This is always happens offline, while opening up another Wireshark interface. So, I want to see the activity of the Loopback when I open up another Wireshark and connect online to view traffic. Therefore offline, while bring up the second Wireshark my computer does a loopback and is communicating offline with an Android device. I do not have one running, but I'm looking for the offline hacker, when I'm actually online to them as a control issue of theirs. Frame 1: 56 bytes on wire, 56 bytes captured on interface \Device\NPF_Loopback, id 0 Null/Loopback Family: IP (2) Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 52 Identification: 0xc45a (50266) Flags: 0x40, Don't fragment 0... .... = Security flag: Not evil .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 incorrect, should be 0x3867(may be caused by "IP checksum offload"?) [Expert Info (Error/Checksum): Bad checksum [should be 0x3867]] [Header checksum status: Bad] [Calculated Checksum: 0x3867] Source Address: 127.0.0.1 (127.0.0.1) <source or="" destination="" address:="" 127.0.0.1="" (127.0.0.1)>="" <[source="" host:="" 127.0.0.1]>="" <[source="" or="" destination="" host:="" 127.0.0.1]>="" destination="" address:="" 127.0.0.1="" (127.0.0.1)="" <source="" or="" destination="" address:="" 127.0.0.1="" (127.0.0.1)>="" <[destination="" host:="" 127.0.0.1]>="" <[source="" or="" destination="" host:="" 127.0.0.1]>="" transmission="" control="" protocol,="" src="" port:="" 49688="" (49688),="" dst="" port:="" 5037="" (5037),="" seq:="" 0,="" len:="" 0="" source="" port:="" 49688="" (49688)="" destination="" port:="" 5037="" (5037)="" <source="" or="" destination="" port:="" 49688="" (49688)>="" <source="" or="" destination="" port:="" 5037="" (5037)>="" [stream="" index:="" 0]="" [conversation="" completeness:="" incomplete="" (37)]="" [tcp="" segment="" len:="" 0]="" sequence="" number:="" 0="" (relative="" sequence="" number)="" sequence="" number="" (raw):="" 2276443805="" [next="" sequence="" number:="" 1="" (relative="" sequence="" number)]="" acknowledgment="" number:="" 0="" acknowledgment="" number="" (raw):="" 0="" 1000="" ....="Header" length:="" 32="" bytes="" (8)="" flags:="" 0x002="" (syn)="" 000.="" ....="" ....="Reserved:" not="" set="" ...0="" ....="" ....="Nonce:" not="" set="" ....="" 0...="" ....="Congestion" window="" reduced="" (cwr):="" not="" set="" ....="" .0..="" ....="ECN-Echo:" not="" set="" ....="" ..0.="" ....="Urgent:" not="" set="" ....="" ...0="" ....="Acknowledgment:" not="" set="" ....="" ....="" 0...="Push:" not="" set="" ....="" ....="" .0..="Reset:" not="" set="" ....="" ....="" ..1.="Syn:" set="" [expert="" info="" (chat="" sequence):="" connection="" establish="" request="" (syn):="" server="" port="" 5037]="" [connection="" establish="" request="" (syn):="" server="" port="" 5037]="" <message:="" connection="" establish="" request="" (syn):="" server="" port="" 5037=""> [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window: 65535 [Calculated window size: 65535] Checksum: 0x52d7 [correct] [Checksum Status: Good] [Calculated Checksum: 0x52d7] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted TCP Option - Maximum segment size: 65495 bytes TCP Option - No-Operation (NOP) TCP Option - Window scale: 8 (multiply by 256) TCP Option - No-Operation (NOP) TCP Option - No-Operation (NOP) TCP Option - SACK permitted [Timestamps] [Time since first frame in this TCP stream: 0.000000000 seconds] [Time since previous frame in this TCP stream: 0.000000000 seconds]
Then frame 2: Frame 2: 44 bytes on wire, 44 bytes captured on interface \Device\NPF_Loopback, id 0 Null/Loopback Family: IP (2) Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xc45b (50267) Flags: 0x40, Don't fragment 0... .... = Security flag: Not evil .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x0000 incorrect, should be 0x3872(may be caused by "IP checksum offload"?) [Expert Info (Error/Checksum): Bad checksum [should be 0x3872]] [Bad checksum [should be 0x3872]] <message: bad="" checksum="" [should="" be="" 0x3872]>="" [severity="" level:="" error]="" [group:="" checksum]="" [header="" checksum="" status:="" bad]="" [calculated="" checksum:="" 0x3872]="" source="" address:="" 127.0.0.1="" (127.0.0.1)="" <source="" or="" destination="" address:="" 127.0.0.1="" (127.0.0.1)>="" <[source="" host:="" 127.0.0.1]>="" <[source="" or="" destination="" host:="" 127.0.0.1]>="" destination="" address:="" 127.0.0.1="" (127.0.0.1)="" <source="" or="" destination="" address:="" 127.0.0.1="" (127.0.0.1)>="" <[destination="" host:="" 127.0.0.1]>="" <[source="" or="" destination="" host:="" 127.0.0.1]>="" transmission="" control="" protocol,="" src="" port:="" 5037="" (5037),="" dst="" port:="" 49688="" (49688),="" seq:="" 1,="" ack:="" 1,="" len:="" 0="" source="" port:="" 5037="" (5037)="" destination="" port:="" 49688="" (49688)="" <source="" or="" destination="" port:="" 5037="" (5037)>="" <source="" or="" destination="" port:="" 49688="" (49688)>="" [stream="" index:="" 0]="" [conversation="" completeness:="" incomplete="" (37)]="" [tcp="" segment="" len:="" 0]="" sequence="" number:="" 1="" (relative="" sequence="" number)="" sequence="" number="" (raw):="" 0="" [next="" sequence="" number:="" 1="" (relative="" sequence="" number)]="" acknowledgment="" number:="" 1="" (relative="" ack="" number)="" acknowledgment="" number="" (raw):="" 2276443806="" 0101="" ....="Header" length:="" 20="" bytes="" (5)="" flags:="" 0x014="" (rst,="" ack)="" 000.="" ....="" ....="Reserved:" not="" set="" ...0="" ....="" ....="Nonce:" not="" set="" ....="" 0...="" ....="Congestion" window="" reduced="" (cwr):="" not="" set="" ....="" .0..="" ....="ECN-Echo:" not="" set="" ....="" ..0.="" ....="Urgent:" not="" set="" ....="" ...1="" ....="Acknowledgment:" set="" ....="" ....="" 0...="Push:" not="" set="" ....="" ....="" .1..="Reset:" set="" [expert="" info="" (warning="" sequence):="" connection="" reset="" (rst)]="" [connection="" reset="" (rst)]="" <message:="" connection="" reset="" (rst)>="" [severity="" level:="" warning]="" [group:="" sequence]="" ....="" ....="" ..0.="Syn:" not="" set="" ....="" ....="" ...0="Fin:" not="" set="" [tcp="" flags:="" ·······a·r··]="" window:="" 0="" [calculated="" window="" size:="" 0]="" [window="" size="" scaling="" factor:="" -1="" (unknown)]="" checksum:="" 0x8dba="" [correct]="" [checksum="" status:="" good]="" [calculated="" checksum:="" 0x8dba]="" urgent="" pointer:="" 0="" [timestamps]="" [time="" since="" first="" frame="" in="" this="" tcp="" stream:="" 0.000041000="" seconds]="" [time="" since="" previous="" frame="" in="" this="" tcp="" stream:="" 0.000041000="" seconds]="" [seq="" ack="" analysis]="" [this="" is="" an="" ack="" to="" the="" segment="" in="" frame:="" 1]="" [the="" rtt="" to="" ack="" the="" segment="" was:="" 0.000041000="" seconds]="" [irtt:="" 0.000041000="" seconds]<="" p="">
Thank You very much in advance!