Frame 1: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.346754000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.346754000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 94 bytes (752 bits) Capture Length: 94 bytes (752 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1010 0110 1001 0011 1011 = Flow Label: 0xa693b Payload Length: 40 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 0, Len: 0 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 0 (relative sequence number) Acknowledgment number: 0 1010 .... = Header Length: 40 bytes (10) Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443] [Connection establish request (SYN): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window size value: 28800 [Calculated window size: 28800] Checksum: 0xec1c [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1440 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1440 TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 TCP Option - Timestamps: TSval 3528788861, TSecr 0 Kind: Time Stamp Option (8) Length: 10 Timestamp value: 3528788861 Timestamp echo reply: 0 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 7 (multiply by 128) Kind: Window Scale (3) Length: 3 Shift count: 7 [Multiplier: 128] Frame 2: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.349806000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.349806000 seconds [Time delta from previous captured frame: 0.003052000 seconds] [Time delta from previous displayed frame: 0.003052000 seconds] [Time since reference or first frame: 0.003052000 seconds] Frame Number: 2 Frame Length: 86 bytes (688 bits) Capture Length: 86 bytes (688 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0), Dst: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Destination: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) Address: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2400:cb00:2048:1::6814:55, Dst: 2001:67c:370:1998:9819:4f92:d0c0:e94d 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 0101 1010 1001 0010 1000 = Flow Label: 0x5a928 Payload Length: 32 Next Header: TCP (6) Hop Limit: 61 Source: 2400:cb00:2048:1::6814:55 Destination: 2001:67c:370:1998:9819:4f92:d0c0:e94d [Source GeoIP: United States, United States] [Source GeoIP Country: United States] [Source GeoIP Country: United States] [Destination GeoIP: Switzerland, Switzerland] [Destination GeoIP Country: Switzerland] [Destination GeoIP Country: Switzerland] Transmission Control Protocol, Src Port: https (443), Dst Port: 36866 (36866), Seq: 0, Ack: 1, Len: 0 Source Port: https (443) Destination Port: 36866 (36866) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 0 (relative sequence number) Acknowledgment number: 1 (relative ack number) 1000 .... = Header Length: 32 bytes (8) Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 443] [Connection establish acknowledge (SYN+ACK): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window size value: 24400 [Calculated window size: 24400] Checksum: 0x481a [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1220 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1220 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - SACK permitted Kind: SACK Permitted (4) Length: 2 TCP Option - No-Operation (NOP) Kind: No-Operation (1) TCP Option - Window scale: 10 (multiply by 1024) Kind: Window Scale (3) Length: 3 Shift count: 10 [Multiplier: 1024] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.003052000 seconds] Frame 3: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.349824000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.349824000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.000018000 seconds] [Time since reference or first frame: 0.003070000 seconds] Frame Number: 3 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1010 0110 1001 0011 1011 = Flow Label: 0xa693b Payload Length: 20 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 1 (relative sequence number) Acknowledgment number: 1 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 225 [Calculated window size: 28800] [Window size scaling factor: 128] Checksum: 0xe66e [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.000018000 seconds] [iRTT: 0.003070000 seconds] Frame 4: 403 bytes on wire (3224 bits), 403 bytes captured (3224 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.350108000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.350108000 seconds [Time delta from previous captured frame: 0.000284000 seconds] [Time delta from previous displayed frame: 0.000284000 seconds] [Time since reference or first frame: 0.003354000 seconds] Frame Number: 4 Frame Length: 403 bytes (3224 bits) Capture Length: 403 bytes (3224 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp:ssl] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1010 0110 1001 0011 1011 = Flow Label: 0xa693b Payload Length: 349 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 1, Ack: 1, Len: 329 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 329] Sequence number: 1 (relative sequence number) [Next sequence number: 330 (relative sequence number)] Acknowledgment number: 1 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 225 [Calculated window size: 28800] [Window size scaling factor: 128] Checksum: 0xaf83 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.003070000 seconds] [Bytes in flight: 329] [Bytes sent since last PSH flag: 329] TCP payload (329 bytes) Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 324 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 320 Version: TLS 1.2 (0x0303) Random: 517248a534f57a9d2266b1bd8b6172cbb0a3139146f60760... GMT Unix Time: Apr 20, 2013 03:49:57.000000000 EDT Random Bytes: 34f57a9d2266b1bd8b6172cbb0a3139146f6076004ddfbf8... Session ID Length: 0 Cipher Suites Length: 58 Cipher Suites (29 suites) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_AES_128_CCM_SHA256 (0x1304) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 221 Extension: status_request (len=5) Type: status_request (5) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: supported_groups (len=18) Type: supported_groups (10) Length: 18 Supported Groups List Length: 16 Supported Groups (8 groups) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018) Supported Group: secp521r1 (0x0019) Supported Group: x25519 (0x001d) Supported Group: ffdhe2048 (0x0100) Supported Group: ffdhe3072 (0x0101) Supported Group: ffdhe4096 (0x0102) Supported Group: ffdhe8192 (0x0104) Extension: ec_point_formats (len=2) Type: ec_point_formats (11) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms (len=32) Type: signature_algorithms (13) Length: 32 Signature Hash Algorithms Length: 30 Signature Hash Algorithms (15 algorithms) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pss_pss_sha256 (0x0809) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (9) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (4) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ed25519 (0x0807) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (7) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pss_pss_sha384 (0x080a) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (10) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pss_pss_sha512 (0x080b) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (11) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Extension: encrypt_then_mac (len=0) Type: encrypt_then_mac (22) Length: 0 Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Extension: SessionTicket TLS (len=0) Type: SessionTicket TLS (35) Length: 0 Data (0 bytes) Extension: key_share (len=107) Type: key_share (51) Length: 107 Key Share extension Client Key Share Length: 105 Key Share Entry: Group: secp256r1, Key Exchange length: 65 Group: secp256r1 (23) Key Exchange Length: 65 Key Exchange: 042b0961515380e0e7ca1aae4e51cd2347802d4b45bedf33... Key Share Entry: Group: x25519, Key Exchange length: 32 Group: x25519 (29) Key Exchange Length: 32 Key Exchange: a5a989f1dfe7f501509c2e296189ae470855f2477435cfee... Extension: supported_versions (len=9) Type: supported_versions (43) Length: 9 Supported Versions length: 8 Supported Version: Unknown (0x7f1c) Supported Version: TLS 1.2 (0x0303) Supported Version: TLS 1.1 (0x0302) Supported Version: TLS 1.0 (0x0301) Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Extension: psk_key_exchange_modes (len=3) Type: psk_key_exchange_modes (45) Length: 3 PSK Key Exchange Modes Length: 2 PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1) PSK Key Exchange Mode: PSK-only key establishment (psk_ke) (0) Frame 5: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.353531000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.353531000 seconds [Time delta from previous captured frame: 0.003423000 seconds] [Time delta from previous displayed frame: 0.003423000 seconds] [Time since reference or first frame: 0.006777000 seconds] Frame Number: 5 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0), Dst: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Destination: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) Address: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2400:cb00:2048:1::6814:55, Dst: 2001:67c:370:1998:9819:4f92:d0c0:e94d 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 0101 1010 1001 0010 1000 = Flow Label: 0x5a928 Payload Length: 20 Next Header: TCP (6) Hop Limit: 61 Source: 2400:cb00:2048:1::6814:55 Destination: 2001:67c:370:1998:9819:4f92:d0c0:e94d [Source GeoIP: United States, United States] [Source GeoIP Country: United States] [Source GeoIP Country: United States] [Destination GeoIP: Switzerland, Switzerland] [Destination GeoIP Country: Switzerland] [Destination GeoIP Country: Switzerland] Transmission Control Protocol, Src Port: https (443), Dst Port: 36866 (36866), Seq: 1, Ack: 330, Len: 0 Source Port: https (443) Destination Port: 36866 (36866) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 1 (relative sequence number) Acknowledgment number: 330 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 25 [Calculated window size: 25600] [Window size scaling factor: 1024] Checksum: 0xe5ed [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.003423000 seconds] [iRTT: 0.003070000 seconds] Frame 6: 6496 bytes on wire (51968 bits), 6496 bytes captured (51968 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.358147000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.358147000 seconds [Time delta from previous captured frame: 0.004616000 seconds] [Time delta from previous displayed frame: 0.004616000 seconds] [Time since reference or first frame: 0.011393000 seconds] Frame Number: 6 Frame Length: 6496 bytes (51968 bits) Capture Length: 6496 bytes (51968 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp:ssl] Ethernet II, Src: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0), Dst: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Destination: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) Address: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2400:cb00:2048:1::6814:55, Dst: 2001:67c:370:1998:9819:4f92:d0c0:e94d 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 0101 1010 1001 0010 1000 = Flow Label: 0x5a928 Payload Length: 6442 Next Header: TCP (6) Hop Limit: 61 Source: 2400:cb00:2048:1::6814:55 Destination: 2001:67c:370:1998:9819:4f92:d0c0:e94d [Source GeoIP: United States, United States] [Source GeoIP Country: United States] [Source GeoIP Country: United States] [Destination GeoIP: Switzerland, Switzerland] [Destination GeoIP Country: Switzerland] [Destination GeoIP Country: Switzerland] Transmission Control Protocol, Src Port: https (443), Dst Port: 36866 (36866), Seq: 1, Ack: 330, Len: 6422 Source Port: https (443) Destination Port: 36866 (36866) [Stream index: 0] [TCP Segment Len: 6422] Sequence number: 1 (relative sequence number) [Next sequence number: 6423 (relative sequence number)] Acknowledgment number: 330 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 25 [Calculated window size: 25600] [Window size scaling factor: 1024] Checksum: 0x7623 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.003070000 seconds] [Bytes in flight: 6422] [Bytes sent since last PSH flag: 6422] TCP payload (6422 bytes) Secure Sockets Layer TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 90 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 86 Version: TLS 1.2 (0x0303) Random: 40c711f1db3aa737d5e14610aa105ae635959f90e5cf1647... Session ID Length: 0 Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Compression Method: null (0) Extensions Length: 46 Extension: key_share (len=36) Type: key_share (51) Length: 36 Key Share extension Key Share Entry: Group: x25519, Key Exchange length: 32 Group: x25519 (29) Key Exchange Length: 32 Key Exchange: 46e9735336990ed8baf037ab23c67c8af0c0b72b38936148... Extension: supported_versions (len=2) Type: supported_versions (43) Length: 2 Supported Version: Unknown (0x7f1c) TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message TLSv1.3 Record Layer: Application Data Protocol: http-over-tls Opaque Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 6316 Encrypted Application Data: eb0e21f124f82eee0b7a37a1d6d866b075d0476e6f00cae7... Frame 7: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.358167000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.358167000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.000020000 seconds] [Time since reference or first frame: 0.011413000 seconds] Frame Number: 7 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1010 0110 1001 0011 1011 = Flow Label: 0xa693b Payload Length: 20 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 330, Ack: 6423, Len: 0 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 330 (relative sequence number) Acknowledgment number: 6423 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 326 [Calculated window size: 41728] [Window size scaling factor: 128] Checksum: 0xcbaa [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 6] [The RTT to ACK the segment was: 0.000020000 seconds] [iRTT: 0.003070000 seconds] Frame 8: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.358404000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.358404000 seconds [Time delta from previous captured frame: 0.000237000 seconds] [Time delta from previous displayed frame: 0.000237000 seconds] [Time since reference or first frame: 0.011650000 seconds] Frame Number: 8 Frame Length: 80 bytes (640 bits) Capture Length: 80 bytes (640 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp:ssl] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1010 0110 1001 0011 1011 = Flow Label: 0xa693b Payload Length: 26 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 330, Ack: 6423, Len: 6 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 6] Sequence number: 330 (relative sequence number) [Next sequence number: 336 (relative sequence number)] Acknowledgment number: 6423 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 326 [Calculated window size: 41728] [Window size scaling factor: 128] Checksum: 0xb398 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.003070000 seconds] [Bytes in flight: 6] [Bytes sent since last PSH flag: 6] TCP payload (6 bytes) Secure Sockets Layer TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message Frame 9: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.359439000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.359439000 seconds [Time delta from previous captured frame: 0.001035000 seconds] [Time delta from previous displayed frame: 0.001035000 seconds] [Time since reference or first frame: 0.012685000 seconds] Frame Number: 9 Frame Length: 148 bytes (1184 bits) Capture Length: 148 bytes (1184 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp:ssl] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1010 0110 1001 0011 1011 = Flow Label: 0xa693b Payload Length: 94 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 336, Ack: 6423, Len: 74 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 74] Sequence number: 336 (relative sequence number) [Next sequence number: 411 (relative sequence number)] Acknowledgment number: 6423 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x019 (FIN, PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······AP··F] Window size value: 326 [Calculated window size: 41728] [Window size scaling factor: 128] Checksum: 0xe786 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.003070000 seconds] [Bytes in flight: 81] [Bytes sent since last PSH flag: 74] TCP payload (74 bytes) Secure Sockets Layer TLSv1.3 Record Layer: Application Data Protocol: http-over-tls Opaque Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 69 Encrypted Application Data: e6a9300bdc2b7b2497de843d77410ee7c612e5e62b6bc925... Frame 10: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.362447000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.362447000 seconds [Time delta from previous captured frame: 0.003008000 seconds] [Time delta from previous displayed frame: 0.003008000 seconds] [Time since reference or first frame: 0.015693000 seconds] Frame Number: 10 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0), Dst: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Destination: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) Address: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2400:cb00:2048:1::6814:55, Dst: 2001:67c:370:1998:9819:4f92:d0c0:e94d 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 0101 1010 1001 0010 1000 = Flow Label: 0x5a928 Payload Length: 20 Next Header: TCP (6) Hop Limit: 61 Source: 2400:cb00:2048:1::6814:55 Destination: 2001:67c:370:1998:9819:4f92:d0c0:e94d [Source GeoIP: United States, United States] [Source GeoIP Country: United States] [Source GeoIP Country: United States] [Destination GeoIP: Switzerland, Switzerland] [Destination GeoIP Country: Switzerland] [Destination GeoIP Country: Switzerland] Transmission Control Protocol, Src Port: https (443), Dst Port: 36866 (36866), Seq: 6423, Ack: 411, Len: 0 Source Port: https (443) Destination Port: 36866 (36866) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 6423 (relative sequence number) Acknowledgment number: 411 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 25 [Calculated window size: 25600] [Window size scaling factor: 1024] Checksum: 0xcc86 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.003008000 seconds] [iRTT: 0.003070000 seconds] Frame 11: 524 bytes on wire (4192 bits), 524 bytes captured (4192 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.362496000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.362496000 seconds [Time delta from previous captured frame: 0.000049000 seconds] [Time delta from previous displayed frame: 0.000049000 seconds] [Time since reference or first frame: 0.015742000 seconds] Frame Number: 11 Frame Length: 524 bytes (4192 bits) Capture Length: 524 bytes (4192 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp:ssl] Ethernet II, Src: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0), Dst: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Destination: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) Address: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2400:cb00:2048:1::6814:55, Dst: 2001:67c:370:1998:9819:4f92:d0c0:e94d 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 0101 1010 1001 0010 1000 = Flow Label: 0x5a928 Payload Length: 470 Next Header: TCP (6) Hop Limit: 61 Source: 2400:cb00:2048:1::6814:55 Destination: 2001:67c:370:1998:9819:4f92:d0c0:e94d [Source GeoIP: United States, United States] [Source GeoIP Country: United States] [Source GeoIP Country: United States] [Destination GeoIP: Switzerland, Switzerland] [Destination GeoIP Country: Switzerland] [Destination GeoIP Country: Switzerland] Transmission Control Protocol, Src Port: https (443), Dst Port: 36866 (36866), Seq: 6423, Ack: 411, Len: 450 Source Port: https (443) Destination Port: 36866 (36866) [Stream index: 0] [TCP Segment Len: 450] Sequence number: 6423 (relative sequence number) [Next sequence number: 6873 (relative sequence number)] Acknowledgment number: 411 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 25 [Calculated window size: 25600] [Window size scaling factor: 1024] Checksum: 0x1ef1 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.003070000 seconds] [Bytes in flight: 450] [Bytes sent since last PSH flag: 450] TCP payload (450 bytes) Secure Sockets Layer TLSv1.3 Record Layer: Application Data Protocol: http-over-tls Opaque Type: Application Data (23) Version: TLS 1.2 (0x0303) Length: 445 Encrypted Application Data: 3bb77e169510e459edb5e718a43a1b239262482128afeea2... Frame 12: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.362524000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.362524000 seconds [Time delta from previous captured frame: 0.000028000 seconds] [Time delta from previous displayed frame: 0.000028000 seconds] [Time since reference or first frame: 0.015770000 seconds] Frame Number: 12 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1001 1100 0111 0100 0000 = Flow Label: 0x9c740 Payload Length: 20 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 411, Len: 0 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 411 (relative sequence number) Acknowledgment number: 0 0101 .... = Header Length: 20 bytes (5) Flags: 0x004 (RST) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .1.. = Reset: Set [Expert Info (Warning/Sequence): Connection reset (RST)] [Connection reset (RST)] [Severity level: Warning] [Group: Sequence] .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·········R··] Window size value: 0 [Calculated window size: 0] [Window size scaling factor: 128] Checksum: 0xa0a1 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Frame 13: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.362542000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.362542000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.000018000 seconds] [Time since reference or first frame: 0.015788000 seconds] Frame Number: 13 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0), Dst: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Destination: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) Address: JuniperN_8a:a8:b0 (08:81:f4:8a:a8:b0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2400:cb00:2048:1::6814:55, Dst: 2001:67c:370:1998:9819:4f92:d0c0:e94d 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 0101 1010 1001 0010 1000 = Flow Label: 0x5a928 Payload Length: 20 Next Header: TCP (6) Hop Limit: 61 Source: 2400:cb00:2048:1::6814:55 Destination: 2001:67c:370:1998:9819:4f92:d0c0:e94d [Source GeoIP: United States, United States] [Source GeoIP Country: United States] [Source GeoIP Country: United States] [Destination GeoIP: Switzerland, Switzerland] [Destination GeoIP Country: Switzerland] [Destination GeoIP Country: Switzerland] Transmission Control Protocol, Src Port: https (443), Dst Port: 36866 (36866), Seq: 6873, Ack: 411, Len: 0 Source Port: https (443) Destination Port: 36866 (36866) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 6873 (relative sequence number) Acknowledgment number: 411 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] Window size value: 25 [Calculated window size: 25600] [Window size scaling factor: 1024] Checksum: 0xcac3 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Frame 14: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 16, 2018 11:25:49.362547000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1531754749.362547000 seconds [Time delta from previous captured frame: 0.000005000 seconds] [Time delta from previous displayed frame: 0.000005000 seconds] [Time since reference or first frame: 0.015793000 seconds] Frame Number: 14 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ipv6:tcp] Ethernet II, Src: IntelCor_18:6f:48 (b8:08:cf:18:6f:48), Dst: USDepart_00:02:c6 (00:00:5e:00:02:c6) Destination: USDepart_00:02:c6 (00:00:5e:00:02:c6) Address: USDepart_00:02:c6 (00:00:5e:00:02:c6) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) Address: IntelCor_18:6f:48 (b8:08:cf:18:6f:48) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: 2001:67c:370:1998:9819:4f92:d0c0:e94d, Dst: 2400:cb00:2048:1::6814:55 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1001 1100 0111 0100 0000 = Flow Label: 0x9c740 Payload Length: 20 Next Header: TCP (6) Hop Limit: 64 Source: 2001:67c:370:1998:9819:4f92:d0c0:e94d Destination: 2400:cb00:2048:1::6814:55 [Source GeoIP: Switzerland, Switzerland] [Source GeoIP Country: Switzerland] [Source GeoIP Country: Switzerland] [Destination GeoIP: United States, United States] [Destination GeoIP Country: United States] [Destination GeoIP Country: United States] Transmission Control Protocol, Src Port: 36866 (36866), Dst Port: https (443), Seq: 411, Len: 0 Source Port: 36866 (36866) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 411 (relative sequence number) Acknowledgment number: 0 0101 .... = Header Length: 20 bytes (5) Flags: 0x004 (RST) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .1.. = Reset: Set [Expert Info (Warning/Sequence): Connection reset (RST)] [Connection reset (RST)] [Severity level: Warning] [Group: Sequence] .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·········R··] Window size value: 0 [Calculated window size: 0] [Window size scaling factor: 128] Checksum: 0xa0a1 [unverified] [Checksum Status: Unverified] Urgent pointer: 0