Ask Your Question
0

What kind of request most likely comes after this package?

asked 2018-11-19 12:18:39 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Frame 1: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 13, 2004 12:17:07.311224000 CEST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1084443427.311224000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 62 bytes (496 bits)
    Capture Length: 62 bytes (496 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Superlan_00:00:00 (00:00:01:00:00:00), Dst: fe:ff:20:00:01:00 (fe:ff:
20:00:01:00)
    Destination: fe:ff:20:00:01:00 (fe:ff:20:00:01:00)
    Source: Superlan_00:00:00 (00:00:01:00:00:00)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 145.254.160.237, Dst: 65.208.228.223
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 48
    Identification: 0x0f41 (3905)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x91eb [validation disabled]
    [Header checksum status: Unverified]
    Source: 145.254.160.237
    Destination: 65.208.228.223
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 3372, Dst Port: 80, Seq: 0, Len: 0
    Source Port: 3372
    Destination Port: 80
    [Stream index: 0]
    [TCP Segment Len: 0]
    Sequence number: 0    (relative sequence number)
    Acknowledgment number: 0
    0111 .... = Header Length: 28 bytes (7)
    Flags: 0x002 (SYN)
    Window size value: 8760
    [Calculated window size: 8760]
    Checksum: 0xc30c [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    Options: (8 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK
permitted
        TCP Option - Maximum segment size: 1460 bytes
        TCP Option - No-Operation (NOP)
        TCP Option - No-Operation (NOP)
        TCP Option - SACK permitted
edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-11-19 12:35:39 +0000

Packet_vlad gravatar image

updated 2018-11-19 12:37:35 +0000

This is SYN packet destined to port 80 (most likely HTTP).

So, you're most likely to see:

  1. or SYN,ACK packet (if the port is opened)
  2. or RST packet (if the port is closed).

But these are not "requests", but a part of TCP-conversation (TCP 3-way handshake or service refusal process).

As for "request" if I understand correctly the question (BTW looks like this is some assignment) I'd expect HTTP GET or HTTP POST.

edit flag offensive delete link more

Comments

thanks alot!

kongkaakk gravatar imagekongkaakk ( 2018-11-19 12:39:27 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-11-19 12:18:39 +0000

Seen: 521 times

Last updated: Nov 19 '18

Related questions

Why this is not a "TCP previous segment not captured"

Does wireshark consider vlan ID before flagging a packet as TCP re-transmission

Understanding TCP session captured in Wireshark

Transaction Time How many bytes are in the HTTP message

Why there is port mismatch in tcp and http header for port 51006. Also why the netstat in server do not shows connections under port 51006 even traffic is coming to this port.

Client is waiting for FIN flag from server for 30 sec

follow tcp stream dialogue box

How to tell if TCP segment contains a data in Wireshark?

Help to read this trace

Random Flooding of TCP Retransmissions