Loading

http / https tcpdump

  1. # in both cases I issued the request on another machine in the network
  2. $ tcpdump -Qin port 80
  3. 14:30:24.203278 IP x.x.x.x.55278 > 192.168.0.2.80: Flags [S], seq 1257976003, win 64240, options [mss 1460,sackOK,TS val 3041170034 ecr 0,nop,wscale 7], length 0
  4. 14:30:24.207283 IP x.x.x.x.80 > 192.168.0.2.55278: Flags [S.], seq 355822750, ack 1257976004, win 28960, options [mss 1460,sackOK,TS val 4109597069 ecr 3041170034,nop,wscale 7], length 0
  5. 14:30:24.208378 IP x.x.x.x.55278 > 192.168.0.2.80: Flags [.], ack 355822751, win 502, options [nop,nop,TS val 3041170039 ecr 4109597069], length 0
  6. 14:30:24.208796 IP x.x.x.x.55278 > 192.168.0.2.80: Flags [P.], seq 0:81, ack 1, win 502, options [nop,nop,TS val 3041170039 ecr 4109597069], length 81: HTTP: GET / HTTP/1.1
  7. 14:30:24.210961 IP x.x.x.x.80 > 192.168.0.2.55278: Flags [.], ack 82, win 227, options [nop,nop,TS val 4109597074 ecr 3041170039], length 0
  8. 14:30:24.211950 IP x.x.x.x.80 > 192.168.0.2.55278: Flags [P.], seq 1:387, ack 82, win 227, options [nop,nop,TS val 4109597074 ecr 3041170039], length 386: HTTP: HTTP/1.1 301 Moved Permanently
  9.  
  10. $ tcpdump -Qin port 443
  11. # curl hangs, but there seems to be quite a bit of other traffic; the ip from above doesn't show up
  12. 14:31:12.584833 IP 217.182.80.236.443 > 192.168.0.2.57240: Flags [.], seq 4289566586:4289568034, ack 2040040793, win 258, options [nop,nop,TS val 2255012346 ecr 397726003], length 1448
  13. 14:31:12.585076 IP 217.182.80.236.443 > 192.168.0.2.57240: Flags [.], seq 1448:2896, ack 1, win 258, options [nop,nop,TS val 2255012346 ecr 397726003], length 1448
  14. 14:31:12.585176 IP 217.182.80.236.443 > 192.168.0.2.57240: Flags [P.], seq 2896:3228, ack 1, win 258, options [nop,nop,TS val 2255012346 ecr 397726003], length 332
  15. 14:31:15.411824 IP ec2-34-223-238-174.us-west-2.compute.amazonaws.com.443 > 192.168.0.2.53948: Flags [P.], seq 3991993989:3991994568, ack 95908522, win 422, options [nop,nop,TS val 1421930260 ecr 1611761398], length 579
  16. 14:31:15.561041 IP ec2-52-207-41-59.compute-1.amazonaws.com.443 > 192.168.0.2.37057: Flags [P.], seq 4251464378:4251464409, ack 391990051, win 114, options [nop,nop,TS val 1855329679 ecr 4599977], length 31
  17. 14:31:15.561179 IP ec2-52-207-41-59.compute-1.amazonaws.com.443 > 192.168.0.2.37057: Flags [F.], seq 31, ack 1, win 114, options [nop,nop,TS val 1855329679 ecr 4599977], length 0
  18. 14:31:15.592494 IP 104.20.20.236.443 > 192.168.0.2.52588: Flags [P.], seq 1432238368:1432238693, ack 351831604, win 511, length 325
  19. 14:31:15.592644 IP 104.20.20.236.443 > 192.168.0.2.52588: Flags [P.], seq 325:356, ack 1, win 511, length 31
  20. 14:31:15.743731 IP 104.20.20.236.443 > 192.168.0.2.52588: Flags [.], ack 160, win 511, length 0
  21. 14:31:15.771958 IP 104.20.20.236.443 > 192.168.0.2.52588: Flags [P.], seq 356:771, ack 160, win 511, length 415
  22. 14:31:15.772095 IP 104.20.20.236.443 > 192.168.0.2.52588: Flags [P.], seq 771:802, ack 160, win 511, length 31
  23. 14:31:15.795302 IP ec2-52-207-41-59.compute-1.amazonaws.com.443 > 192.168.0.2.37057: Flags [F.], seq 31, ack 1, win 114, options [nop,nop,TS val 1855329738 ecr 4599977], length 0
  24. 14:31:15.828444 IP 104.20.20.236.443 > 192.168.0.2.52588: Flags [.], ack 542, win 511, length 0
  25. 14:31:15.991619 IP 194.50.69.193.443 > 192.168.0.2.44776: Flags [.], ack 4202874822, win 14618, length 0
  26. 14:31:15.991770 IP 194.50.69.193.443 > 192.168.0.2.44776: Flags [.], ack 33, win 14587, length 0
  27. 14:31:15.992303 IP 194.50.69.193.443 > 192.168.0.2.44776: Flags [F.], seq 0, ack 33, win 14587, length 0
  28. 14:31:18.524124 IP 46.101.150.180.443 > 192.168.0.2.50096: Flags [.], ack 62848221, win 1452, options [nop,nop,TS val 816849615 ecr 1111702659], length 0
  29. 14:31:18.593673 IP ec2-52-24-213-91.us-west-2.compute.amazonaws.com.443 > 192.168.0.2.38690: Flags [.], ack 1033849909, win 115, options [nop,nop,TS val 173420723 ecr 3034066972], length 0
  30. 14:31:18.610682 IP 46.101.150.180.443 > 192.168.0.2.50096: Flags [.], ack 168, win 1452, options [nop,nop,TS val 816849702 ecr 1111702789], length 0
  31. 14:31:18.616473 IP 46.101.150.180.443 > 192.168.0.2.50096: Flags [P.], seq 0:747, ack 168, win 1452, options [nop,nop,TS val 816849708 ecr 1111702789], length 747
  32. 14:31:18.652030 IP 185.17.245.5.443 > 192.168.0.2.32838: Flags [.], ack 3461518559, win 65076, length 0
  33. 14:31:18.652182 IP 185.17.245.5.443 > 192.168.0.2.32838: Flags [P.], seq 0:42, ack 1, win 65076, length 42
  34. 14:31:18.719453 IP 185.17.245.5.443 > 192.168.0.2.32838: Flags [.], ack 182, win 65076, length 0
  35. 14:31:18.798518 IP 185.17.245.5.443 > 192.168.0.2.32838: Flags [P.], seq 42:951, ack 182, win 65076, length 909
  36. 14:31:20.100086 IP ec2-52-18-148-152.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.47962: Flags [.], ack 988904532, win 126, options [nop,nop,TS val 3362765007 ecr 1068183328,nop,nop,sack 1 {32:33}], length 0
  37. 14:31:20.100226 IP ec2-52-18-148-152.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.47962: Flags [.], ack 33, win 126, options [nop,nop,TS val 3362765007 ecr 1068196254], length 0
  38. 14:31:20.100304 IP ec2-52-18-148-152.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.47962: Flags [P.], seq 0:31, ack 33, win 126, options [nop,nop,TS val 3362765007 ecr 1068196254], length 31
  39. 14:31:20.100386 IP ec2-34-243-21-190.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.38664: Flags [.], ack 68006717, win 137, options [nop,nop,TS val 1512019038 ecr 885402356,nop,nop,sack 1 {32:33}], length 0
  40. 14:31:20.100464 IP ec2-34-243-21-190.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.38664: Flags [.], ack 33, win 137, options [nop,nop,TS val 1512019038 ecr 885433871], length 0
  41. 14:31:20.100518 IP ec2-34-243-21-190.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.38664: Flags [P.], seq 0:31, ack 33, win 137, options [nop,nop,TS val 1512019038 ecr 885433871], length 31
  42. 14:31:20.100587 IP ec2-52-18-148-152.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.47962: Flags [F.], seq 31, ack 33, win 126, options [nop,nop,TS val 3362765007 ecr 1068196254], length 0
  43. 14:31:20.100636 IP ec2-34-243-21-190.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.38664: Flags [F.], seq 31, ack 33, win 137, options [nop,nop,TS val 1512019038 ecr 885433871], length 0
  44. 14:31:20.120735 IP ec2-34-251-59-153.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.60790: Flags [S.], seq 3235094197, ack 2183780524, win 26847, options [mss 1460,sackOK,TS val 161032492 ecr 762147550,nop,wscale 8], length 0
  45. 14:31:20.162385 IP ec2-34-251-59-153.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.60790: Flags [.], ack 518, win 110, options [nop,nop,TS val 161032503 ecr 762147592], length 0
  46. 14:31:20.162752 IP ec2-34-251-59-153.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.60790: Flags [P.], seq 1:146, ack 518, win 110, options [nop,nop,TS val 161032503 ecr 762147592], length 145
  47. 14:31:20.206869 IP ec2-34-251-59-153.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.60790: Flags [.], ack 569, win 110, options [nop,nop,TS val 161032514 ecr 762147633], length 0
  48. 14:31:20.216592 IP ec2-34-251-59-153.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.60790: Flags [.], ack 2183, win 125, options [nop,nop,TS val 161032516 ecr 762147646], length 0
  49. 14:31:20.268831 IP ec2-34-251-59-153.eu-west-1.compute.amazonaws.com.443 > 192.168.0.2.60790: Flags [P.], seq 146:479, ack 2183, win 125, options [nop,nop,TS val 161032529 ecr 762147646], length 333
  50. 14:31:20.283895 IP ec2-52-207-41-59.compute-1.amazonaws.com.443 > 192.168.0.2.37057: Flags [R], seq 4251464410, win 0, length 0
  51. 14:31:20.287439 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [S.], seq 3732723132, ack 3827527076, win 26847, options [mss 1460,sackOK,TS val 322844871 ecr 4602109,nop,wscale 8], length 0
  52. 14:31:20.401053 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [.], ack 518, win 110, options [nop,nop,TS val 322844900 ecr 4602143], length 0
  53. 14:31:20.402908 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [.], seq 1:1449, ack 518, win 110, options [nop,nop,TS val 322844900 ecr 4602143], length 1448
  54. 14:31:20.403063 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [P.], seq 1449:2457, ack 518, win 110, options [nop,nop,TS val 322844900 ecr 4602143], length 1008
  55. 14:31:20.552657 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [P.], seq 2457:2747, ack 644, win 110, options [nop,nop,TS val 322844938 ecr 4602188], length 290
  56. 14:31:20.666754 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [P.], seq 2747:2942, ack 988, win 114, options [nop,nop,TS val 322844966 ecr 4602223], length 195
  57. 14:31:20.670395 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [P.], seq 2942:3013, ack 988, win 114, options [nop,nop,TS val 322844967 ecr 4602223], length 71
  58. 14:31:20.827635 IP ec2-52-20-247-134.compute-1.amazonaws.com.443 > 192.168.0.2.40430: Flags [.], ack 1049, win 114, options [nop,nop,TS val 322845007 ecr 4602258], length 0
  59. 14:31:22.425908 IP ec2-34-223-238-174.us-west-2.compute.amazonaws.com.443 > 192.168.0.2.53948: Flags [P.], seq 579:1158, ack 1197, win 422, options [nop,nop,TS val 1421932013 ecr 1611768413], length 579
  60. 14:31:25.482374 IP 185.17.245.5.443 > 192.168.0.2.32838: Flags [.], ack 283, win 65076, length 0
  61. 14:31:25.482488 IP 185.17.245.5.443 > 192.168.0.2.32838: Flags [P.], seq 951:993, ack 283, win 65076, length 42
  62. 14:31:25.523632 IP 46.101.150.180.443 > 192.168.0.2.50096: Flags [.], ack 246, win 1452, options [nop,nop,TS val 816856615 ecr 1111709660], length 0
  63. 14:31:25.601518 IP 46.101.150.180.443 > 192.168.0.2.50096: Flags [.], ack 422, win 1452, options [nop,nop,TS val 816856693 ecr 1111709775], length 0