Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.667188080 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.667188080 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 60 Identification: 0x6b1a (27418) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17b7 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 0, Len: 0 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port ftp] [Message: Connection establish request (SYN): server port ftp] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set Window size value: 14600 [Calculated window size: 14600] Checksum: 0x4527 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale Maximum segment size: 1460 bytes Kind: MSS size (2) Length: 4 MSS Value: 1460 TCP SACK Permitted Option: True Kind: SACK Permission (4) Length: 2 Timestamps: TSval 33039666, TSecr 0 Kind: Timestamp (8) Length: 10 Timestamp value: 33039666 Timestamp echo reply: 0 No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Window scale: 2 (multiply by 4) Kind: Window Scale (3) Length: 3 Shift count: 2 [Multiplier: 4] Frame 2: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.667251695 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.667251695 seconds [Time delta from previous captured frame: 0.000063615 seconds] [Time delta from previous displayed frame: 0.000063615 seconds] [Time since reference or first frame: 0.000063615 seconds] Frame Number: 2 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 60 Identification: 0x0000 (0) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x82d1 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 0, Ack: 1, Len: 0 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 0 (relative sequence number) Acknowledgment number: 1 (relative ack number) Header length: 40 bytes Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port ftp] [Message: Connection establish acknowledge (SYN+ACK): server port ftp] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set Window size value: 28960 [Calculated window size: 28960] Checksum: 0xb819 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale Maximum segment size: 1460 bytes Kind: MSS size (2) Length: 4 MSS Value: 1460 TCP SACK Permitted Option: True Kind: SACK Permission (4) Length: 2 Timestamps: TSval 159673750, TSecr 33039666 Kind: Timestamp (8) Length: 10 Timestamp value: 159673750 Timestamp echo reply: 33039666 No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Window scale: 7 (multiply by 128) Kind: Window Scale (3) Length: 3 Shift count: 7 [Multiplier: 128] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.000063615 seconds] Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.681763833 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.681763833 seconds [Time delta from previous captured frame: 0.014512138 seconds] [Time delta from previous displayed frame: 0.014512138 seconds] [Time since reference or first frame: 0.014575753 seconds] Frame Number: 3 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6b1b (27419) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17be [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 1, Ack: 1, Len: 0 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 1 (relative sequence number) Acknowledgment number: 1 (relative ack number) Header length: 32 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x9fdf [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039667, TSecr 159673750 Kind: Timestamp (8) Length: 10 Timestamp value: 33039667 Timestamp echo reply: 159673750 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.014512138 seconds] Frame 4: 111 bytes on wire (888 bits), 111 bytes captured (888 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.684330711 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.684330711 seconds [Time delta from previous captured frame: 0.002566878 seconds] [Time delta from previous displayed frame: 0.002566878 seconds] [Time since reference or first frame: 0.017142631 seconds] Frame Number: 4 Frame Length: 111 bytes (888 bits) Capture Length: 111 bytes (888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 97 Identification: 0x6721 (26401) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b8b [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 1, Ack: 1, Len: 45 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 46 (relative sequence number)] Acknowledgment number: 1 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb83e [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673767, TSecr 33039667 Kind: Timestamp (8) Length: 10 Timestamp value: 159673767 Timestamp echo reply: 33039667 [SEQ/ACK analysis] [Bytes in flight: 45] File Transfer Protocol (FTP) 220 Welcome to the IBRITISH376 FTP service.\r\n Response code: Service ready for new user (220) Response arg: Welcome to the IBRITISH376 FTP service. Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.690877967 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.690877967 seconds [Time delta from previous captured frame: 0.006547256 seconds] [Time delta from previous displayed frame: 0.006547256 seconds] [Time since reference or first frame: 0.023689887 seconds] Frame Number: 5 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6b1c (27420) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17ad [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 1, Ack: 46, Len: 0 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 1 (relative sequence number) Acknowledgment number: 46 (relative ack number) Header length: 32 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x9f9f [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039669, TSecr 159673767 Kind: Timestamp (8) Length: 10 Timestamp value: 33039669 Timestamp echo reply: 159673767 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.006547256 seconds] Frame 6: 79 bytes on wire (632 bits), 79 bytes captured (632 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.692311768 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.692311768 seconds [Time delta from previous captured frame: 0.001433801 seconds] [Time delta from previous displayed frame: 0.001433801 seconds] [Time since reference or first frame: 0.025123688 seconds] Frame Number: 6 Frame Length: 79 bytes (632 bits) Capture Length: 79 bytes (632 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 65 Identification: 0x6b1d (27421) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x179f [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 1, Ack: 46, Len: 13 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 14 (relative sequence number)] Acknowledgment number: 46 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x98ae [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039669, TSecr 159673767 Kind: Timestamp (8) Length: 10 Timestamp value: 33039669 Timestamp echo reply: 159673767 [SEQ/ACK analysis] [Bytes in flight: 13] File Transfer Protocol (FTP) USER Gordon\r\n Request command: USER Request arg: Gordon Frame 7: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.692328402 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.692328402 seconds [Time delta from previous captured frame: 0.000016634 seconds] [Time delta from previous displayed frame: 0.000016634 seconds] [Time since reference or first frame: 0.025140322 seconds] Frame Number: 7 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6722 (26402) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1bb7 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 46, Ack: 14, Len: 0 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 46 (relative sequence number) Acknowledgment number: 14 (relative ack number) Header length: 32 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb811 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673775, TSecr 33039669 Kind: Timestamp (8) Length: 10 Timestamp value: 159673775 Timestamp echo reply: 33039669 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 6] [The RTT to ACK the segment was: 0.000016634 seconds] Frame 8: 100 bytes on wire (800 bits), 100 bytes captured (800 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.692429502 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.692429502 seconds [Time delta from previous captured frame: 0.000101100 seconds] [Time delta from previous displayed frame: 0.000101100 seconds] [Time since reference or first frame: 0.025241422 seconds] Frame Number: 8 Frame Length: 100 bytes (800 bits) Capture Length: 100 bytes (800 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 86 Identification: 0x6723 (26403) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b94 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 46, Ack: 14, Len: 34 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 46 (relative sequence number) [Next sequence number: 80 (relative sequence number)] Acknowledgment number: 14 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb833 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673775, TSecr 33039669 Kind: Timestamp (8) Length: 10 Timestamp value: 159673775 Timestamp echo reply: 33039669 [SEQ/ACK analysis] [Bytes in flight: 34] File Transfer Protocol (FTP) 331 Please specify the password.\r\n Response code: User name okay, need password (331) Response arg: Please specify the password. Frame 9: 79 bytes on wire (632 bits), 79 bytes captured (632 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.696270038 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.696270038 seconds [Time delta from previous captured frame: 0.003840536 seconds] [Time delta from previous displayed frame: 0.003840536 seconds] [Time since reference or first frame: 0.029081958 seconds] Frame Number: 9 Frame Length: 79 bytes (632 bits) Capture Length: 79 bytes (632 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 65 Identification: 0x6b1e (27422) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x179e [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 14, Ack: 80, Len: 13 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 14 (relative sequence number) [Next sequence number: 27 (relative sequence number)] Acknowledgment number: 80 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0xc9a3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039669, TSecr 159673775 Kind: Timestamp (8) Length: 10 Timestamp value: 33039669 Timestamp echo reply: 159673775 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 8] [The RTT to ACK the segment was: 0.003840536 seconds] [Bytes in flight: 13] File Transfer Protocol (FTP) PASS gord44\r\n Request command: PASS Request arg: gord44 Frame 10: 89 bytes on wire (712 bits), 89 bytes captured (712 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.723527359 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.723527359 seconds [Time delta from previous captured frame: 0.027257321 seconds] [Time delta from previous displayed frame: 0.027257321 seconds] [Time since reference or first frame: 0.056339279 seconds] Frame Number: 10 Frame Length: 89 bytes (712 bits) Capture Length: 89 bytes (712 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 75 Identification: 0x6724 (26404) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b9e [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 80, Ack: 27, Len: 23 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 80 (relative sequence number) [Next sequence number: 103 (relative sequence number)] Acknowledgment number: 27 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb828 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673806, TSecr 33039669 Kind: Timestamp (8) Length: 10 Timestamp value: 159673806 Timestamp echo reply: 33039669 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.027257321 seconds] [Bytes in flight: 23] File Transfer Protocol (FTP) 230 Login successful.\r\n Response code: User logged in, proceed (230) Response arg: Login successful. Frame 11: 71 bytes on wire (568 bits), 71 bytes captured (568 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.725855369 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.725855369 seconds [Time delta from previous captured frame: 0.002328010 seconds] [Time delta from previous displayed frame: 0.002328010 seconds] [Time since reference or first frame: 0.058667289 seconds] Frame Number: 11 Frame Length: 71 bytes (568 bits) Capture Length: 71 bytes (568 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 57 Identification: 0x6b1f (27423) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17a5 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 27, Ack: 103, Len: 5 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 27 (relative sequence number) [Next sequence number: 32 (relative sequence number)] Acknowledgment number: 103 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x00b1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039672, TSecr 159673806 Kind: Timestamp (8) Length: 10 Timestamp value: 33039672 Timestamp echo reply: 159673806 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 10] [The RTT to ACK the segment was: 0.002328010 seconds] [Bytes in flight: 5] File Transfer Protocol (FTP) PWD\r\n Request command: PWD Frame 12: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.725979477 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.725979477 seconds [Time delta from previous captured frame: 0.000124108 seconds] [Time delta from previous displayed frame: 0.000124108 seconds] [Time since reference or first frame: 0.058791397 seconds] Frame Number: 12 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 83 Identification: 0x6725 (26405) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b95 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 103, Ack: 32, Len: 31 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 103 (relative sequence number) [Next sequence number: 134 (relative sequence number)] Acknowledgment number: 32 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb830 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673809, TSecr 33039672 Kind: Timestamp (8) Length: 10 Timestamp value: 159673809 Timestamp echo reply: 33039672 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 11] [The RTT to ACK the segment was: 0.000124108 seconds] [Bytes in flight: 31] File Transfer Protocol (FTP) 257 "/var/www/the-larsens.ca"\r\n Response code: PATHNAME created (257) Response arg: "/var/www/the-larsens.ca" Frame 13: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.729008613 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.729008613 seconds [Time delta from previous captured frame: 0.003029136 seconds] [Time delta from previous displayed frame: 0.003029136 seconds] [Time since reference or first frame: 0.061820533 seconds] Frame Number: 13 Frame Length: 72 bytes (576 bits) Capture Length: 72 bytes (576 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 58 Identification: 0x6b20 (27424) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17a3 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 32, Ack: 134, Len: 6 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 32 (relative sequence number) [Next sequence number: 38 (relative sequence number)] Acknowledgment number: 134 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x0a49 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039673, TSecr 159673809 Kind: Timestamp (8) Length: 10 Timestamp value: 33039673 Timestamp echo reply: 159673809 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 12] [The RTT to ACK the segment was: 0.003029136 seconds] [Bytes in flight: 6] File Transfer Protocol (FTP) FEAT\r\n Request command: FEAT Frame 14: 81 bytes on wire (648 bits), 81 bytes captured (648 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.729112547 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.729112547 seconds [Time delta from previous captured frame: 0.000103934 seconds] [Time delta from previous displayed frame: 0.000103934 seconds] [Time since reference or first frame: 0.061924467 seconds] Frame Number: 14 Frame Length: 81 bytes (648 bits) Capture Length: 81 bytes (648 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 67 Identification: 0x6726 (26406) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1ba4 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 134, Ack: 38, Len: 15 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 134 (relative sequence number) [Next sequence number: 149 (relative sequence number)] Acknowledgment number: 38 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb820 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673812, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673812 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 13] [The RTT to ACK the segment was: 0.000103934 seconds] [Bytes in flight: 15] File Transfer Protocol (FTP) 211-Features:\r\n Response code: System status, or system help reply (211) Response arg: Features: Frame 15: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.729141041 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.729141041 seconds [Time delta from previous captured frame: 0.000028494 seconds] [Time delta from previous displayed frame: 0.000028494 seconds] [Time since reference or first frame: 0.061952961 seconds] Frame Number: 15 Frame Length: 73 bytes (584 bits) Capture Length: 73 bytes (584 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 59 Identification: 0x6727 (26407) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1bab [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 149, Ack: 38, Len: 7 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 149 (relative sequence number) [Next sequence number: 156 (relative sequence number)] Acknowledgment number: 38 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb818 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673812, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673812 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 22] File Transfer Protocol (FTP) EPRT\r\n Response arg: EPRT Frame 16: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.729153198 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.729153198 seconds [Time delta from previous captured frame: 0.000012157 seconds] [Time delta from previous displayed frame: 0.000012157 seconds] [Time since reference or first frame: 0.061965118 seconds] Frame Number: 16 Frame Length: 73 bytes (584 bits) Capture Length: 73 bytes (584 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 59 Identification: 0x6728 (26408) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1baa [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 156, Ack: 38, Len: 7 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 156 (relative sequence number) [Next sequence number: 163 (relative sequence number)] Acknowledgment number: 38 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb818 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673812, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673812 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 29] File Transfer Protocol (FTP) EPSV\r\n Response arg: EPSV Frame 17: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.729189596 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.729189596 seconds [Time delta from previous captured frame: 0.000036398 seconds] [Time delta from previous displayed frame: 0.000036398 seconds] [Time since reference or first frame: 0.062001516 seconds] Frame Number: 17 Frame Length: 124 bytes (992 bits) Capture Length: 124 bytes (992 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 110 Identification: 0x6729 (26409) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b76 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 163, Ack: 38, Len: 58 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 163 (relative sequence number) [Next sequence number: 221 (relative sequence number)] Acknowledgment number: 38 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb84b [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673812, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673812 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 87] File Transfer Protocol (FTP) MDTM\r\n Response arg: MDTM PASV\r\n REST STREAM\r\n SIZE\r\n TVFS\r\n UTF8\r\n 211 End\r\n Frame 18: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737336263 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737336263 seconds [Time delta from previous captured frame: 0.008146667 seconds] [Time delta from previous displayed frame: 0.008146667 seconds] [Time since reference or first frame: 0.070148183 seconds] Frame Number: 18 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6b21 (27425) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17a8 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 38, Ack: 221, Len: 0 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 38 (relative sequence number) Acknowledgment number: 221 (relative ack number) Header length: 32 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x9e9a [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039673, TSecr 159673812 Kind: Timestamp (8) Length: 10 Timestamp value: 33039673 Timestamp echo reply: 159673812 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 17] [The RTT to ACK the segment was: 0.008146667 seconds] Frame 19: 77 bytes on wire (616 bits), 77 bytes captured (616 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737767929 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737767929 seconds [Time delta from previous captured frame: 0.000431666 seconds] [Time delta from previous displayed frame: 0.000431666 seconds] [Time since reference or first frame: 0.070579849 seconds] Frame Number: 19 Frame Length: 77 bytes (616 bits) Capture Length: 77 bytes (616 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 63 Identification: 0x6b22 (27426) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x179c [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 38, Ack: 221, Len: 11 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 38 (relative sequence number) [Next sequence number: 49 (relative sequence number)] Acknowledgment number: 221 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x513d [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039673, TSecr 159673812 Kind: Timestamp (8) Length: 10 Timestamp value: 33039673 Timestamp echo reply: 159673812 [SEQ/ACK analysis] [Bytes in flight: 11] File Transfer Protocol (FTP) HELP SITE\r\n Request command: HELP Request arg: SITE Frame 20: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737897901 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737897901 seconds [Time delta from previous captured frame: 0.000129972 seconds] [Time delta from previous displayed frame: 0.000129972 seconds] [Time since reference or first frame: 0.070709821 seconds] Frame Number: 20 Frame Length: 110 bytes (880 bits) Capture Length: 110 bytes (880 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 96 Identification: 0x672a (26410) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b83 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 221, Ack: 49, Len: 44 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 221 (relative sequence number) [Next sequence number: 265 (relative sequence number)] Acknowledgment number: 49 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb83d [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673821, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673821 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 19] [The RTT to ACK the segment was: 0.000129972 seconds] [Bytes in flight: 44] File Transfer Protocol (FTP) 214-The following commands are recognized.\r\n Response code: Help message (214) Response arg: The following commands are recognized. Frame 21: 137 bytes on wire (1096 bits), 137 bytes captured (1096 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737926229 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737926229 seconds [Time delta from previous captured frame: 0.000028328 seconds] [Time delta from previous displayed frame: 0.000028328 seconds] [Time since reference or first frame: 0.070738149 seconds] Frame Number: 21 Frame Length: 137 bytes (1096 bits) Capture Length: 137 bytes (1096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 123 Identification: 0x672b (26411) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b67 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 265, Ack: 49, Len: 71 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 265 (relative sequence number) [Next sequence number: 336 (relative sequence number)] Acknowledgment number: 49 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb858 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673821, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673821 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 115] File Transfer Protocol (FTP) ABOR ACCT ALLO APPE CDUP CWD DELE EPRT EPSV FEAT HELP LIST MDTM MKD\r\n Response arg: ABOR ACCT ALLO APPE CDUP CWD DELE EPRT EPSV FEAT HELP LIST MDTM MKD Frame 22: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737950781 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737950781 seconds [Time delta from previous captured frame: 0.000024552 seconds] [Time delta from previous displayed frame: 0.000024552 seconds] [Time since reference or first frame: 0.070762701 seconds] Frame Number: 22 Frame Length: 138 bytes (1104 bits) Capture Length: 138 bytes (1104 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 124 Identification: 0x672c (26412) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b65 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 336, Ack: 49, Len: 72 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 336 (relative sequence number) [Next sequence number: 408 (relative sequence number)] Acknowledgment number: 49 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb859 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673821, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673821 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 187] File Transfer Protocol (FTP) MODE NLST NOOP OPTS PASS PASV PORT PWD QUIT REIN REST RETR RMD RNFR\r\n Response arg: MODE NLST NOOP OPTS PASS PASV PORT PWD QUIT REIN REST RETR RMD RNFR Frame 23: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737963776 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737963776 seconds [Time delta from previous captured frame: 0.000012995 seconds] [Time delta from previous displayed frame: 0.000012995 seconds] [Time since reference or first frame: 0.070775696 seconds] Frame Number: 23 Frame Length: 138 bytes (1104 bits) Capture Length: 138 bytes (1104 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 124 Identification: 0x672d (26413) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b64 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 408, Ack: 49, Len: 72 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 408 (relative sequence number) [Next sequence number: 480 (relative sequence number)] Acknowledgment number: 49 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb859 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673821, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673821 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 259] File Transfer Protocol (FTP) RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD\r\n Response arg: RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD Frame 24: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737980223 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737980223 seconds [Time delta from previous captured frame: 0.000016447 seconds] [Time delta from previous displayed frame: 0.000016447 seconds] [Time since reference or first frame: 0.070792143 seconds] Frame Number: 24 Frame Length: 78 bytes (624 bits) Capture Length: 78 bytes (624 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 64 Identification: 0x672e (26414) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b9f [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 480, Ack: 49, Len: 12 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 480 (relative sequence number) [Next sequence number: 492 (relative sequence number)] Acknowledgment number: 49 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb81d [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673821, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673821 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 271] File Transfer Protocol (FTP) XPWD XRMD\r\n Response arg: XPWD XRMD Frame 25: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.737994676 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.737994676 seconds [Time delta from previous captured frame: 0.000014453 seconds] [Time delta from previous displayed frame: 0.000014453 seconds] [Time since reference or first frame: 0.070806596 seconds] Frame Number: 25 Frame Length: 80 bytes (640 bits) Capture Length: 80 bytes (640 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 66 Identification: 0x672f (26415) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b9c [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 492, Ack: 49, Len: 14 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 492 (relative sequence number) [Next sequence number: 506 (relative sequence number)] Acknowledgment number: 49 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb81f [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673821, TSecr 33039673 Kind: Timestamp (8) Length: 10 Timestamp value: 159673821 Timestamp echo reply: 33039673 [SEQ/ACK analysis] [Bytes in flight: 285] File Transfer Protocol (FTP) 214 Help OK.\r\n Response code: Help message (214) Response arg: Help OK. Frame 26: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.743622328 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.743622328 seconds [Time delta from previous captured frame: 0.005627652 seconds] [Time delta from previous displayed frame: 0.005627652 seconds] [Time since reference or first frame: 0.076434248 seconds] Frame Number: 26 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6b23 (27427) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17a6 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 49, Ack: 506, Len: 0 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 49 (relative sequence number) Acknowledgment number: 506 (relative ack number) Header length: 32 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x9d68 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039674, TSecr 159673821 Kind: Timestamp (8) Length: 10 Timestamp value: 33039674 Timestamp echo reply: 159673821 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 25] [The RTT to ACK the segment was: 0.005627652 seconds] Frame 27: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.744076941 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.744076941 seconds [Time delta from previous captured frame: 0.000454613 seconds] [Time delta from previous displayed frame: 0.000454613 seconds] [Time since reference or first frame: 0.076888861 seconds] Frame Number: 27 Frame Length: 110 bytes (880 bits) Capture Length: 110 bytes (880 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 96 Identification: 0x6b24 (27428) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1779 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 49, Ack: 506, Len: 44 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 49 (relative sequence number) [Next sequence number: 93 (relative sequence number)] Acknowledgment number: 506 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x3026 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039674, TSecr 159673821 Kind: Timestamp (8) Length: 10 Timestamp value: 33039674 Timestamp echo reply: 159673821 [SEQ/ACK analysis] [Bytes in flight: 44] File Transfer Protocol (FTP) CLNT NcFTPPut 3.2.5 linux-x86_64-glibc2.12\r\n Request command: CLNT Request arg: NcFTPPut 3.2.5 linux-x86_64-glibc2.12 Frame 28: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.744168817 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.744168817 seconds [Time delta from previous captured frame: 0.000091876 seconds] [Time delta from previous displayed frame: 0.000091876 seconds] [Time since reference or first frame: 0.076980737 seconds] Frame Number: 28 Frame Length: 88 bytes (704 bits) Capture Length: 88 bytes (704 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 74 Identification: 0x6730 (26416) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b93 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 506, Ack: 93, Len: 22 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 506 (relative sequence number) [Next sequence number: 528 (relative sequence number)] Acknowledgment number: 93 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb827 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673827, TSecr 33039674 Kind: Timestamp (8) Length: 10 Timestamp value: 159673827 Timestamp echo reply: 33039674 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 27] [The RTT to ACK the segment was: 0.000091876 seconds] [Bytes in flight: 22] File Transfer Protocol (FTP) 500 Unknown command.\r\n Response code: Syntax error, command unrecognized (500) Response arg: Unknown command. Frame 29: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.747869858 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.747869858 seconds [Time delta from previous captured frame: 0.003701041 seconds] [Time delta from previous displayed frame: 0.003701041 seconds] [Time since reference or first frame: 0.080681778 seconds] Frame Number: 29 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 60 Identification: 0x6b25 (27429) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x179c [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 93, Ack: 528, Len: 8 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 93 (relative sequence number) [Next sequence number: 101 (relative sequence number)] Acknowledgment number: 528 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0xcb1d [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039675, TSecr 159673827 Kind: Timestamp (8) Length: 10 Timestamp value: 33039675 Timestamp echo reply: 159673827 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 28] [The RTT to ACK the segment was: 0.003701041 seconds] [Bytes in flight: 8] File Transfer Protocol (FTP) TYPE I\r\n Request command: TYPE Request arg: I Frame 30: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.747969164 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.747969164 seconds [Time delta from previous captured frame: 0.000099306 seconds] [Time delta from previous displayed frame: 0.000099306 seconds] [Time since reference or first frame: 0.080781084 seconds] Frame Number: 30 Frame Length: 97 bytes (776 bits) Capture Length: 97 bytes (776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 83 Identification: 0x6731 (26417) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b89 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 528, Ack: 101, Len: 31 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 528 (relative sequence number) [Next sequence number: 559 (relative sequence number)] Acknowledgment number: 101 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb830 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673831, TSecr 33039675 Kind: Timestamp (8) Length: 10 Timestamp value: 159673831 Timestamp echo reply: 33039675 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 29] [The RTT to ACK the segment was: 0.000099306 seconds] [Bytes in flight: 31] File Transfer Protocol (FTP) 200 Switching to Binary mode.\r\n Response code: Command okay (200) Response arg: Switching to Binary mode. Frame 31: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.750968550 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.750968550 seconds [Time delta from previous captured frame: 0.002999386 seconds] [Time delta from previous displayed frame: 0.002999386 seconds] [Time since reference or first frame: 0.083780470 seconds] Frame Number: 31 Frame Length: 72 bytes (576 bits) Capture Length: 72 bytes (576 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 58 Identification: 0x6b26 (27430) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x179d [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 101, Ack: 559, Len: 6 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 101 (relative sequence number) [Next sequence number: 107 (relative sequence number)] Acknowledgment number: 559 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0xec44 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039675, TSecr 159673831 Kind: Timestamp (8) Length: 10 Timestamp value: 33039675 Timestamp echo reply: 159673831 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 30] [The RTT to ACK the segment was: 0.002999386 seconds] [Bytes in flight: 6] File Transfer Protocol (FTP) PASV\r\n Request command: PASV Frame 32: 119 bytes on wire (952 bits), 119 bytes captured (952 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.751371848 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.751371848 seconds [Time delta from previous captured frame: 0.000403298 seconds] [Time delta from previous displayed frame: 0.000403298 seconds] [Time since reference or first frame: 0.084183768 seconds] Frame Number: 32 Frame Length: 119 bytes (952 bits) Capture Length: 119 bytes (952 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 105 Identification: 0x6732 (26418) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b72 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 559, Ack: 107, Len: 53 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 559 (relative sequence number) [Next sequence number: 612 (relative sequence number)] Acknowledgment number: 107 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb846 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673834, TSecr 33039675 Kind: Timestamp (8) Length: 10 Timestamp value: 159673834 Timestamp echo reply: 33039675 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 31] [The RTT to ACK the segment was: 0.000403298 seconds] [Bytes in flight: 53] File Transfer Protocol (FTP) 227 Entering Passive Mode (192,168,155,27,229,237).\r\n Response code: Entering Passive Mode (227) Response arg: Entering Passive Mode (192,168,155,27,229,237). Passive IP address: 192.168.155.27 (192.168.155.27) Passive port: 58861 Frame 33: 89 bytes on wire (712 bits), 89 bytes captured (712 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.758056302 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.758056302 seconds [Time delta from previous captured frame: 0.006684454 seconds] [Time delta from previous displayed frame: 0.006684454 seconds] [Time since reference or first frame: 0.090868222 seconds] Frame Number: 33 Frame Length: 89 bytes (712 bits) Capture Length: 89 bytes (712 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 75 Identification: 0x6b27 (27431) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x178b [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 107, Ack: 612, Len: 23 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 107 (relative sequence number) [Next sequence number: 130 (relative sequence number)] Acknowledgment number: 612 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0xc4fa [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039676, TSecr 159673834 Kind: Timestamp (8) Length: 10 Timestamp value: 33039676 Timestamp echo reply: 159673834 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 32] [The RTT to ACK the segment was: 0.006684454 seconds] [Bytes in flight: 23] File Transfer Protocol (FTP) STOR /wx/mb_image.jpg\r\n Request command: STOR Request arg: /wx/mb_image.jpg Frame 34: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.758162782 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.758162782 seconds [Time delta from previous captured frame: 0.000106480 seconds] [Time delta from previous displayed frame: 0.000106480 seconds] [Time since reference or first frame: 0.090974702 seconds] Frame Number: 34 Frame Length: 94 bytes (752 bits) Capture Length: 94 bytes (752 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 80 Identification: 0x6733 (26419) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b8a [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 612, Ack: 130, Len: 28 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 612 (relative sequence number) [Next sequence number: 640 (relative sequence number)] Acknowledgment number: 130 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb82d [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673841, TSecr 33039676 Kind: Timestamp (8) Length: 10 Timestamp value: 159673841 Timestamp echo reply: 33039676 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 33] [The RTT to ACK the segment was: 0.000106480 seconds] [Bytes in flight: 28] File Transfer Protocol (FTP) 553 Could not create file.\r\n Response code: Requested action not taken: File name not allowed (553) Response arg: Could not create file. Frame 35: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.762100671 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.762100671 seconds [Time delta from previous captured frame: 0.003937889 seconds] [Time delta from previous displayed frame: 0.003937889 seconds] [Time since reference or first frame: 0.094912591 seconds] Frame Number: 35 Frame Length: 72 bytes (576 bits) Capture Length: 72 bytes (576 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 58 Identification: 0x6b28 (27432) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x179b [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 130, Ack: 640, Len: 6 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 130 (relative sequence number) [Next sequence number: 136 (relative sequence number)] Acknowledgment number: 640 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0xf4b9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039676, TSecr 159673841 Kind: Timestamp (8) Length: 10 Timestamp value: 33039676 Timestamp echo reply: 159673841 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 34] [The RTT to ACK the segment was: 0.003937889 seconds] [Bytes in flight: 6] File Transfer Protocol (FTP) QUIT\r\n Request command: QUIT Frame 36: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.762168548 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.762168548 seconds [Time delta from previous captured frame: 0.000067877 seconds] [Time delta from previous displayed frame: 0.000067877 seconds] [Time since reference or first frame: 0.094980468 seconds] Frame Number: 36 Frame Length: 80 bytes (640 bits) Capture Length: 80 bytes (640 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:ftp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 66 Identification: 0x6734 (26420) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1b97 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 640, Ack: 136, Len: 14 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 640 (relative sequence number) [Next sequence number: 654 (relative sequence number)] Acknowledgment number: 136 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb81f [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673845, TSecr 33039676 Kind: Timestamp (8) Length: 10 Timestamp value: 159673845 Timestamp echo reply: 33039676 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 35] [The RTT to ACK the segment was: 0.000067877 seconds] [Bytes in flight: 14] File Transfer Protocol (FTP) 221 Goodbye.\r\n Response code: Service closing control connection (221) Response arg: Goodbye. Frame 37: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.762193160 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.762193160 seconds [Time delta from previous captured frame: 0.000024612 seconds] [Time delta from previous displayed frame: 0.000024612 seconds] [Time since reference or first frame: 0.095005080 seconds] Frame Number: 37 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6735 (26421) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1ba4 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 654, Ack: 136, Len: 0 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 654 (relative sequence number) Acknowledgment number: 136 (relative ack number) Header length: 32 bytes Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb811 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673845, TSecr 33039676 Kind: Timestamp (8) Length: 10 Timestamp value: 159673845 Timestamp echo reply: 33039676 Frame 38: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.766126503 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.766126503 seconds [Time delta from previous captured frame: 0.003933343 seconds] [Time delta from previous displayed frame: 0.003933343 seconds] [Time since reference or first frame: 0.098938423 seconds] Frame Number: 38 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa), Dst: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Destination: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.126 (192.168.155.126), Dst: 192.168.155.27 (192.168.155.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6b29 (27433) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x17a0 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.126 (192.168.155.126) Destination: 192.168.155.27 (192.168.155.27) Transmission Control Protocol, Src Port: 33557 (33557), Dst Port: ftp (21), Seq: 136, Ack: 655, Len: 0 Source port: 33557 (33557) Destination port: ftp (21) [Stream index: 0] Sequence number: 136 (relative sequence number) Acknowledgment number: 655 (relative ack number) Header length: 32 bytes Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size value: 3650 [Calculated window size: 14600] [Window size scaling factor: 4] Checksum: 0x9c61 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 33039676, TSecr 159673845 Kind: Timestamp (8) Length: 10 Timestamp value: 33039676 Timestamp echo reply: 159673845 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 37] [The RTT to ACK the segment was: 0.003933343 seconds] Frame 39: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Mar 28, 2019 11:26:57.766146237 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1553797617.766146237 seconds [Time delta from previous captured frame: 0.000019734 seconds] [Time delta from previous displayed frame: 0.000019734 seconds] [Time since reference or first frame: 0.098958157 seconds] Frame Number: 39 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e), Dst: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Destination: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) Address: 18:a6:f7:64:d7:fa (18:a6:f7:64:d7:fa) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) Address: Vmware_e5:4d:1e (00:0c:29:e5:4d:1e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.155.27 (192.168.155.27), Dst: 192.168.155.126 (192.168.155.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 52 Identification: 0x6736 (26422) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x1ba3 [validation disabled] [Good: False] [Bad: False] Source: 192.168.155.27 (192.168.155.27) Destination: 192.168.155.126 (192.168.155.126) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 33557 (33557), Seq: 655, Ack: 137, Len: 0 Source port: ftp (21) Destination port: 33557 (33557) [Stream index: 0] Sequence number: 655 (relative sequence number) Acknowledgment number: 137 (relative ack number) Header length: 32 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 227 [Calculated window size: 29056] [Window size scaling factor: 128] Checksum: 0xb811 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 159673849, TSecr 33039676 Kind: Timestamp (8) Length: 10 Timestamp value: 159673849 Timestamp echo reply: 33039676 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 38] [The RTT to ACK the segment was: 0.000019734 seconds]