous captured frame: 0.001273000 seconds]
0:0:    [Time delta from previous displayed frame: 0.001273000 seconds]
0:0:    [Time since reference or first frame: 3.361901000 seconds]
0:0:    Frame Number: 19
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0x4f019301 [incorrect, should be 0x53e78c45]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x68e1 (26849)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x8ce7 [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:32:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 3115283413, Ack: 1959623014
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 3115283413    (relative sequence number)
42:4:    Acknowledgment number: 1959623014    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x011 (FIN, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...1 = Fin: Set
expert:0:0:            [Expert Info (Chat/Sequence): Connection finish (FIN)]
0:0:                [Message: Connection finish (FIN)]
0:0:                [Severity level: Chat]
0:0:                [Group: Sequence]
48:2:    Window size value: 155
48:2:    [Calculated window size: 155]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0xbcee [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:66:Frame 20: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.309500000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.309500000 seconds
0:0:    [Time delta from previous captured frame: 0.000093000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000093000 seconds]
0:0:    [Time since reference or first frame: 3.361994000 seconds]
0:0:    Frame Number: 20
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0xa62b19e8 [incorrect, should be 0xb3f66a7c]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x85fd (34301)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0x69cb (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1959623014, Ack: 3115283414
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1959623014    (relative sequence number)
42:4:    Acknowledgment number: 3115283414    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x010 (ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4098
48:2:    [Calculated window size: 4098]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4b22 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:103:Frame 21: 103 bytes on wire (824 bits), 103 bytes captured (824 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.309585000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.309585000 seconds
0:0:    [Time delta from previous captured frame: 0.000085000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000085000 seconds]
0:0:    [Time since reference or first frame: 3.362079000 seconds]
0:0:    Frame Number: 21
0:0:    Frame Length: 103 bytes (824 bits)
0:0:    Capture Length: 103 bytes (824 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp:ssl]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
99:4:    Frame check sequence: 0xe324293c [incorrect, should be 0x2945b534]
99:4:        [FCS Good: False]
99:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 89
18:2:    Identification: 0x4d08 (19720)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0xa29b (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1683, Ack: 627, Len: 33
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
38:4:    Sequence number: 1683    (relative sequence number)
34:0:    [Next sequence number: 1716    (relative sequence number)]
42:4:    Acknowledgment number: 627    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x018 (PSH, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 1... = Push: Set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 4098
48:2:    [Calculated window size: 4098]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4b47 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
54:12:    Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
text:54:1:        No-Operation (NOP)
54:1:            Type: 1
54:1:                0... .... = Copy on fragmentation: No
54:1:                .00. .... = Class: Control (0)
54:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:55:1:        No-Operation (NOP)
55:1:            Type: 1
55:1:                0... .... = Copy on fragmentation: No
55:1:                .00. .... = Class: Control (0)
55:1:                ...0 0001 = Number: No-Operation (NOP) (1)
text:56:10:        Timestamps: TSval 1325503235, TSecr 2787842536
56:1:            Kind: Timestamp (8)
57:1:            Length: 10
58:4:            Timestamp value: 1325503235
62:4:            Timestamp echo reply: 2787842536
34:0:    [SEQ/ACK analysis]
34:0:        [TCP Analysis Flags]
34:0:            [A segment before this frame wasn't captured]
expert:0:0:                [Expert Info (Warn/Sequence): Previous segment not captured (common at capture start)]
0:0:                    [Message: Previous segment not captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
34:0:            [This frame ACKs a segment we have not seen]
expert:0:0:                [Expert Info (Warn/Sequence): ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Message: ACKed segment that wasn't captured (common at capture start)]
0:0:                    [Severity level: Warn]
0:0:                    [Group: Sequence]
66:33:    TCP segment data (33 bytes)
ssl:66:33:Secure Sockets Layer

frame:0:66:Frame 22: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.309649000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.309649000 seconds
0:0:    [Time delta from previous captured frame: 0.000064000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000064000 seconds]
0:0:    [Time since reference or first frame: 3.362143000 seconds]
0:0:    Frame Number: 22
0:0:    Frame Length: 66 bytes (528 bits)
0:0:    Capture Length: 66 bytes (528 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Apple_52:5a:c7 (40:6c:8f:52:5a:c7), Dst: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:    Destination: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
62:4:    Frame check sequence: 0xa62b19e8 [incorrect, should be 0xd84ed639]
62:4:        [FCS Good: False]
62:4:        [FCS Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
ip:14:20:Internet Protocol Version 4, Src: 10.140.8.27 (10.140.8.27), Dst: 10.79.46.6 (10.79.46.6)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 52
18:2:    Identification: 0x5b29 (23337)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 64
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0x0000 [incorrect, should be 0x949f (may be caused by "IP checksum offload"?)]
24:2:        [Good: False]
24:2:        [Bad: True]
expert:0:0:            [Expert Info (Error/Checksum): Bad checksum]
0:0:                [Message: Bad checksum]
0:0:                [Severity level: Error]
0:0:                [Group: Checksum]
26:4:    Source: 10.140.8.27 (10.140.8.27)
30:4:    Destination: 10.79.46.6 (10.79.46.6)
tcp:34:32:Transmission Control Protocol, Src Port: https (443), Dst Port: 44716 (44716), Seq: 1959623051, Ack: 3115283414
34:2:    Source port: https (443)
36:2:    Destination port: 44716 (44716)
34:0:    [Stream index: 1]
text:34:0:    [Short segment. Segment/fragment does not contain a full TCP header (might be NMAP or someone else deliberately sending unusual packets)]
expert:0:0:        [Expert Info (Warn/Malformed): Short segment]
0:0:            [Message: Short segment]
0:0:            [Severity level: Warn]
0:0:            [Group: Malformed]
38:4:    Sequence number: 1959623051    (relative sequence number)
42:4:    Acknowledgment number: 3115283414    (relative ack number)
46:1:    Header length: 32 bytes
46:2:    Flags: 0x011 (FIN, ACK)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...1 .... = Acknowledgment: Set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .0.. = Reset: Not set
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...1 = Fin: Set
expert:0:0:            [Expert Info (Chat/Sequence): Connection finish (FIN)]
0:0:                [Message: Connection finish (FIN)]
0:0:                [Severity level: Chat]
0:0:                [Group: Sequence]
48:2:    Window size value: 4098
48:2:    [Calculated window size: 4098]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x4b22 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:14:0:[Malformed Packet: TCP]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:60:Frame 23: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.309880000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.309880000 seconds
0:0:    [Time delta from previous captured frame: 0.000231000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000231000 seconds]
0:0:    [Time since reference or first frame: 3.362374000 seconds]
0:0:    Frame Number: 23
0:0:    Frame Length: 60 bytes (480 bits)
0:0:    Capture Length: 60 bytes (480 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
54:6:    Padding: 000000000000
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 40
18:2:    Identification: 0x0000 (0)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0xf5d4 [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:20:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 627, Len: 0
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
38:4:    Sequence number: 627    (relative sequence number)
46:1:    Header length: 20 bytes
46:2:    Flags: 0x004 (RST)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...0 .... = Acknowledgment: Not set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .1.. = Reset: Set
expert:0:0:            [Expert Info (Chat/Sequence): Connection reset (RST)]
0:0:                [Message: Connection reset (RST)]
0:0:                [Severity level: Chat]
0:0:                [Group: Sequence]
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 0
48:2:    [Calculated window size: 0]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x86f7 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:0:0:[Malformed Packet: Ethernet]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

frame:0:60:Frame 24: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
0:0:    WTAP_ENCAP: 1
0:0:    Arrival Time: Apr 28, 2017 08:47:49.309971000 UTC
0:0:    [Time shift for this packet: 0.000000000 seconds]
0:0:    Epoch Time: 1493369269.309971000 seconds
0:0:    [Time delta from previous captured frame: 0.000091000 seconds]
0:0:    [Time delta from previous displayed frame: 0.000091000 seconds]
0:0:    [Time since reference or first frame: 3.362465000 seconds]
0:0:    Frame Number: 24
0:0:    Frame Length: 60 bytes (480 bits)
0:0:    Capture Length: 60 bytes (480 bits)
0:0:    [Frame is marked: False]
0:0:    [Frame is ignored: False]
0:0:    [Protocols in frame: eth:ip:tcp]
eth:0:14:Ethernet II, Src: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc), Dst: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:    Destination: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:6:        Address: Apple_52:5a:c7 (40:6c:8f:52:5a:c7)
0:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
0:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
6:6:    Source: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:6:        Address: Cisco_ff:fd:cc (00:08:e3:ff:fd:cc)
6:3:        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
6:3:        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
12:2:    Type: IP (0x0800)
54:6:    Padding: 000000000000
ip:14:20:Internet Protocol Version 4, Src: 10.79.46.6 (10.79.46.6), Dst: 10.140.8.27 (10.140.8.27)
14:1:    Version: 4
14:1:    Header length: 20 bytes
15:1:    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
15:1:        0000 00.. = Differentiated Services Codepoint: Default (0x00)
15:1:        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
16:2:    Total Length: 40
18:2:    Identification: 0x0000 (0)
20:1:    Flags: 0x02 (Don't Fragment)
20:1:        0... .... = Reserved bit: Not set
20:1:        .1.. .... = Don't fragment: Set
20:1:        ..0. .... = More fragments: Not set
20:2:    Fragment offset: 0
22:1:    Time to live: 58
23:1:    Protocol: TCP (6)
24:2:    Header checksum: 0xf5d4 [correct]
24:2:        [Good: True]
24:2:        [Bad: False]
26:4:    Source: 10.79.46.6 (10.79.46.6)
30:4:    Destination: 10.140.8.27 (10.140.8.27)
tcp:34:20:Transmission Control Protocol, Src Port: 44716 (44716), Dst Port: https (443), Seq: 627, Len: 0
34:2:    Source port: 44716 (44716)
36:2:    Destination port: https (443)
34:0:    [Stream index: 1]
38:4:    Sequence number: 627    (relative sequence number)
46:1:    Header length: 20 bytes
46:2:    Flags: 0x004 (RST)
46:1:        000. .... .... = Reserved: Not set
46:1:        ...0 .... .... = Nonce: Not set
47:1:        .... 0... .... = Congestion Window Reduced (CWR): Not set
47:1:        .... .0.. .... = ECN-Echo: Not set
47:1:        .... ..0. .... = Urgent: Not set
47:1:        .... ...0 .... = Acknowledgment: Not set
47:1:        .... .... 0... = Push: Not set
47:1:        .... .... .1.. = Reset: Set
expert:0:0:            [Expert Info (Chat/Sequence): Connection reset (RST)]
0:0:                [Message: Connection reset (RST)]
0:0:                [Severity level: Chat]
0:0:                [Group: Sequence]
47:1:        .... .... ..0. = Syn: Not set
47:1:        .... .... ...0 = Fin: Not set
48:2:    Window size value: 0
48:2:    [Calculated window size: 0]
48:2:    [Window size scaling factor: -1 (unknown)]
50:2:    Checksum: 0x86f7 [validation disabled]
50:2:        [Good Checksum: False]
50:2:        [Bad Checksum: False]
malformed:0:0:[Malformed Packet: Ethernet]
expert:0:0:    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
0:0:        [Message: Malformed Packet (Exception occurred)]
0:0:        [Severity level: Error]
0:0:        [Group: Malformed]

asked 02 May '17, 01:57

Frank%20Lin's gravatar image

Frank Lin
26226
accept rate: 0%

edited 02 May '17, 03:11

grahamb's gravatar image

grahamb ♦
19.8k330206


Wireshark 1.8 is old and unsupported. Many improvements have entered successive versions so that is why it is possible that 2.2 is working while 1.8 is not working.

Based on your debug log, it seems that Wireshark was able to find the required information from the server side but failed to find the information from the client side.

You are recommended to upgrade to 2.2 or later.

permanent link

answered 02 May '17, 05:03

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

edited 02 May '17, 07:16

cmaynard's gravatar image

cmaynard ♦♦
9.3k1038142

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×319

question asked: 02 May '17, 01:57

question was seen: 1,710 times

last updated: 02 May '17, 07:16

p​o​w​e​r​e​d by O​S​Q​A