Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-01-25 15:23:48 +0000

killerfoxx gravatar image

question regarding analysis in black/red/purple/pink?

2091 -11606.495296 DESKTOP-Q4VCO63.local pf2bn3.activity.windows.com.akadns.net TCP 1494 [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=32864 Ack=32224 Win=132352 Len=1440 2093 -11606.448223 pf2bn3.activity.windows.com.akadns.net DESKTOP-Q4VCO63.local TCP 66 [TCP Dup ACK 2092#1] https(443) → 52894 [ACK] Seq=32224 Ack=34304 Win=524800 Len=0 SLE=32864 SRE=34304 2 -11729.665288 mobile-gtalk.l.google.com DESKTOP-Q4VCO63.local TCP 86 hpvroom(5228) → 52782 [ACK] Seq=1 Ack=2 Win=258 Len=0 SLE=1 SRE=2 25 -11723.785204 Android.local Broadcast ARP 42 Who has 192.168.0.1? Tell 192.168.0.15 121 -11714.701856 DESKTOP-Q4VCO63.local pf2bn3.activity.windows.com.akadns.net TCP 1494 [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=4415 Ack=6193 Win=132352 Len=1440 126 -11714.607968 pf2bn3.activity.windows.com.akadns.net DESKTOP-Q4VCO63.local TCP 66 [TCP Dup ACK 122#1] https(443) → 52894 [ACK] Seq=10886 Ack=5855 Win=524288 Len=0 SLE=4415 SRE=5855 127 -11714.607967 pf2bn3.activity.windows.com.akadns.net DESKTOP-Q4VCO63.local TCP 1514 [TCP Retransmission] https(443) → 52894 [PSH, ACK] Seq=9426 Ack=5855 Win=524288 Len=1460 131 -11714.452588 DESKTOP-Q4VCO63.local pf2bn3.activity.windows.com.akadns.net TCP 1494 [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=5972 Ack=10886 Win=132352 Len=1440 395 -11649.628686 dual-a-0001.a-msedge.net DESKTOP-Q4VCO63.local TCP 56 https(443) → 52883 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 438 -11646.802997 DESKTOP-Q4VCO63.local cs9.wpc.v0cdn.net TCP 74 [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0 439 -11646.193710 DESKTOP-Q4VCO63.local cs9.wpc.v0cdn.net TCP 74 [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0 442 -11645.192995 DESKTOP-Q4VCO63.local cs9.wac.phicdn.net TCP 54 [TCP ACKed unseen segment] 52890 → http(80) [FIN, ACK] Seq=1 Ack=2 Win=513 Len=0 443 -11645.163963 cs9.wac.phicdn.net DESKTOP-Q4VCO63.local TCP 56 [TCP Previous segment not captured] http(80) → 52890 [FIN, ACK] Seq=2 Ack=2 Win=288 Len=0 444 -11645.163497 DESKTOP-Q4VCO63.local cs9.wac.phicdn.net TCP 54 [TCP ACKed unseen segment] 52890 → http(80) [ACK] Seq=2 Ack=3 Win=513 Len=0 440 -11645.599862 DESKTOP-Q4VCO63.local 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 ICMPv6 86 Neighbor Solicitation for 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 from c8:d7:19:c3:b3:b5 441 -11645.595925 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local ICMPv6 78 Neighbor Advertisement 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 (rtr, sol) 458 -11642.796248 DESKTOP-Q4VCO63.local a-0003.a-msedge.net TCP 54 52897 → https(443) [ACK] Seq=1 Ack=1 Win=262144 Len=0 469 -11642.764991 DESKTOP-Q4VCO63.local a-0003.a-msedge.net TLSv1.2 271 Client Hello 596 -11642.518104 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local DNS 171 Standard query response 0xec95 AAAA pr-bh.ybp.yahoo.com CNAME ds-pr-bh.ybp.gysm.yahoodns.net AAAA 2001:4998:124:1407::c000 851 -11639.537338 DESKTOP-Q4VCO63.local a1834.dspg2.akamai.net TCP 86 [TCP Dup ACK 680#1] 52900 → https(443) [ACK] Seq=889 Ack=3205 Win=261632 Len=0 SLE=13951 SRE=15391 878 -11638.147783 ipv4.login.msa.akadns6.net DESKTOP-Q4VCO63.local TCP 56 https(443) → 52880 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 884 -11636.913740 k-0002.k-msedge.net DESKTOP-Q4VCO63.local TCP 74 https(443) → 52887 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 42193 -10979.598809 DESKTOP-Q4VCO63.local a1834.dspg2.akamai.net TCP 74 53304 → https(443) [RST, ACK] Seq=2092 Ack=7457 Win=0 Len=0 42197 -10979.598003 DESKTOP-Q4VCO63.local e17513.d.akamaiedge.net TCP 54 53302 → https(443) [ACK] Seq=1471 Ack=22949 Win=131328 Len=0 42200 -10979.590897 d1lxz4vuik53pc.cloudfront.net DESKTOP-Q4VCO63.local TCP 74 https(443) → 53299 [FIN, ACK] Seq=17045 Ack=1031 Win=26624 Len=0 42201 -10979.590579 DESKTOP-Q4VCO63.local e17513.d.akamaiedge.net TCP 54 53303 → https(443) [RST, ACK] Seq=1147 Ack=5711 Win=0 Len=0 42204 -10979.578901 DESKTOP-Q4VCO63.local nycp-hlb.dvgtm.akadns.net TCP 54 53305 → https(443) [RST, ACK] Seq=1262 Ack=7286 Win=0 Len=0 42205 -10979.578336 nycp-hlb.dvgtm.akadns.net DESKTOP-Q4VCO63.local TCP 56 https(443) → 53305 [FIN, ACK] Seq=7286 Ack=1262 Win=45056 Len=0 42219 -10979.506448 DESKTOP-Q4VCO63.local pagead46.l.doubleclick.net TLSv1.3 154 Change Cipher Spec, Application Data43050 -10974.862404 s0-2mdn-net.l.google.com DESKTOP-Q4VCO63.local TLSv1.3 1294 Application Data [TCP segment of a reassembled PDU] 43302 -10973.189617 ip-info.ns1.ff.avast.com DESKTOP-Q4VCO63.local HTTP 561 HTTP/1.1 200 OK (application/json) 43769 -10969.619683 DESKTOP-Q4VCO63.local aax-us-east.amazon-adsystem.com TCP 54 53337 → https(443) [RST, ACK] Seq=644 Ack=6136 Win=0 Len=0 43770 -10969.291704 DESKTOP-Q4VCO63.local unagi-na.amazon.com TCP 66 53350 → https(443) [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1 43786 -10968.964540 cds.j3z9t3p6.hwcdn.net DESKTOP-Q4VCO63.local TCP 74 [TCP Keep-Alive] http(80) → 53352 [ACK] Seq=0 Ack=230 Win=28160 Len=0 43787 -10968.964449 DESKTOP-Q4VCO63.local cds.j3z9t3p6.hwcdn.net TCP 74 [TCP Keep-Alive ACK] 53352 → http(80) [ACK] Seq=230 Ack=1 Win=131072 Len=0 43788 -10968.962524 cds.j3z9t3p6.hwcdn.net DESKTOP-Q4VCO63.local TCP 518 http(80) → 53352 [PSH, ACK] Seq=1 Ack=230 Win=28160 Len=444 [TCP segment of a reassembled PDU] 43791 -10968.598371 nycp-hlb.dvgtm.akadns.net DESKTOP-Q4VCO63.local TLSv1.2 85 Encrypted Alert 43801 -10968.301260 nycp-hlb.dvgtm.akadns.net DESKTOP-Q4VCO63.local TCP 56 [TCP Retransmission] https(443) → 53328 [FIN, ACK] Seq=6936 Ack=1463 Win=45056 Len=0

Sorry about the novel I have saved files from wireshark but I dont know how to read them? Tutorial advice or youtube video link would be helpful thanks

click to hide/show revision 2
None

updated 2020-01-25 15:42:07 +0000

grahamb gravatar image

question regarding analysis in black/red/purple/pink?

2091 -11606.495296 DESKTOP-Q4VCO63.local pf2bn3.activity.windows.com.akadns.net TCP 1494 [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=32864 Ack=32224 Win=132352 Len=1440 2093 -11606.448223 pf2bn3.activity.windows.com.akadns.net DESKTOP-Q4VCO63.local TCP 66 [TCP Dup ACK 2092#1] https(443) → 52894 [ACK] Seq=32224 Ack=34304 Win=524800 Len=0 SLE=32864 SRE=34304 2 -11729.665288 mobile-gtalk.l.google.com DESKTOP-Q4VCO63.local TCP 86 hpvroom(5228) → 52782 [ACK] Seq=1 Ack=2 Win=258 Len=0 SLE=1 SRE=2 25 -11723.785204 Android.local Broadcast ARP 42 Who has 192.168.0.1? Tell 192.168.0.15 121 -11714.701856 DESKTOP-Q4VCO63.local pf2bn3.activity.windows.com.akadns.net TCP 1494 [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=4415 Ack=6193 Win=132352 Len=1440 126 -11714.607968 pf2bn3.activity.windows.com.akadns.net DESKTOP-Q4VCO63.local TCP 66 [TCP Dup ACK 122#1] https(443) → 52894 [ACK] Seq=10886 Ack=5855 Win=524288 Len=0 SLE=4415 SRE=5855 127 -11714.607967 pf2bn3.activity.windows.com.akadns.net DESKTOP-Q4VCO63.local TCP 1514 [TCP Retransmission] https(443) → 52894 [PSH, ACK] Seq=9426 Ack=5855 Win=524288 Len=1460 131 -11714.452588 DESKTOP-Q4VCO63.local pf2bn3.activity.windows.com.akadns.net TCP 1494 [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=5972 Ack=10886 Win=132352 Len=1440 395 -11649.628686 dual-a-0001.a-msedge.net DESKTOP-Q4VCO63.local TCP 56 https(443) → 52883 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 438 -11646.802997 DESKTOP-Q4VCO63.local cs9.wpc.v0cdn.net TCP 74 [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0 439 -11646.193710 DESKTOP-Q4VCO63.local cs9.wpc.v0cdn.net TCP 74 [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0 442 -11645.192995 DESKTOP-Q4VCO63.local cs9.wac.phicdn.net TCP 54 [TCP ACKed unseen segment] 52890 → http(80) [FIN, ACK] Seq=1 Ack=2 Win=513 Len=0 443 -11645.163963 cs9.wac.phicdn.net DESKTOP-Q4VCO63.local TCP 56 [TCP Previous segment not captured] http(80) → 52890 [FIN, ACK] Seq=2 Ack=2 Win=288 Len=0 444 -11645.163497 DESKTOP-Q4VCO63.local cs9.wac.phicdn.net TCP 54 [TCP ACKed unseen segment] 52890 → http(80) [ACK] Seq=2 Ack=3 Win=513 Len=0 440 -11645.599862 DESKTOP-Q4VCO63.local 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 ICMPv6 86 Neighbor Solicitation for 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 from c8:d7:19:c3:b3:b5 441 -11645.595925 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local ICMPv6 78 Neighbor Advertisement 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 (rtr, sol) 458 -11642.796248 DESKTOP-Q4VCO63.local a-0003.a-msedge.net TCP 54 52897 → https(443) [ACK] Seq=1 Ack=1 Win=262144 Len=0 469 -11642.764991 DESKTOP-Q4VCO63.local a-0003.a-msedge.net TLSv1.2 271 Client Hello 596 -11642.518104 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local DNS 171 Standard query response 0xec95 AAAA pr-bh.ybp.yahoo.com CNAME ds-pr-bh.ybp.gysm.yahoodns.net AAAA 2001:4998:124:1407::c000 851 -11639.537338 DESKTOP-Q4VCO63.local a1834.dspg2.akamai.net TCP 86 [TCP Dup ACK 680#1] 52900 → https(443) [ACK] Seq=889 Ack=3205 Win=261632 Len=0 SLE=13951 SRE=15391 878 -11638.147783 ipv4.login.msa.akadns6.net DESKTOP-Q4VCO63.local TCP 56 https(443) → 52880 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 884 -11636.913740 k-0002.k-msedge.net DESKTOP-Q4VCO63.local TCP 74 https(443) → 52887 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 42193 -10979.598809 DESKTOP-Q4VCO63.local a1834.dspg2.akamai.net TCP 74 53304 → https(443) [RST, ACK] Seq=2092 Ack=7457 Win=0 Len=0 42197 -10979.598003 DESKTOP-Q4VCO63.local e17513.d.akamaiedge.net TCP 54 53302 → https(443) [ACK] Seq=1471 Ack=22949 Win=131328 Len=0 42200 -10979.590897 d1lxz4vuik53pc.cloudfront.net DESKTOP-Q4VCO63.local TCP 74 https(443) → 53299 [FIN, ACK] Seq=17045 Ack=1031 Win=26624 Len=0 42201 -10979.590579 DESKTOP-Q4VCO63.local e17513.d.akamaiedge.net TCP 54 53303 → https(443) [RST, ACK] Seq=1147 Ack=5711 Win=0 Len=0 42204 -10979.578901 DESKTOP-Q4VCO63.local nycp-hlb.dvgtm.akadns.net TCP 54 53305 → https(443) [RST, ACK] Seq=1262 Ack=7286 Win=0 Len=0 42205 -10979.578336 nycp-hlb.dvgtm.akadns.net DESKTOP-Q4VCO63.local TCP 56 https(443) → 53305 [FIN, ACK] Seq=7286 Ack=1262 Win=45056 Len=0 42219 -10979.506448 DESKTOP-Q4VCO63.local pagead46.l.doubleclick.net TLSv1.3 154 Change Cipher Spec, Application Data43050 -10974.862404 s0-2mdn-net.l.google.com DESKTOP-Q4VCO63.local TLSv1.3 1294 Application Data [TCP segment of a reassembled PDU] 43302 -10973.189617 ip-info.ns1.ff.avast.com DESKTOP-Q4VCO63.local HTTP 561 HTTP/1.1 200 OK (application/json) 43769 -10969.619683 DESKTOP-Q4VCO63.local aax-us-east.amazon-adsystem.com TCP 54 53337 → https(443) [RST, ACK] Seq=644 Ack=6136 Win=0 Len=0 43770 -10969.291704 DESKTOP-Q4VCO63.local unagi-na.amazon.com TCP 66 53350 → https(443) [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1 43786 -10968.964540 cds.j3z9t3p6.hwcdn.net DESKTOP-Q4VCO63.local TCP 74 [TCP Keep-Alive] http(80) → 53352 [ACK] Seq=0 Ack=230 Win=28160 Len=0 43787 -10968.964449 DESKTOP-Q4VCO63.local cds.j3z9t3p6.hwcdn.net TCP 74 [TCP Keep-Alive ACK] 53352 → http(80) [ACK] Seq=230 Ack=1 Win=131072 Len=0 43788 -10968.962524 cds.j3z9t3p6.hwcdn.net DESKTOP-Q4VCO63.local TCP 518 http(80) → 53352 [PSH, ACK] Seq=1 Ack=230 Win=28160 Len=444 [TCP segment of a reassembled PDU] 43791 -10968.598371 nycp-hlb.dvgtm.akadns.net DESKTOP-Q4VCO63.local TLSv1.2 85 Encrypted Alert 43801 -10968.301260 nycp-hlb.dvgtm.akadns.net DESKTOP-Q4VCO63.local TCP 56 [TCP Retransmission] https(443) → 53328 [FIN, ACK] Seq=6936 Ack=1463 Win=45056 Len=0

Sorry about the novel I have saved files from wireshark but I dont know how to read them? Tutorial advice or youtube video link would be helpful thanks
thanks
click to hide/show revision 3
None

updated 2020-01-25 15:43:07 +0000

grahamb gravatar image

question regarding analysis in black/red/purple/pink?

Wall of copied packet list text in random order:

2091    -11606.495296   DESKTOP-Q4VCO63.local   pf2bn3.activity.windows.com.akadns.net  TCP 1494    [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=32864 Ack=32224 Win=132352 Len=1440
    2093    -11606.448223   pf2bn3.activity.windows.com.akadns.net  DESKTOP-Q4VCO63.local   TCP 66  [TCP Dup ACK 2092#1] https(443) → 52894 [ACK] Seq=32224 Ack=34304 Win=524800 Len=0 SLE=32864 SRE=34304
    2   -11729.665288   mobile-gtalk.l.google.com   DESKTOP-Q4VCO63.local   TCP 86  hpvroom(5228) → 52782 [ACK] Seq=1 Ack=2 Win=258 Len=0 SLE=1 SRE=2
    25  -11723.785204   Android.local   Broadcast   ARP 42  Who has 192.168.0.1? Tell 192.168.0.15
    121 -11714.701856   DESKTOP-Q4VCO63.local   pf2bn3.activity.windows.com.akadns.net  TCP 1494    [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=4415 Ack=6193 Win=132352 Len=1440
    126 -11714.607968   pf2bn3.activity.windows.com.akadns.net  DESKTOP-Q4VCO63.local   TCP 66  [TCP Dup ACK 122#1] https(443) → 52894 [ACK] Seq=10886 Ack=5855 Win=524288 Len=0 SLE=4415 SRE=5855
    127 -11714.607967   pf2bn3.activity.windows.com.akadns.net  DESKTOP-Q4VCO63.local   TCP 1514    [TCP Retransmission] https(443) → 52894 [PSH, ACK] Seq=9426 Ack=5855 Win=524288 Len=1460
    131 -11714.452588   DESKTOP-Q4VCO63.local   pf2bn3.activity.windows.com.akadns.net  TCP 1494    [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=5972 Ack=10886 Win=132352 Len=1440
    395 -11649.628686   dual-a-0001.a-msedge.net    DESKTOP-Q4VCO63.local   TCP 56  https(443) → 52883 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
    438 -11646.802997   DESKTOP-Q4VCO63.local   cs9.wpc.v0cdn.net   TCP 74  [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0
    439 -11646.193710   DESKTOP-Q4VCO63.local   cs9.wpc.v0cdn.net   TCP 74  [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0
    442 -11645.192995   DESKTOP-Q4VCO63.local   cs9.wac.phicdn.net  TCP 54  [TCP ACKed unseen segment] 52890 → http(80) [FIN, ACK] Seq=1 Ack=2 Win=513 Len=0
    443 -11645.163963   cs9.wac.phicdn.net  DESKTOP-Q4VCO63.local   TCP 56  [TCP Previous segment not captured] http(80) → 52890 [FIN, ACK] Seq=2 Ack=2 Win=288 Len=0
    444 -11645.163497   DESKTOP-Q4VCO63.local   cs9.wac.phicdn.net  TCP 54  [TCP ACKed unseen segment] 52890 → http(80) [ACK] Seq=2 Ack=3 Win=513 Len=0
    440 -11645.599862   DESKTOP-Q4VCO63.local   2607:fea8:99a0:1805:be4d:fbff:fed0:8922 ICMPv6  86  Neighbor Solicitation for 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 from c8:d7:19:c3:b3:b5
    441 -11645.595925   2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local   ICMPv6  78  Neighbor Advertisement 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 (rtr, sol)
    458 -11642.796248   DESKTOP-Q4VCO63.local   a-0003.a-msedge.net TCP 54  52897 → https(443) [ACK] Seq=1 Ack=1 Win=262144 Len=0
    469 -11642.764991   DESKTOP-Q4VCO63.local   a-0003.a-msedge.net TLSv1.2 271 Client Hello
    596 -11642.518104   2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local   DNS 171 Standard query response 0xec95 AAAA pr-bh.ybp.yahoo.com CNAME ds-pr-bh.ybp.gysm.yahoodns.net AAAA 2001:4998:124:1407::c000
    851 -11639.537338   DESKTOP-Q4VCO63.local   a1834.dspg2.akamai.net  TCP 86  [TCP Dup ACK 680#1] 52900 → https(443) [ACK] Seq=889 Ack=3205 Win=261632 Len=0 SLE=13951 SRE=15391
    878 -11638.147783   ipv4.login.msa.akadns6.net  DESKTOP-Q4VCO63.local   TCP 56  https(443) → 52880 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
    884 -11636.913740   k-0002.k-msedge.net DESKTOP-Q4VCO63.local   TCP 74  https(443) → 52887 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
    42193   -10979.598809   DESKTOP-Q4VCO63.local   a1834.dspg2.akamai.net  TCP 74  53304 → https(443) [RST, ACK] Seq=2092 Ack=7457 Win=0 Len=0
    42197   -10979.598003   DESKTOP-Q4VCO63.local   e17513.d.akamaiedge.net TCP 54  53302 → https(443) [ACK] Seq=1471 Ack=22949 Win=131328 Len=0
    42200   -10979.590897   d1lxz4vuik53pc.cloudfront.net   DESKTOP-Q4VCO63.local   TCP 74  https(443) → 53299 [FIN, ACK] Seq=17045 Ack=1031 Win=26624 Len=0
    42201   -10979.590579   DESKTOP-Q4VCO63.local   e17513.d.akamaiedge.net TCP 54  53303 → https(443) [RST, ACK] Seq=1147 Ack=5711 Win=0 Len=0
    42204   -10979.578901   DESKTOP-Q4VCO63.local   nycp-hlb.dvgtm.akadns.net   TCP 54  53305 → https(443) [RST, ACK] Seq=1262 Ack=7286 Win=0 Len=0
    42205   -10979.578336   nycp-hlb.dvgtm.akadns.net   DESKTOP-Q4VCO63.local   TCP 56  https(443) → 53305 [FIN, ACK] Seq=7286 Ack=1262 Win=45056 Len=0
    42219   -10979.506448   DESKTOP-Q4VCO63.local   pagead46.l.doubleclick.net  TLSv1.3 154 Change Cipher Spec, Application Data43050   -10974.862404   s0-2mdn-net.l.google.com    DESKTOP-Q4VCO63.local   TLSv1.3 1294    Application Data [TCP segment of a reassembled PDU]
    43302   -10973.189617   ip-info.ns1.ff.avast.com    DESKTOP-Q4VCO63.local   HTTP    561 HTTP/1.1 200 OK  (application/json)
    43769   -10969.619683   DESKTOP-Q4VCO63.local   aax-us-east.amazon-adsystem.com TCP 54  53337 → https(443) [RST, ACK] Seq=644 Ack=6136 Win=0 Len=0
    43770   -10969.291704   DESKTOP-Q4VCO63.local   unagi-na.amazon.com TCP 66  53350 → https(443) [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
    43786   -10968.964540   cds.j3z9t3p6.hwcdn.net  DESKTOP-Q4VCO63.local   TCP 74  [TCP Keep-Alive] http(80) → 53352 [ACK] Seq=0 Ack=230 Win=28160 Len=0
    43787   -10968.964449   DESKTOP-Q4VCO63.local   cds.j3z9t3p6.hwcdn.net  TCP 74  [TCP Keep-Alive ACK] 53352 → http(80) [ACK] Seq=230 Ack=1 Win=131072 Len=0
    43788   -10968.962524   cds.j3z9t3p6.hwcdn.net  DESKTOP-Q4VCO63.local   TCP 518 http(80) → 53352 [PSH, ACK] Seq=1 Ack=230 Win=28160 Len=444 [TCP segment of a reassembled PDU]
    43791   -10968.598371   nycp-hlb.dvgtm.akadns.net   DESKTOP-Q4VCO63.local   TLSv1.2 85  Encrypted Alert
    43801   -10968.301260   nycp-hlb.dvgtm.akadns.net   DESKTOP-Q4VCO63.local   TCP 56  [TCP Retransmission] https(443) → 53328 [FIN, ACK] Seq=6936 Ack=1463 Win=45056 Len=0
Len=0
  
Sorry about the novel I have saved files from wireshark but I dont know how to read them? Tutorial advice or youtube video link would be helpful thanks
click to hide/show revision 4
None

updated 2020-01-25 15:44:28 +0000

Jaap gravatar image

question regarding analysis in black/red/purple/pink?

Wall of copied packet list text in random order:

2091    -11606.495296   DESKTOP-Q4VCO63.local   pf2bn3.activity.windows.com.akadns.net  TCP 1494    [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=32864 Ack=32224 Win=132352 Len=1440
 2093    -11606.448223   pf2bn3.activity.windows.com.akadns.net  DESKTOP-Q4VCO63.local   TCP 66  [TCP Dup ACK 2092#1] https(443) → 52894 [ACK] Seq=32224 Ack=34304 Win=524800 Len=0 SLE=32864 SRE=34304
 2   -11729.665288   mobile-gtalk.l.google.com   DESKTOP-Q4VCO63.local   TCP 86  hpvroom(5228) → 52782 [ACK] Seq=1 Ack=2 Win=258 Len=0 SLE=1 SRE=2
 25  -11723.785204   Android.local   Broadcast   ARP 42  Who has 192.168.0.1? Tell 192.168.0.15
 121 -11714.701856   DESKTOP-Q4VCO63.local   pf2bn3.activity.windows.com.akadns.net  TCP 1494    [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=4415 Ack=6193 Win=132352 Len=1440
 126 -11714.607968   pf2bn3.activity.windows.com.akadns.net  DESKTOP-Q4VCO63.local   TCP 66  [TCP Dup ACK 122#1] https(443) → 52894 [ACK] Seq=10886 Ack=5855 Win=524288 Len=0 SLE=4415 SRE=5855
 127 -11714.607967   pf2bn3.activity.windows.com.akadns.net  DESKTOP-Q4VCO63.local   TCP 1514    [TCP Retransmission] https(443) → 52894 [PSH, ACK] Seq=9426 Ack=5855 Win=524288 Len=1460
 131 -11714.452588   DESKTOP-Q4VCO63.local   pf2bn3.activity.windows.com.akadns.net  TCP 1494    [TCP Retransmission] 52894 → https(443) [PSH, ACK] Seq=5972 Ack=10886 Win=132352 Len=1440
 395 -11649.628686   dual-a-0001.a-msedge.net    DESKTOP-Q4VCO63.local   TCP 56  https(443) → 52883 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
 438 -11646.802997   DESKTOP-Q4VCO63.local   cs9.wpc.v0cdn.net   TCP 74  [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0
 439 -11646.193710   DESKTOP-Q4VCO63.local   cs9.wpc.v0cdn.net   TCP 74  [TCP Retransmission] 52885 → https(443) [FIN, ACK] Seq=1 Ack=97 Win=1022 Len=0
 442 -11645.192995   DESKTOP-Q4VCO63.local   cs9.wac.phicdn.net  TCP 54  [TCP ACKed unseen segment] 52890 → http(80) [FIN, ACK] Seq=1 Ack=2 Win=513 Len=0
 443 -11645.163963   cs9.wac.phicdn.net  DESKTOP-Q4VCO63.local   TCP 56  [TCP Previous segment not captured] http(80) → 52890 [FIN, ACK] Seq=2 Ack=2 Win=288 Len=0
 444 -11645.163497   DESKTOP-Q4VCO63.local   cs9.wac.phicdn.net  TCP 54  [TCP ACKed unseen segment] 52890 → http(80) [ACK] Seq=2 Ack=3 Win=513 Len=0
 440 -11645.599862   DESKTOP-Q4VCO63.local   2607:fea8:99a0:1805:be4d:fbff:fed0:8922 ICMPv6  86  Neighbor Solicitation for 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 from c8:d7:19:c3:b3:b5
 441 -11645.595925   2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local   ICMPv6  78  Neighbor Advertisement 2607:fea8:99a0:1805:be4d:fbff:fed0:8922 (rtr, sol)
 458 -11642.796248   DESKTOP-Q4VCO63.local   a-0003.a-msedge.net TCP 54  52897 → https(443) [ACK] Seq=1 Ack=1 Win=262144 Len=0
 469 -11642.764991   DESKTOP-Q4VCO63.local   a-0003.a-msedge.net TLSv1.2 271 Client Hello
 596 -11642.518104   2607:fea8:99a0:1805:be4d:fbff:fed0:8922 DESKTOP-Q4VCO63.local   DNS 171 Standard query response 0xec95 AAAA pr-bh.ybp.yahoo.com CNAME ds-pr-bh.ybp.gysm.yahoodns.net AAAA 2001:4998:124:1407::c000
 851 -11639.537338   DESKTOP-Q4VCO63.local   a1834.dspg2.akamai.net  TCP 86  [TCP Dup ACK 680#1] 52900 → https(443) [ACK] Seq=889 Ack=3205 Win=261632 Len=0 SLE=13951 SRE=15391
 878 -11638.147783   ipv4.login.msa.akadns6.net  DESKTOP-Q4VCO63.local   TCP 56  https(443) → 52880 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
 884 -11636.913740   k-0002.k-msedge.net DESKTOP-Q4VCO63.local   TCP 74  https(443) → 52887 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
 42193   -10979.598809   DESKTOP-Q4VCO63.local   a1834.dspg2.akamai.net  TCP 74  53304 → https(443) [RST, ACK] Seq=2092 Ack=7457 Win=0 Len=0
 42197   -10979.598003   DESKTOP-Q4VCO63.local   e17513.d.akamaiedge.net TCP 54  53302 → https(443) [ACK] Seq=1471 Ack=22949 Win=131328 Len=0
 42200   -10979.590897   d1lxz4vuik53pc.cloudfront.net   DESKTOP-Q4VCO63.local   TCP 74  https(443) → 53299 [FIN, ACK] Seq=17045 Ack=1031 Win=26624 Len=0
 42201   -10979.590579   DESKTOP-Q4VCO63.local   e17513.d.akamaiedge.net TCP 54  53303 → https(443) [RST, ACK] Seq=1147 Ack=5711 Win=0 Len=0
 42204   -10979.578901   DESKTOP-Q4VCO63.local   nycp-hlb.dvgtm.akadns.net   TCP 54  53305 → https(443) [RST, ACK] Seq=1262 Ack=7286 Win=0 Len=0
 42205   -10979.578336   nycp-hlb.dvgtm.akadns.net   DESKTOP-Q4VCO63.local   TCP 56  https(443) → 53305 [FIN, ACK] Seq=7286 Ack=1262 Win=45056 Len=0
 42219   -10979.506448   DESKTOP-Q4VCO63.local   pagead46.l.doubleclick.net  TLSv1.3 154 Change Cipher Spec, Application Data43050   -10974.862404   s0-2mdn-net.l.google.com    DESKTOP-Q4VCO63.local   TLSv1.3 1294    Application Data [TCP segment of a reassembled PDU]
 43302   -10973.189617   ip-info.ns1.ff.avast.com    DESKTOP-Q4VCO63.local   HTTP    561 HTTP/1.1 200 OK  (application/json)
 43769   -10969.619683   DESKTOP-Q4VCO63.local   aax-us-east.amazon-adsystem.com TCP 54  53337 → https(443) [RST, ACK] Seq=644 Ack=6136 Win=0 Len=0
 43770   -10969.291704   DESKTOP-Q4VCO63.local   unagi-na.amazon.com TCP 66  53350 → https(443) [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
 43786   -10968.964540   cds.j3z9t3p6.hwcdn.net  DESKTOP-Q4VCO63.local   TCP 74  [TCP Keep-Alive] http(80) → 53352 [ACK] Seq=0 Ack=230 Win=28160 Len=0
 43787   -10968.964449   DESKTOP-Q4VCO63.local   cds.j3z9t3p6.hwcdn.net  TCP 74  [TCP Keep-Alive ACK] 53352 → http(80) [ACK] Seq=230 Ack=1 Win=131072 Len=0
 43788   -10968.962524   cds.j3z9t3p6.hwcdn.net  DESKTOP-Q4VCO63.local   TCP 518 http(80) → 53352 [PSH, ACK] Seq=1 Ack=230 Win=28160 Len=444 [TCP segment of a reassembled PDU]
 43791   -10968.598371   nycp-hlb.dvgtm.akadns.net   DESKTOP-Q4VCO63.local   TLSv1.2 85  Encrypted Alert
 43801   -10968.301260   nycp-hlb.dvgtm.akadns.net   DESKTOP-Q4VCO63.local   TCP 56  [TCP Retransmission] https(443) → 53328 [FIN, ACK] Seq=6936 Ack=1463 Win=45056 Len=0

Sorry about the novel I have saved files from wireshark but I dont know how to read them? Tutorial advice or youtube video link would be helpful thanks thanks

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2