No. Time Source Destination Protocol Info 143 2012-06-20 08:38:35.745457 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 143: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:35.745457000 GMT Daylight Time Epoch Time: 1340177915.745457000 seconds [Time delta from previous captured frame: 0.000131000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 7.723671000 seconds] Frame Number: 143 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2297 (8855) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd938 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237 Source port: call-sig-trans (2517) Destination port: http (80) [Stream index: 8] Sequence number: 227 (relative sequence number) [Next sequence number: 464 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x5972 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 463] TCP segment data (237 bytes) [2 Reassembled TCP Segments (463 bytes): #142(226), #143(237)] [Frame: 142, payload: 0-225 (226 bytes)] [Frame: 143, payload: 226-462 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 463] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 203 2012-06-20 08:38:36.322966 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 203: 838 bytes on wire (6704 bits), 838 bytes captured (6704 bits) Arrival Time: Jun 20, 2012 08:38:36.322966000 GMT Daylight Time Epoch Time: 1340177916.322966000 seconds [Time delta from previous captured frame: 0.000027000 seconds] [Time delta from previous displayed frame: 0.577509000 seconds] [Time since reference or first frame: 8.301180000 seconds] Frame Number: 203 Frame Length: 838 bytes (6704 bits) Capture Length: 838 bytes (6704 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 824 Identification: 0x0a27 (2599) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x3b86 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: call-sig-trans (2517), Seq: 50262, Ack: 464, Len: 784 Source port: http (80) Destination port: call-sig-trans (2517) [Stream index: 8] Sequence number: 50262 (relative sequence number) [Next sequence number: 51046 (relative sequence number)] Acknowledgement number: 464 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xec07 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2164] TCP segment data (784 bytes) [38 Reassembled TCP Segments (51045 bytes): #147(1380), #148(1380), #150(1380), #151(1380), #153(1380), #154(1380), #156(1380), #157(1380), #159(581), #160(1380), #162(1380), #163(1380), #165(1380), #166(1380), #168(1380), #169(1380), #171(] [Frame: 147, payload: 0-1379 (1380 bytes)] [Frame: 148, payload: 1380-2759 (1380 bytes)] [Frame: 150, payload: 2760-4139 (1380 bytes)] [Frame: 151, payload: 4140-5519 (1380 bytes)] [Frame: 153, payload: 5520-6899 (1380 bytes)] [Frame: 154, payload: 6900-8279 (1380 bytes)] [Frame: 156, payload: 8280-9659 (1380 bytes)] [Frame: 157, payload: 9660-11039 (1380 bytes)] [Frame: 159, payload: 11040-11620 (581 bytes)] [Frame: 160, payload: 11621-13000 (1380 bytes)] [Frame: 162, payload: 13001-14380 (1380 bytes)] [Frame: 163, payload: 14381-15760 (1380 bytes)] [Frame: 165, payload: 15761-17140 (1380 bytes)] [Frame: 166, payload: 17141-18520 (1380 bytes)] [Frame: 168, payload: 18521-19900 (1380 bytes)] [Frame: 169, payload: 19901-21280 (1380 bytes)] [Frame: 171, payload: 21281-22660 (1380 bytes)] [Frame: 172, payload: 22661-24040 (1380 bytes)] [Frame: 174, payload: 24041-25420 (1380 bytes)] [Frame: 175, payload: 25421-26800 (1380 bytes)] [Frame: 177, payload: 26801-28180 (1380 bytes)] [Frame: 178, payload: 28181-29560 (1380 bytes)] [Frame: 180, payload: 29561-30940 (1380 bytes)] [Frame: 181, payload: 30941-32320 (1380 bytes)] [Frame: 183, payload: 32321-33700 (1380 bytes)] [Frame: 185, payload: 33701-35080 (1380 bytes)] [Frame: 187, payload: 35081-36460 (1380 bytes)] [Frame: 188, payload: 36461-37840 (1380 bytes)] [Frame: 190, payload: 37841-39220 (1380 bytes)] [Frame: 191, payload: 39221-40600 (1380 bytes)] [Frame: 193, payload: 40601-41980 (1380 bytes)] [Frame: 194, payload: 41981-43360 (1380 bytes)] [Frame: 196, payload: 43361-44740 (1380 bytes)] [Frame: 197, payload: 44741-46120 (1380 bytes)] [Frame: 199, payload: 46121-47500 (1380 bytes)] [Frame: 200, payload: 47501-48880 (1380 bytes)] [Frame: 202, payload: 48881-50260 (1380 bytes)] [Frame: 203, payload: 50261-51044 (784 bytes)] [Segment count: 38] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:17 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:17 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 206 2012-06-20 08:38:36.323359 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 206: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:36.323359000 GMT Daylight Time Epoch Time: 1340177916.323359000 seconds [Time delta from previous captured frame: 0.000101000 seconds] [Time delta from previous displayed frame: 0.000393000 seconds] [Time since reference or first frame: 8.301573000 seconds] Frame Number: 206 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x22ac (8876) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd923 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 664, Ack: 51046, Len: 237 Source port: call-sig-trans (2517) Destination port: http (80) [Stream index: 8] Sequence number: 664 (relative sequence number) [Next sequence number: 901 (relative sequence number)] Acknowledgement number: 51046 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x9057 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #205(200), #206(237)] [Frame: 205, payload: 0-199 (200 bytes)] [Frame: 206, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 267 2012-06-20 08:38:36.755897 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 267: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) Arrival Time: Jun 20, 2012 08:38:36.755897000 GMT Daylight Time Epoch Time: 1340177916.755897000 seconds [Time delta from previous captured frame: 0.000005000 seconds] [Time delta from previous displayed frame: 0.432538000 seconds] [Time since reference or first frame: 8.734111000 seconds] Frame Number: 267 Frame Length: 566 bytes (4528 bits) Capture Length: 566 bytes (4528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 552 Identification: 0x0a51 (2641) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x3c6c [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: call-sig-trans (2517), Seq: 101579, Ack: 901, Len: 512 Source port: http (80) Destination port: call-sig-trans (2517) [Stream index: 8] Sequence number: 101579 (relative sequence number) [Next sequence number: 102091 (relative sequence number)] Acknowledgement number: 901 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x9696 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1892] TCP segment data (512 bytes) [40 Reassembled TCP Segments (51045 bytes): #209(1380), #210(1380), #212(1380), #213(1380), #215(1380), #216(1380), #218(445), #219(1380), #221(1380), #222(1380), #224(1380), #225(272), #227(1380), #228(1380), #230(136), #231(1380), #233(13] [Frame: 209, payload: 0-1379 (1380 bytes)] [Frame: 210, payload: 1380-2759 (1380 bytes)] [Frame: 212, payload: 2760-4139 (1380 bytes)] [Frame: 213, payload: 4140-5519 (1380 bytes)] [Frame: 215, payload: 5520-6899 (1380 bytes)] [Frame: 216, payload: 6900-8279 (1380 bytes)] [Frame: 218, payload: 8280-8724 (445 bytes)] [Frame: 219, payload: 8725-10104 (1380 bytes)] [Frame: 221, payload: 10105-11484 (1380 bytes)] [Frame: 222, payload: 11485-12864 (1380 bytes)] [Frame: 224, payload: 12865-14244 (1380 bytes)] [Frame: 225, payload: 14245-14516 (272 bytes)] [Frame: 227, payload: 14517-15896 (1380 bytes)] [Frame: 228, payload: 15897-17276 (1380 bytes)] [Frame: 230, payload: 17277-17412 (136 bytes)] [Frame: 231, payload: 17413-18792 (1380 bytes)] [Frame: 233, payload: 18793-20172 (1380 bytes)] [Frame: 234, payload: 20173-21552 (1380 bytes)] [Frame: 236, payload: 21553-22932 (1380 bytes)] [Frame: 237, payload: 22933-24312 (1380 bytes)] [Frame: 239, payload: 24313-25692 (1380 bytes)] [Frame: 240, payload: 25693-27072 (1380 bytes)] [Frame: 242, payload: 27073-28452 (1380 bytes)] [Frame: 243, payload: 28453-29832 (1380 bytes)] [Frame: 245, payload: 29833-31212 (1380 bytes)] [Frame: 246, payload: 31213-32592 (1380 bytes)] [Frame: 248, payload: 32593-33972 (1380 bytes)] [Frame: 249, payload: 33973-35352 (1380 bytes)] [Frame: 251, payload: 35353-36732 (1380 bytes)] [Frame: 252, payload: 36733-38112 (1380 bytes)] [Frame: 254, payload: 38113-39492 (1380 bytes)] [Frame: 255, payload: 39493-40872 (1380 bytes)] [Frame: 257, payload: 40873-42252 (1380 bytes)] [Frame: 258, payload: 42253-43632 (1380 bytes)] [Frame: 260, payload: 43633-45012 (1380 bytes)] [Frame: 261, payload: 45013-46392 (1380 bytes)] [Frame: 263, payload: 46393-47772 (1380 bytes)] [Frame: 264, payload: 47773-49152 (1380 bytes)] [Frame: 266, payload: 49153-50532 (1380 bytes)] [Frame: 267, payload: 50533-51044 (512 bytes)] [Segment count: 40] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:17 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:17 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 270 2012-06-20 08:38:36.756239 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 270: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:36.756239000 GMT Daylight Time Epoch Time: 1340177916.756239000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.000342000 seconds] [Time since reference or first frame: 8.734453000 seconds] Frame Number: 270 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x22c2 (8898) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd90d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 1101, Ack: 102091, Len: 237 Source port: call-sig-trans (2517) Destination port: http (80) [Stream index: 8] Sequence number: 1101 (relative sequence number) [Next sequence number: 1338 (relative sequence number)] Acknowledgement number: 102091 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc73c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #269(200), #270(237)] [Frame: 269, payload: 0-199 (200 bytes)] [Frame: 270, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 339 2012-06-20 08:38:37.190108 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 339: 1402 bytes on wire (11216 bits), 1402 bytes captured (11216 bits) Arrival Time: Jun 20, 2012 08:38:37.190108000 GMT Daylight Time Epoch Time: 1340177917.190108000 seconds [Time delta from previous captured frame: 0.000107000 seconds] [Time delta from previous displayed frame: 0.433869000 seconds] [Time since reference or first frame: 9.168322000 seconds] Frame Number: 339 Frame Length: 1402 bytes (11216 bits) Capture Length: 1402 bytes (11216 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1388 Identification: 0x0a7c (2684) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x38fd [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: call-sig-trans (2517), Seq: 151788, Ack: 1338, Len: 1348 Source port: http (80) Destination port: call-sig-trans (2517) [Stream index: 8] Sequence number: 151788 (relative sequence number) [Next sequence number: 153136 (relative sequence number)] Acknowledgement number: 1338 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x65a1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1348] TCP segment data (1348 bytes) [41 Reassembled TCP Segments (51045 bytes): #274(1380), #275(105), #277(1380), #278(68), #280(1380), #281(1380), #283(1380), #284(204), #286(1380), #287(1380), #289(1380), #290(1380), #292(1380), #293(340), #295(1380), #296(1380), #298(1380] [Frame: 274, payload: 0-1379 (1380 bytes)] [Frame: 275, payload: 1380-1484 (105 bytes)] [Frame: 277, payload: 1485-2864 (1380 bytes)] [Frame: 278, payload: 2865-2932 (68 bytes)] [Frame: 280, payload: 2933-4312 (1380 bytes)] [Frame: 281, payload: 4313-5692 (1380 bytes)] [Frame: 283, payload: 5693-7072 (1380 bytes)] [Frame: 284, payload: 7073-7276 (204 bytes)] [Frame: 286, payload: 7277-8656 (1380 bytes)] [Frame: 287, payload: 8657-10036 (1380 bytes)] [Frame: 289, payload: 10037-11416 (1380 bytes)] [Frame: 290, payload: 11417-12796 (1380 bytes)] [Frame: 292, payload: 12797-14176 (1380 bytes)] [Frame: 293, payload: 14177-14516 (340 bytes)] [Frame: 295, payload: 14517-15896 (1380 bytes)] [Frame: 296, payload: 15897-17276 (1380 bytes)] [Frame: 298, payload: 17277-18656 (1380 bytes)] [Frame: 299, payload: 18657-20036 (1380 bytes)] [Frame: 301, payload: 20037-21416 (1380 bytes)] [Frame: 302, payload: 21417-22796 (1380 bytes)] [Frame: 304, payload: 22797-24176 (1380 bytes)] [Frame: 305, payload: 24177-25556 (1380 bytes)] [Frame: 307, payload: 25557-26936 (1380 bytes)] [Frame: 308, payload: 26937-28316 (1380 bytes)] [Frame: 310, payload: 28317-28996 (680 bytes)] [Frame: 316, payload: 28997-30376 (1380 bytes)] [Frame: 318, payload: 30377-31756 (1380 bytes)] [Frame: 319, payload: 31757-33136 (1380 bytes)] [Frame: 321, payload: 33137-34516 (1380 bytes)] [Frame: 322, payload: 34517-35896 (1380 bytes)] [Frame: 324, payload: 35897-37276 (1380 bytes)] [Frame: 325, payload: 37277-38656 (1380 bytes)] [Frame: 327, payload: 38657-40036 (1380 bytes)] [Frame: 328, payload: 40037-41416 (1380 bytes)] [Frame: 330, payload: 41417-42796 (1380 bytes)] [Frame: 331, payload: 42797-44176 (1380 bytes)] [Frame: 333, payload: 44177-45556 (1380 bytes)] [Frame: 334, payload: 45557-46936 (1380 bytes)] [Frame: 336, payload: 46937-48316 (1380 bytes)] [Frame: 337, payload: 48317-49696 (1380 bytes)] [Frame: 339, payload: 49697-51044 (1348 bytes)] [Segment count: 41] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:18 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:18 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 340 2012-06-20 08:38:37.190417 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 340: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits) Arrival Time: Jun 20, 2012 08:38:37.190417000 GMT Daylight Time Epoch Time: 1340177917.190417000 seconds [Time delta from previous captured frame: 0.000309000 seconds] [Time delta from previous displayed frame: 0.000309000 seconds] [Time since reference or first frame: 9.168631000 seconds] Frame Number: 340 Frame Length: 188 bytes (1504 bits) Capture Length: 188 bytes (1504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 174 Identification: 0x22d7 (8919) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd95f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 1338, Ack: 153136, Len: 134 Source port: call-sig-trans (2517) Destination port: http (80) [Stream index: 8] Sequence number: 1338 (relative sequence number) [Next sequence number: 1472 (relative sequence number)] Acknowledgement number: 153136 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0x5120 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 339] [The RTT to ACK the segment was: 0.000309000 seconds] [Bytes in flight: 134] Hypertext Transfer Protocol HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] No. Time Source Destination Protocol Info 359 2012-06-20 08:38:37.468853 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 359: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:37.468853000 GMT Daylight Time Epoch Time: 1340177917.468853000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.278436000 seconds] [Time since reference or first frame: 9.447067000 seconds] Frame Number: 359 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x22dd (8925) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd8f2 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: willy (2518) Destination port: http (80) [Stream index: 9] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xe881 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #358(225), #359(237)] [Frame: 358, payload: 0-224 (225 bytes)] [Frame: 359, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 423 2012-06-20 08:38:38.061220 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 423: 536 bytes on wire (4288 bits), 536 bytes captured (4288 bits) Arrival Time: Jun 20, 2012 08:38:38.061220000 GMT Daylight Time Epoch Time: 1340177918.061220000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.592367000 seconds] [Time since reference or first frame: 10.039434000 seconds] Frame Number: 423 Frame Length: 536 bytes (4288 bits) Capture Length: 536 bytes (4288 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 522 Identification: 0xb883 (47235) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x8e57 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: willy (2518), Seq: 49922, Ack: 463, Len: 482 Source port: http (80) Destination port: willy (2518) [Stream index: 9] Sequence number: 49922 (relative sequence number) [Next sequence number: 50404 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x4b62 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1862] TCP segment data (482 bytes) [38 Reassembled TCP Segments (50403 bytes): #365(1380), #366(1380), #368(1380), #369(241), #371(1380), #372(1380), #374(1380), #375(1380), #377(1380), #378(1380), #383(1380), #384(1380), #386(1380), #387(1380), #389(1380), #390(1380), #392(] [Frame: 365, payload: 0-1379 (1380 bytes)] [Frame: 366, payload: 1380-2759 (1380 bytes)] [Frame: 368, payload: 2760-4139 (1380 bytes)] [Frame: 369, payload: 4140-4380 (241 bytes)] [Frame: 371, payload: 4381-5760 (1380 bytes)] [Frame: 372, payload: 5761-7140 (1380 bytes)] [Frame: 374, payload: 7141-8520 (1380 bytes)] [Frame: 375, payload: 8521-9900 (1380 bytes)] [Frame: 377, payload: 9901-11280 (1380 bytes)] [Frame: 378, payload: 11281-12660 (1380 bytes)] [Frame: 383, payload: 12661-14040 (1380 bytes)] [Frame: 384, payload: 14041-15420 (1380 bytes)] [Frame: 386, payload: 15421-16800 (1380 bytes)] [Frame: 387, payload: 16801-18180 (1380 bytes)] [Frame: 389, payload: 18181-19560 (1380 bytes)] [Frame: 390, payload: 19561-20940 (1380 bytes)] [Frame: 392, payload: 20941-22320 (1380 bytes)] [Frame: 393, payload: 22321-23700 (1380 bytes)] [Frame: 395, payload: 23701-25080 (1380 bytes)] [Frame: 396, payload: 25081-26460 (1380 bytes)] [Frame: 398, payload: 26461-27840 (1380 bytes)] [Frame: 399, payload: 27841-29220 (1380 bytes)] [Frame: 401, payload: 29221-30600 (1380 bytes)] [Frame: 402, payload: 30601-31980 (1380 bytes)] [Frame: 404, payload: 31981-33360 (1380 bytes)] [Frame: 405, payload: 33361-34740 (1380 bytes)] [Frame: 407, payload: 34741-36120 (1380 bytes)] [Frame: 408, payload: 36121-37500 (1380 bytes)] [Frame: 410, payload: 37501-38880 (1380 bytes)] [Frame: 411, payload: 38881-40260 (1380 bytes)] [Frame: 413, payload: 40261-41640 (1380 bytes)] [Frame: 414, payload: 41641-43020 (1380 bytes)] [Frame: 416, payload: 43021-44400 (1380 bytes)] [Frame: 417, payload: 44401-45780 (1380 bytes)] [Frame: 419, payload: 45781-47160 (1380 bytes)] [Frame: 420, payload: 47161-48540 (1380 bytes)] [Frame: 422, payload: 48541-49920 (1380 bytes)] [Frame: 423, payload: 49921-50402 (482 bytes)] [Segment count: 38] [Reassembled TCP length: 50403] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:18 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50063\r\n [Content length: 50063] Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:18 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 87\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5629 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 424 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 24 Remaining segment data (22 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 426 2012-06-20 08:38:38.061524 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 426: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:38.061524000 GMT Daylight Time Epoch Time: 1340177918.061524000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.000304000 seconds] [Time since reference or first frame: 10.039738000 seconds] Frame Number: 426 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x22f2 (8946) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd8dd [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 662, Ack: 50404, Len: 237 Source port: willy (2518) Destination port: http (80) [Stream index: 9] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 50404 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x21ea [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #425(199), #426(237)] [Frame: 425, payload: 0-198 (199 bytes)] [Frame: 426, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 488 2012-06-20 08:38:38.502166 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 488: 1100 bytes on wire (8800 bits), 1100 bytes captured (8800 bits) Arrival Time: Jun 20, 2012 08:38:38.502166000 GMT Daylight Time Epoch Time: 1340177918.502166000 seconds [Time delta from previous captured frame: 0.000080000 seconds] [Time delta from previous displayed frame: 0.440642000 seconds] [Time since reference or first frame: 10.480380000 seconds] Frame Number: 488 Frame Length: 1100 bytes (8800 bits) Capture Length: 1100 bytes (8800 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1086 Identification: 0xb8ab (47275) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x8bfb [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: willy (2518), Seq: 99761, Ack: 899, Len: 1046 Source port: http (80) Destination port: willy (2518) [Stream index: 9] Sequence number: 99761 (relative sequence number) [Next sequence number: 100807 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x6905 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2426] TCP segment data (1046 bytes) [38 Reassembled TCP Segments (50403 bytes): #430(1380), #431(1380), #433(1380), #434(1380), #436(309), #437(1380), #439(1380), #440(1380), #442(1380), #443(1380), #445(1380), #446(1380), #448(1380), #449(1380), #451(1380), #452(1380), #454(] [Frame: 430, payload: 0-1379 (1380 bytes)] [Frame: 431, payload: 1380-2759 (1380 bytes)] [Frame: 433, payload: 2760-4139 (1380 bytes)] [Frame: 434, payload: 4140-5519 (1380 bytes)] [Frame: 436, payload: 5520-5828 (309 bytes)] [Frame: 437, payload: 5829-7208 (1380 bytes)] [Frame: 439, payload: 7209-8588 (1380 bytes)] [Frame: 440, payload: 8589-9968 (1380 bytes)] [Frame: 442, payload: 9969-11348 (1380 bytes)] [Frame: 443, payload: 11349-12728 (1380 bytes)] [Frame: 445, payload: 12729-14108 (1380 bytes)] [Frame: 446, payload: 14109-15488 (1380 bytes)] [Frame: 448, payload: 15489-16868 (1380 bytes)] [Frame: 449, payload: 16869-18248 (1380 bytes)] [Frame: 451, payload: 18249-19628 (1380 bytes)] [Frame: 452, payload: 19629-21008 (1380 bytes)] [Frame: 454, payload: 21009-21756 (748 bytes)] [Frame: 458, payload: 21757-23136 (1380 bytes)] [Frame: 460, payload: 23137-24516 (1380 bytes)] [Frame: 461, payload: 24517-25896 (1380 bytes)] [Frame: 463, payload: 25897-27276 (1380 bytes)] [Frame: 464, payload: 27277-28656 (1380 bytes)] [Frame: 466, payload: 28657-30036 (1380 bytes)] [Frame: 467, payload: 30037-31416 (1380 bytes)] [Frame: 469, payload: 31417-32796 (1380 bytes)] [Frame: 470, payload: 32797-34176 (1380 bytes)] [Frame: 472, payload: 34177-35556 (1380 bytes)] [Frame: 473, payload: 35557-36936 (1380 bytes)] [Frame: 475, payload: 36937-38316 (1380 bytes)] [Frame: 476, payload: 38317-39696 (1380 bytes)] [Frame: 478, payload: 39697-41076 (1380 bytes)] [Frame: 479, payload: 41077-42456 (1380 bytes)] [Frame: 481, payload: 42457-43836 (1380 bytes)] [Frame: 482, payload: 43837-45216 (1380 bytes)] [Frame: 484, payload: 45217-46596 (1380 bytes)] [Frame: 485, payload: 46597-47976 (1380 bytes)] [Frame: 487, payload: 47977-49356 (1380 bytes)] [Frame: 488, payload: 49357-50402 (1046 bytes)] [Segment count: 38] [Reassembled TCP length: 50403] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:19 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50063\r\n [Content length: 50063] Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:19 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 87\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5629 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 424 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 24 Remaining segment data (22 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 491 2012-06-20 08:38:38.502468 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 491: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:38.502468000 GMT Daylight Time Epoch Time: 1340177918.502468000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.000302000 seconds] [Time since reference or first frame: 10.480682000 seconds] Frame Number: 491 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2308 (8968) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd8c7 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 1098, Ack: 100807, Len: 237 Source port: willy (2518) Destination port: http (80) [Stream index: 9] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 100807 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x5b52 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #490(199), #491(237)] [Frame: 490, payload: 0-198 (199 bytes)] [Frame: 491, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 558 2012-06-20 08:38:38.921462 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 558: 760 bytes on wire (6080 bits), 760 bytes captured (6080 bits) Arrival Time: Jun 20, 2012 08:38:38.921462000 GMT Daylight Time Epoch Time: 1340177918.921462000 seconds [Time delta from previous captured frame: 0.000030000 seconds] [Time delta from previous displayed frame: 0.418994000 seconds] [Time since reference or first frame: 10.899676000 seconds] Frame Number: 558 Frame Length: 760 bytes (6080 bits) Capture Length: 760 bytes (6080 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 746 Identification: 0xb8d4 (47316) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x8d26 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: willy (2518), Seq: 150504, Ack: 1335, Len: 706 Source port: http (80) Destination port: willy (2518) [Stream index: 9] Sequence number: 150504 (relative sequence number) [Next sequence number: 151210 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x9765 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 706] TCP segment data (706 bytes) [39 Reassembled TCP Segments (50403 bytes): #498(1380), #499(1380), #501(1380), #502(1380), #504(1380), #505(1380), #507(1380), #508(1380), #510(1380), #511(649), #513(1380), #514(68), #516(1380), #517(1380), #519(1380), #520(1380), #522(13] [Frame: 498, payload: 0-1379 (1380 bytes)] [Frame: 499, payload: 1380-2759 (1380 bytes)] [Frame: 501, payload: 2760-4139 (1380 bytes)] [Frame: 502, payload: 4140-5519 (1380 bytes)] [Frame: 504, payload: 5520-6899 (1380 bytes)] [Frame: 505, payload: 6900-8279 (1380 bytes)] [Frame: 507, payload: 8280-9659 (1380 bytes)] [Frame: 508, payload: 9660-11039 (1380 bytes)] [Frame: 510, payload: 11040-12419 (1380 bytes)] [Frame: 511, payload: 12420-13068 (649 bytes)] [Frame: 513, payload: 13069-14448 (1380 bytes)] [Frame: 514, payload: 14449-14516 (68 bytes)] [Frame: 516, payload: 14517-15896 (1380 bytes)] [Frame: 517, payload: 15897-17276 (1380 bytes)] [Frame: 519, payload: 17277-18656 (1380 bytes)] [Frame: 520, payload: 18657-20036 (1380 bytes)] [Frame: 522, payload: 20037-21416 (1380 bytes)] [Frame: 523, payload: 21417-22796 (1380 bytes)] [Frame: 525, payload: 22797-24176 (1380 bytes)] [Frame: 526, payload: 24177-25556 (1380 bytes)] [Frame: 528, payload: 25557-26936 (1380 bytes)] [Frame: 529, payload: 26937-28316 (1380 bytes)] [Frame: 531, payload: 28317-28996 (680 bytes)] [Frame: 535, payload: 28997-30376 (1380 bytes)] [Frame: 537, payload: 30377-31756 (1380 bytes)] [Frame: 538, payload: 31757-33136 (1380 bytes)] [Frame: 540, payload: 33137-34516 (1380 bytes)] [Frame: 541, payload: 34517-35896 (1380 bytes)] [Frame: 543, payload: 35897-37276 (1380 bytes)] [Frame: 544, payload: 37277-38656 (1380 bytes)] [Frame: 546, payload: 38657-40036 (1380 bytes)] [Frame: 547, payload: 40037-41416 (1380 bytes)] [Frame: 549, payload: 41417-42796 (1380 bytes)] [Frame: 550, payload: 42797-44176 (1380 bytes)] [Frame: 552, payload: 44177-45556 (1380 bytes)] [Frame: 553, payload: 45557-46936 (1380 bytes)] [Frame: 555, payload: 46937-48316 (1380 bytes)] [Frame: 556, payload: 48317-49696 (1380 bytes)] [Frame: 558, payload: 49697-50402 (706 bytes)] [Segment count: 39] [Reassembled TCP length: 50403] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:19 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50063\r\n [Content length: 50063] Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:19 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 87\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5629 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 424 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 24 Remaining segment data (22 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 559 2012-06-20 08:38:38.921720 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 559: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:38.921720000 GMT Daylight Time Epoch Time: 1340177918.921720000 seconds [Time delta from previous captured frame: 0.000258000 seconds] [Time delta from previous displayed frame: 0.000258000 seconds] [Time since reference or first frame: 10.899934000 seconds] Frame Number: 559 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x231c (8988) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd91b [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 1335, Ack: 151210, Len: 133 Source port: willy (2518) Destination port: http (80) [Stream index: 9] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 151210 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0xc40d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 558] [The RTT to ACK the segment was: 0.000258000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] No. Time Source Destination Protocol Info 570 2012-06-20 08:38:39.196809 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 570: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:39.196809000 GMT Daylight Time Epoch Time: 1340177919.196809000 seconds [Time delta from previous captured frame: 0.000040000 seconds] [Time delta from previous displayed frame: 0.275089000 seconds] [Time since reference or first frame: 11.175023000 seconds] Frame Number: 570 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2322 (8994) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd8ad [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: globmsgsvc (2519) Destination port: http (80) [Stream index: 11] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xdd04 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #569(225), #570(237)] [Frame: 569, payload: 0-224 (225 bytes)] [Frame: 570, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 632 2012-06-20 08:38:39.751882 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 632: 1250 bytes on wire (10000 bits), 1250 bytes captured (10000 bits) Arrival Time: Jun 20, 2012 08:38:39.751882000 GMT Daylight Time Epoch Time: 1340177919.751882000 seconds [Time delta from previous captured frame: 0.000129000 seconds] [Time delta from previous displayed frame: 0.555073000 seconds] [Time since reference or first frame: 11.730096000 seconds] Frame Number: 632 Frame Length: 1250 bytes (10000 bits) Capture Length: 1250 bytes (10000 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1236 Identification: 0xe1ca (57802) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6246 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: globmsgsvc (2519), Seq: 47366, Ack: 463, Len: 1196 Source port: http (80) Destination port: globmsgsvc (2519) [Stream index: 11] Sequence number: 47366 (relative sequence number) [Next sequence number: 48562 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x25f2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2576] TCP segment data (1196 bytes) [36 Reassembled TCP Segments (48561 bytes): #578(1380), #579(1380), #581(1380), #582(1380), #584(1380), #585(1380), #587(445), #588(1380), #590(1380), #591(1380), #593(1380), #594(1380), #596(1380), #597(1380), #599(1380), #600(1380), #602(] [Frame: 578, payload: 0-1379 (1380 bytes)] [Frame: 579, payload: 1380-2759 (1380 bytes)] [Frame: 581, payload: 2760-4139 (1380 bytes)] [Frame: 582, payload: 4140-5519 (1380 bytes)] [Frame: 584, payload: 5520-6899 (1380 bytes)] [Frame: 585, payload: 6900-8279 (1380 bytes)] [Frame: 587, payload: 8280-8724 (445 bytes)] [Frame: 588, payload: 8725-10104 (1380 bytes)] [Frame: 590, payload: 10105-11484 (1380 bytes)] [Frame: 591, payload: 11485-12864 (1380 bytes)] [Frame: 593, payload: 12865-14244 (1380 bytes)] [Frame: 594, payload: 14245-15624 (1380 bytes)] [Frame: 596, payload: 15625-17004 (1380 bytes)] [Frame: 597, payload: 17005-18384 (1380 bytes)] [Frame: 599, payload: 18385-19764 (1380 bytes)] [Frame: 600, payload: 19765-21144 (1380 bytes)] [Frame: 602, payload: 21145-22524 (1380 bytes)] [Frame: 603, payload: 22525-23904 (1380 bytes)] [Frame: 605, payload: 23905-25284 (1380 bytes)] [Frame: 606, payload: 25285-26664 (1380 bytes)] [Frame: 608, payload: 26665-28044 (1380 bytes)] [Frame: 609, payload: 28045-29424 (1380 bytes)] [Frame: 611, payload: 29425-30804 (1380 bytes)] [Frame: 612, payload: 30805-32184 (1380 bytes)] [Frame: 614, payload: 32185-33564 (1380 bytes)] [Frame: 617, payload: 33565-34944 (1380 bytes)] [Frame: 619, payload: 34945-36324 (1380 bytes)] [Frame: 620, payload: 36325-37704 (1380 bytes)] [Frame: 622, payload: 37705-39084 (1380 bytes)] [Frame: 623, payload: 39085-40464 (1380 bytes)] [Frame: 625, payload: 40465-41844 (1380 bytes)] [Frame: 626, payload: 41845-43224 (1380 bytes)] [Frame: 628, payload: 43225-44604 (1380 bytes)] [Frame: 629, payload: 44605-45984 (1380 bytes)] [Frame: 631, payload: 45985-47364 (1380 bytes)] [Frame: 632, payload: 47365-48560 (1196 bytes)] [Segment count: 36] [Reassembled TCP length: 48561] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:20 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48221\r\n [Content length: 48221] Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:20 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5828 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 429 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 23 Remaining segment data (21 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 635 2012-06-20 08:38:39.752232 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 635: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:39.752232000 GMT Daylight Time Epoch Time: 1340177919.752232000 seconds [Time delta from previous captured frame: 0.000049000 seconds] [Time delta from previous displayed frame: 0.000350000 seconds] [Time since reference or first frame: 11.730446000 seconds] Frame Number: 635 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2336 (9014) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd899 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 662, Ack: 48562, Len: 237 Source port: globmsgsvc (2519) Destination port: http (80) [Stream index: 11] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 48562 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x1d9f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #634(199), #635(237)] [Frame: 634, payload: 0-198 (199 bytes)] [Frame: 635, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 706 2012-06-20 08:38:40.248507 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 706: 638 bytes on wire (5104 bits), 638 bytes captured (5104 bits) Arrival Time: Jun 20, 2012 08:38:40.248507000 GMT Daylight Time Epoch Time: 1340177920.248507000 seconds [Time delta from previous captured frame: 0.000010000 seconds] [Time delta from previous displayed frame: 0.496275000 seconds] [Time since reference or first frame: 12.226721000 seconds] Frame Number: 706 Frame Length: 638 bytes (5104 bits) Capture Length: 638 bytes (5104 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 624 Identification: 0xe1f1 (57841) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6483 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: globmsgsvc (2519), Seq: 96539, Ack: 899, Len: 584 Source port: http (80) Destination port: globmsgsvc (2519) [Stream index: 11] Sequence number: 96539 (relative sequence number) [Next sequence number: 97123 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x6e03 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 584] TCP segment data (584 bytes) [37 Reassembled TCP Segments (48561 bytes): #649(1380), #650(1380), #652(1380), #653(1380), #655(309), #656(1380), #658(1380), #659(1380), #661(1380), #662(1380), #664(1380), #665(1380), #667(1380), #668(1380), #670(1380), #671(1380), #673(] [Frame: 649, payload: 0-1379 (1380 bytes)] [Frame: 650, payload: 1380-2759 (1380 bytes)] [Frame: 652, payload: 2760-4139 (1380 bytes)] [Frame: 653, payload: 4140-5519 (1380 bytes)] [Frame: 655, payload: 5520-5828 (309 bytes)] [Frame: 656, payload: 5829-7208 (1380 bytes)] [Frame: 658, payload: 7209-8588 (1380 bytes)] [Frame: 659, payload: 8589-9968 (1380 bytes)] [Frame: 661, payload: 9969-11348 (1380 bytes)] [Frame: 662, payload: 11349-12728 (1380 bytes)] [Frame: 664, payload: 12729-14108 (1380 bytes)] [Frame: 665, payload: 14109-15488 (1380 bytes)] [Frame: 667, payload: 15489-16868 (1380 bytes)] [Frame: 668, payload: 16869-18248 (1380 bytes)] [Frame: 670, payload: 18249-19628 (1380 bytes)] [Frame: 671, payload: 19629-21008 (1380 bytes)] [Frame: 673, payload: 21009-21756 (748 bytes)] [Frame: 677, payload: 21757-23136 (1380 bytes)] [Frame: 679, payload: 23137-24516 (1380 bytes)] [Frame: 680, payload: 24517-25896 (1380 bytes)] [Frame: 682, payload: 25897-27276 (1380 bytes)] [Frame: 683, payload: 27277-28656 (1380 bytes)] [Frame: 685, payload: 28657-30036 (1380 bytes)] [Frame: 686, payload: 30037-31416 (1380 bytes)] [Frame: 688, payload: 31417-32796 (1380 bytes)] [Frame: 689, payload: 32797-34176 (1380 bytes)] [Frame: 691, payload: 34177-35556 (1380 bytes)] [Frame: 692, payload: 35557-36936 (1380 bytes)] [Frame: 694, payload: 36937-38316 (1380 bytes)] [Frame: 695, payload: 38317-39696 (1380 bytes)] [Frame: 697, payload: 39697-41076 (1380 bytes)] [Frame: 698, payload: 41077-42456 (1380 bytes)] [Frame: 700, payload: 42457-43836 (1380 bytes)] [Frame: 701, payload: 43837-45216 (1380 bytes)] [Frame: 703, payload: 45217-46596 (1380 bytes)] [Frame: 704, payload: 46597-47976 (1380 bytes)] [Frame: 706, payload: 47977-48560 (584 bytes)] [Segment count: 37] [Reassembled TCP length: 48561] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:21 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48221\r\n [Content length: 48221] Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:21 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5828 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 429 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 23 Remaining segment data (21 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 708 2012-06-20 08:38:40.248811 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 708: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:40.248811000 GMT Daylight Time Epoch Time: 1340177920.248811000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000304000 seconds] [Time since reference or first frame: 12.227025000 seconds] Frame Number: 708 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x234a (9034) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd885 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 1098, Ack: 97123, Len: 237 Source port: globmsgsvc (2519) Destination port: http (80) [Stream index: 11] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 97123 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x5e3b [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #707(199), #708(237)] [Frame: 707, payload: 0-198 (199 bytes)] [Frame: 708, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 773 2012-06-20 08:38:40.908058 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 773: 910 bytes on wire (7280 bits), 910 bytes captured (7280 bits) Arrival Time: Jun 20, 2012 08:38:40.908058000 GMT Daylight Time Epoch Time: 1340177920.908058000 seconds [Time delta from previous captured frame: 0.000055000 seconds] [Time delta from previous displayed frame: 0.659247000 seconds] [Time since reference or first frame: 12.886272000 seconds] Frame Number: 773 Frame Length: 910 bytes (7280 bits) Capture Length: 910 bytes (7280 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 896 Identification: 0xe219 (57881) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x634b [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: globmsgsvc (2519), Seq: 144828, Ack: 1335, Len: 856 Source port: http (80) Destination port: globmsgsvc (2519) [Stream index: 11] Sequence number: 144828 (relative sequence number) [Next sequence number: 145684 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x037f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2236] TCP segment data (856 bytes) [38 Reassembled TCP Segments (48561 bytes): #715(1380), #716(1380), #718(1380), #719(241), #721(1380), #722(68), #724(1380), #725(1380), #727(1380), #728(1380), #730(1380), #731(1380), #733(1380), #734(476), #736(1380), #737(1380), #739(138] [Frame: 715, payload: 0-1379 (1380 bytes)] [Frame: 716, payload: 1380-2759 (1380 bytes)] [Frame: 718, payload: 2760-4139 (1380 bytes)] [Frame: 719, payload: 4140-4380 (241 bytes)] [Frame: 721, payload: 4381-5760 (1380 bytes)] [Frame: 722, payload: 5761-5828 (68 bytes)] [Frame: 724, payload: 5829-7208 (1380 bytes)] [Frame: 725, payload: 7209-8588 (1380 bytes)] [Frame: 727, payload: 8589-9968 (1380 bytes)] [Frame: 728, payload: 9969-11348 (1380 bytes)] [Frame: 730, payload: 11349-12728 (1380 bytes)] [Frame: 731, payload: 12729-14108 (1380 bytes)] [Frame: 733, payload: 14109-15488 (1380 bytes)] [Frame: 734, payload: 15489-15964 (476 bytes)] [Frame: 736, payload: 15965-17344 (1380 bytes)] [Frame: 737, payload: 17345-18724 (1380 bytes)] [Frame: 739, payload: 18725-20104 (1380 bytes)] [Frame: 740, payload: 20105-21484 (1380 bytes)] [Frame: 742, payload: 21485-22864 (1380 bytes)] [Frame: 743, payload: 22865-24244 (1380 bytes)] [Frame: 745, payload: 24245-25624 (1380 bytes)] [Frame: 746, payload: 25625-27004 (1380 bytes)] [Frame: 748, payload: 27005-28384 (1380 bytes)] [Frame: 749, payload: 28385-29764 (1380 bytes)] [Frame: 751, payload: 29765-31144 (1380 bytes)] [Frame: 752, payload: 31145-32524 (1380 bytes)] [Frame: 754, payload: 32525-33904 (1380 bytes)] [Frame: 755, payload: 33905-35284 (1380 bytes)] [Frame: 757, payload: 35285-36664 (1380 bytes)] [Frame: 758, payload: 36665-38044 (1380 bytes)] [Frame: 760, payload: 38045-39424 (1380 bytes)] [Frame: 761, payload: 39425-40804 (1380 bytes)] [Frame: 763, payload: 40805-42184 (1380 bytes)] [Frame: 767, payload: 42185-43564 (1380 bytes)] [Frame: 769, payload: 43565-44944 (1380 bytes)] [Frame: 770, payload: 44945-46324 (1380 bytes)] [Frame: 772, payload: 46325-47704 (1380 bytes)] [Frame: 773, payload: 47705-48560 (856 bytes)] [Segment count: 38] [Reassembled TCP length: 48561] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:21 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48221\r\n [Content length: 48221] Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:21 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5828 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 429 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 23 Remaining segment data (21 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 775 2012-06-20 08:38:40.908361 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 775: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:40.908361000 GMT Daylight Time Epoch Time: 1340177920.908361000 seconds [Time delta from previous captured frame: 0.000280000 seconds] [Time delta from previous displayed frame: 0.000303000 seconds] [Time since reference or first frame: 12.886575000 seconds] Frame Number: 775 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x235e (9054) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd8d9 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 1335, Ack: 145684, Len: 133 Source port: globmsgsvc (2519) Destination port: http (80) [Stream index: 11] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 145684 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xcd1b [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] No. Time Source Destination Protocol Info 808 2012-06-20 08:38:41.475894 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 808: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:41.475894000 GMT Daylight Time Epoch Time: 1340177921.475894000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.567533000 seconds] [Time since reference or first frame: 13.454108000 seconds] Frame Number: 808 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x236b (9067) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd864 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 225, Ack: 1, Len: 237 Source port: adaptecmgr (2521) Destination port: http (80) [Stream index: 16] Sequence number: 225 (relative sequence number) [Next sequence number: 462 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc222 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 461] TCP segment data (237 bytes) [2 Reassembled TCP Segments (461 bytes): #807(224), #808(237)] [Frame: 807, payload: 0-223 (224 bytes)] [Frame: 808, payload: 224-460 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 461] Hypertext Transfer Protocol PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] eXtensible Markup Language No. Time Source Destination Protocol Info 817 2012-06-20 08:38:41.743526 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 817: 77 bytes on wire (616 bits), 77 bytes captured (616 bits) Arrival Time: Jun 20, 2012 08:38:41.743526000 GMT Daylight Time Epoch Time: 1340177921.743526000 seconds [Time delta from previous captured frame: 0.000006000 seconds] [Time delta from previous displayed frame: 0.267632000 seconds] [Time since reference or first frame: 13.721740000 seconds] Frame Number: 817 Frame Length: 77 bytes (616 bits) Capture Length: 77 bytes (616 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 63 Identification: 0xce08 (52744) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x7a9d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: adaptecmgr (2521), Seq: 4314, Ack: 462, Len: 23 Source port: http (80) Destination port: adaptecmgr (2521) [Stream index: 16] Sequence number: 4314 (relative sequence number) [Next sequence number: 4337 (relative sequence number)] Acknowledgement number: 462 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x38d2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 23] TCP segment data (23 bytes) [5 Reassembled TCP Segments (4336 bytes): #811(1380), #812(1380), #814(173), #815(1380), #817(23)] [Frame: 811, payload: 0-1379 (1380 bytes)] [Frame: 812, payload: 1380-2759 (1380 bytes)] [Frame: 814, payload: 2760-2932 (173 bytes)] [Frame: 815, payload: 2933-4312 (1380 bytes)] [Frame: 817, payload: 4313-4335 (23 bytes)] [Segment count: 5] [Reassembled TCP length: 4336] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:22 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 3997\r\n [Content length: 3997] Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:22 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 1106 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 64 Samples per line: 134 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 819 2012-06-20 08:38:41.743891 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 819: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:41.743891000 GMT Daylight Time Epoch Time: 1340177921.743891000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000365000 seconds] [Time since reference or first frame: 13.722105000 seconds] Frame Number: 819 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x236f (9071) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd860 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 660, Ack: 4337, Len: 237 Source port: adaptecmgr (2521) Destination port: http (80) [Stream index: 16] Sequence number: 660 (relative sequence number) [Next sequence number: 897 (relative sequence number)] Acknowledgement number: 4337 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xaf7f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 435] TCP segment data (237 bytes) [2 Reassembled TCP Segments (435 bytes): #818(198), #819(237)] [Frame: 818, payload: 0-197 (198 bytes)] [Frame: 819, payload: 198-434 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 435] Hypertext Transfer Protocol PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] eXtensible Markup Language No. Time Source Destination Protocol Info 829 2012-06-20 08:38:42.018389 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 829: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits) Arrival Time: Jun 20, 2012 08:38:42.018389000 GMT Daylight Time Epoch Time: 1340177922.018389000 seconds [Time delta from previous captured frame: 0.000031000 seconds] [Time delta from previous displayed frame: 0.274498000 seconds] [Time since reference or first frame: 13.996603000 seconds] Frame Number: 829 Frame Length: 250 bytes (2000 bits) Capture Length: 250 bytes (2000 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 236 Identification: 0xce0e (52750) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x79ea [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: adaptecmgr (2521), Seq: 8477, Ack: 897, Len: 196 Source port: http (80) Destination port: adaptecmgr (2521) [Stream index: 16] Sequence number: 8477 (relative sequence number) [Next sequence number: 8673 (relative sequence number)] Acknowledgement number: 897 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x2fe7 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1576] TCP segment data (196 bytes) [4 Reassembled TCP Segments (4336 bytes): #825(1380), #826(1380), #828(1380), #829(196)] [Frame: 825, payload: 0-1379 (1380 bytes)] [Frame: 826, payload: 1380-2759 (1380 bytes)] [Frame: 828, payload: 2760-4139 (1380 bytes)] [Frame: 829, payload: 4140-4335 (196 bytes)] [Segment count: 4] [Reassembled TCP length: 4336] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:23 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 3997\r\n [Content length: 3997] Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:23 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 1106 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 64 Samples per line: 134 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 832 2012-06-20 08:38:42.018686 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 832: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:42.018686000 GMT Daylight Time Epoch Time: 1340177922.018686000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000297000 seconds] [Time since reference or first frame: 13.996900000 seconds] Frame Number: 832 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2373 (9075) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd85c [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 1095, Ack: 8673, Len: 237 Source port: adaptecmgr (2521) Destination port: http (80) [Stream index: 16] Sequence number: 1095 (relative sequence number) [Next sequence number: 1332 (relative sequence number)] Acknowledgement number: 8673 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x9cdc [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 435] TCP segment data (237 bytes) [2 Reassembled TCP Segments (435 bytes): #831(198), #832(237)] [Frame: 831, payload: 0-197 (198 bytes)] [Frame: 832, payload: 198-434 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 435] Hypertext Transfer Protocol PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] eXtensible Markup Language No. Time Source Destination Protocol Info 840 2012-06-20 08:38:42.283564 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 840: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits) Arrival Time: Jun 20, 2012 08:38:42.283564000 GMT Daylight Time Epoch Time: 1340177922.283564000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.264878000 seconds] [Time since reference or first frame: 14.261778000 seconds] Frame Number: 840 Frame Length: 250 bytes (2000 bits) Capture Length: 250 bytes (2000 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 236 Identification: 0xce14 (52756) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x79e4 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: adaptecmgr (2521), Seq: 12813, Ack: 1332, Len: 196 Source port: http (80) Destination port: adaptecmgr (2521) [Stream index: 16] Sequence number: 12813 (relative sequence number) [Next sequence number: 13009 (relative sequence number)] Acknowledgement number: 1332 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x1d3f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1576] TCP segment data (196 bytes) [4 Reassembled TCP Segments (4336 bytes): #836(1380), #837(1380), #839(1380), #840(196)] [Frame: 836, payload: 0-1379 (1380 bytes)] [Frame: 837, payload: 1380-2759 (1380 bytes)] [Frame: 839, payload: 2760-4139 (1380 bytes)] [Frame: 840, payload: 4140-4335 (196 bytes)] [Segment count: 4] [Reassembled TCP length: 4336] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:23 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 3997\r\n [Content length: 3997] Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:23 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 1106 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 64 Samples per line: 134 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 842 2012-06-20 08:38:42.283843 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 842: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits) Arrival Time: Jun 20, 2012 08:38:42.283843000 GMT Daylight Time Epoch Time: 1340177922.283843000 seconds [Time delta from previous captured frame: 0.000267000 seconds] [Time delta from previous displayed frame: 0.000279000 seconds] [Time since reference or first frame: 14.262057000 seconds] Frame Number: 842 Frame Length: 186 bytes (1488 bits) Capture Length: 186 bytes (1488 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 172 Identification: 0x2376 (9078) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd8c2 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 1332, Ack: 13009, Len: 132 Source port: adaptecmgr (2521) Destination port: http (80) [Stream index: 16] Sequence number: 1332 (relative sequence number) [Next sequence number: 1464 (relative sequence number)] Acknowledgement number: 13009 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xa4cf [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 132] Hypertext Transfer Protocol HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] No. Time Source Destination Protocol Info 853 2012-06-20 08:38:42.553644 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 853: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:42.553644000 GMT Daylight Time Epoch Time: 1340177922.553644000 seconds [Time delta from previous captured frame: 0.000127000 seconds] [Time delta from previous displayed frame: 0.269801000 seconds] [Time since reference or first frame: 14.531858000 seconds] Frame Number: 853 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x237c (9084) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd853 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: windb (2522) Destination port: http (80) [Stream index: 17] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x4edd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #852(225), #853(237)] [Frame: 852, payload: 0-224 (225 bytes)] [Frame: 853, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 922 2012-06-20 08:38:43.108691 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 922: 1184 bytes on wire (9472 bits), 1184 bytes captured (9472 bits) Arrival Time: Jun 20, 2012 08:38:43.108691000 GMT Daylight Time Epoch Time: 1340177923.108691000 seconds [Time delta from previous captured frame: 0.000040000 seconds] [Time delta from previous displayed frame: 0.555047000 seconds] [Time since reference or first frame: 15.086905000 seconds] Frame Number: 922 Frame Length: 1184 bytes (9472 bits) Capture Length: 1184 bytes (9472 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1170 Identification: 0xc63b (50747) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x7e17 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: windb (2522), Seq: 47298, Ack: 463, Len: 1130 Source port: http (80) Destination port: windb (2522) [Stream index: 17] Sequence number: 47298 (relative sequence number) [Next sequence number: 48428 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x8677 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2510] TCP segment data (1130 bytes) [38 Reassembled TCP Segments (48427 bytes): #856(1380), #857(105), #859(1380), #860(1380), #862(136), #863(1380), #865(1380), #866(136), #868(1380), #869(1380), #879(1380), #880(1380), #882(1380), #883(1380), #885(1380), #886(1380), #888(13] [Frame: 856, payload: 0-1379 (1380 bytes)] [Frame: 857, payload: 1380-1484 (105 bytes)] [Frame: 859, payload: 1485-2864 (1380 bytes)] [Frame: 860, payload: 2865-4244 (1380 bytes)] [Frame: 862, payload: 4245-4380 (136 bytes)] [Frame: 863, payload: 4381-5760 (1380 bytes)] [Frame: 865, payload: 5761-7140 (1380 bytes)] [Frame: 866, payload: 7141-7276 (136 bytes)] [Frame: 868, payload: 7277-8656 (1380 bytes)] [Frame: 869, payload: 8657-10036 (1380 bytes)] [Frame: 879, payload: 10037-11416 (1380 bytes)] [Frame: 880, payload: 11417-12796 (1380 bytes)] [Frame: 882, payload: 12797-14176 (1380 bytes)] [Frame: 883, payload: 14177-15556 (1380 bytes)] [Frame: 885, payload: 15557-16936 (1380 bytes)] [Frame: 886, payload: 16937-18316 (1380 bytes)] [Frame: 888, payload: 18317-19696 (1380 bytes)] [Frame: 889, payload: 19697-21076 (1380 bytes)] [Frame: 891, payload: 21077-22456 (1380 bytes)] [Frame: 892, payload: 22457-23836 (1380 bytes)] [Frame: 894, payload: 23837-25216 (1380 bytes)] [Frame: 895, payload: 25217-26596 (1380 bytes)] [Frame: 897, payload: 26597-27976 (1380 bytes)] [Frame: 898, payload: 27977-29356 (1380 bytes)] [Frame: 900, payload: 29357-30736 (1380 bytes)] [Frame: 904, payload: 30737-32116 (1380 bytes)] [Frame: 906, payload: 32117-33496 (1380 bytes)] [Frame: 907, payload: 33497-34876 (1380 bytes)] [Frame: 909, payload: 34877-36256 (1380 bytes)] [Frame: 910, payload: 36257-37636 (1380 bytes)] [Frame: 912, payload: 37637-39016 (1380 bytes)] [Frame: 913, payload: 39017-40396 (1380 bytes)] [Frame: 915, payload: 40397-41776 (1380 bytes)] [Frame: 916, payload: 41777-43156 (1380 bytes)] [Frame: 918, payload: 43157-44536 (1380 bytes)] [Frame: 919, payload: 44537-45916 (1380 bytes)] [Frame: 921, payload: 45917-47296 (1380 bytes)] [Frame: 922, payload: 47297-48426 (1130 bytes)] [Segment count: 38] [Reassembled TCP length: 48427] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:23 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48087\r\n [Content length: 48087] Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:23 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5134 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 405 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 925 2012-06-20 08:38:43.109137 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 925: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:43.109137000 GMT Daylight Time Epoch Time: 1340177923.109137000 seconds [Time delta from previous captured frame: 0.000134000 seconds] [Time delta from previous displayed frame: 0.000446000 seconds] [Time since reference or first frame: 15.087351000 seconds] Frame Number: 925 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2391 (9105) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd83e [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 662, Ack: 48428, Len: 237 Source port: windb (2522) Destination port: http (80) [Stream index: 17] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 48428 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x8ffd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #924(199), #925(237)] [Frame: 924, payload: 0-198 (199 bytes)] [Frame: 925, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 985 2012-06-20 08:38:43.701965 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 985: 708 bytes on wire (5664 bits), 708 bytes captured (5664 bits) Arrival Time: Jun 20, 2012 08:38:43.701965000 GMT Daylight Time Epoch Time: 1340177923.701965000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.592828000 seconds] [Time since reference or first frame: 15.680179000 seconds] Frame Number: 985 Frame Length: 708 bytes (5664 bits) Capture Length: 708 bytes (5664 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 694 Identification: 0xc663 (50787) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x7fcb [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: windb (2522), Seq: 96201, Ack: 899, Len: 654 Source port: http (80) Destination port: windb (2522) [Stream index: 17] Sequence number: 96201 (relative sequence number) [Next sequence number: 96855 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xe9c6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2034] TCP segment data (654 bytes) [38 Reassembled TCP Segments (48427 bytes): #929(1380), #930(1380), #932(1380), #933(241), #935(1380), #936(1380), #938(1380), #939(1380), #941(272), #942(1380), #944(1380), #945(1380), #947(1380), #948(1380), #950(340), #952(1380), #954(13] [Frame: 929, payload: 0-1379 (1380 bytes)] [Frame: 930, payload: 1380-2759 (1380 bytes)] [Frame: 932, payload: 2760-4139 (1380 bytes)] [Frame: 933, payload: 4140-4380 (241 bytes)] [Frame: 935, payload: 4381-5760 (1380 bytes)] [Frame: 936, payload: 5761-7140 (1380 bytes)] [Frame: 938, payload: 7141-8520 (1380 bytes)] [Frame: 939, payload: 8521-9900 (1380 bytes)] [Frame: 941, payload: 9901-10172 (272 bytes)] [Frame: 942, payload: 10173-11552 (1380 bytes)] [Frame: 944, payload: 11553-12932 (1380 bytes)] [Frame: 945, payload: 12933-14312 (1380 bytes)] [Frame: 947, payload: 14313-15692 (1380 bytes)] [Frame: 948, payload: 15693-17072 (1380 bytes)] [Frame: 950, payload: 17073-17412 (340 bytes)] [Frame: 952, payload: 17413-18792 (1380 bytes)] [Frame: 954, payload: 18793-20172 (1380 bytes)] [Frame: 955, payload: 20173-21552 (1380 bytes)] [Frame: 957, payload: 21553-22932 (1380 bytes)] [Frame: 958, payload: 22933-24312 (1380 bytes)] [Frame: 960, payload: 24313-25692 (1380 bytes)] [Frame: 961, payload: 25693-27072 (1380 bytes)] [Frame: 963, payload: 27073-28452 (1380 bytes)] [Frame: 964, payload: 28453-29832 (1380 bytes)] [Frame: 966, payload: 29833-31212 (1380 bytes)] [Frame: 967, payload: 31213-32592 (1380 bytes)] [Frame: 969, payload: 32593-33972 (1380 bytes)] [Frame: 970, payload: 33973-35352 (1380 bytes)] [Frame: 972, payload: 35353-36732 (1380 bytes)] [Frame: 973, payload: 36733-38112 (1380 bytes)] [Frame: 975, payload: 38113-39492 (1380 bytes)] [Frame: 976, payload: 39493-40872 (1380 bytes)] [Frame: 978, payload: 40873-42252 (1380 bytes)] [Frame: 979, payload: 42253-43632 (1380 bytes)] [Frame: 981, payload: 43633-45012 (1380 bytes)] [Frame: 982, payload: 45013-46392 (1380 bytes)] [Frame: 984, payload: 46393-47772 (1380 bytes)] [Frame: 985, payload: 47773-48426 (654 bytes)] [Segment count: 38] [Reassembled TCP length: 48427] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:24 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48087\r\n [Content length: 48087] Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:24 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5134 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 405 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 988 2012-06-20 08:38:43.702392 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 988: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:43.702392000 GMT Daylight Time Epoch Time: 1340177923.702392000 seconds [Time delta from previous captured frame: 0.000106000 seconds] [Time delta from previous displayed frame: 0.000427000 seconds] [Time since reference or first frame: 15.680606000 seconds] Frame Number: 988 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x23a6 (9126) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd829 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 1098, Ack: 96855, Len: 237 Source port: windb (2522) Destination port: http (80) [Stream index: 17] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 96855 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xd11d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #987(199), #988(237)] [Frame: 987, payload: 0-198 (199 bytes)] [Frame: 988, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 1051 2012-06-20 08:38:44.157166 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1051: 300 bytes on wire (2400 bits), 300 bytes captured (2400 bits) Arrival Time: Jun 20, 2012 08:38:44.157166000 GMT Daylight Time Epoch Time: 1340177924.157166000 seconds [Time delta from previous captured frame: 0.000017000 seconds] [Time delta from previous displayed frame: 0.454774000 seconds] [Time since reference or first frame: 16.135380000 seconds] Frame Number: 1051 Frame Length: 300 bytes (2400 bits) Capture Length: 300 bytes (2400 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 286 Identification: 0xc68c (50828) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x813a [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: windb (2522), Seq: 145036, Ack: 1335, Len: 246 Source port: http (80) Destination port: windb (2522) [Stream index: 17] Sequence number: 145036 (relative sequence number) [Next sequence number: 145282 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x0713 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 246] TCP segment data (246 bytes) [39 Reassembled TCP Segments (48427 bytes): #993(1380), #994(1380), #996(1380), #997(241), #999(1380), #1000(1380), #1003(1380), #1004(1380), #1006(272), #1007(1380), #1009(1380), #1010(1380), #1012(1380), #1013(1380), #1015(340), #1016(138] [Frame: 993, payload: 0-1379 (1380 bytes)] [Frame: 994, payload: 1380-2759 (1380 bytes)] [Frame: 996, payload: 2760-4139 (1380 bytes)] [Frame: 997, payload: 4140-4380 (241 bytes)] [Frame: 999, payload: 4381-5760 (1380 bytes)] [Frame: 1000, payload: 5761-7140 (1380 bytes)] [Frame: 1003, payload: 7141-8520 (1380 bytes)] [Frame: 1004, payload: 8521-9900 (1380 bytes)] [Frame: 1006, payload: 9901-10172 (272 bytes)] [Frame: 1007, payload: 10173-11552 (1380 bytes)] [Frame: 1009, payload: 11553-12932 (1380 bytes)] [Frame: 1010, payload: 12933-14312 (1380 bytes)] [Frame: 1012, payload: 14313-15692 (1380 bytes)] [Frame: 1013, payload: 15693-17072 (1380 bytes)] [Frame: 1015, payload: 17073-17412 (340 bytes)] [Frame: 1016, payload: 17413-18792 (1380 bytes)] [Frame: 1018, payload: 18793-20172 (1380 bytes)] [Frame: 1019, payload: 20173-21552 (1380 bytes)] [Frame: 1021, payload: 21553-22932 (1380 bytes)] [Frame: 1022, payload: 22933-24312 (1380 bytes)] [Frame: 1024, payload: 24313-25692 (1380 bytes)] [Frame: 1025, payload: 25693-26100 (408 bytes)] [Frame: 1027, payload: 26101-27480 (1380 bytes)] [Frame: 1028, payload: 27481-28860 (1380 bytes)] [Frame: 1030, payload: 28861-30240 (1380 bytes)] [Frame: 1031, payload: 30241-31620 (1380 bytes)] [Frame: 1033, payload: 31621-33000 (1380 bytes)] [Frame: 1034, payload: 33001-34380 (1380 bytes)] [Frame: 1036, payload: 34381-35760 (1380 bytes)] [Frame: 1037, payload: 35761-37140 (1380 bytes)] [Frame: 1039, payload: 37141-38520 (1380 bytes)] [Frame: 1040, payload: 38521-39900 (1380 bytes)] [Frame: 1042, payload: 39901-41280 (1380 bytes)] [Frame: 1043, payload: 41281-42660 (1380 bytes)] [Frame: 1045, payload: 42661-44040 (1380 bytes)] [Frame: 1046, payload: 44041-45420 (1380 bytes)] [Frame: 1048, payload: 45421-46800 (1380 bytes)] [Frame: 1049, payload: 46801-48180 (1380 bytes)] [Frame: 1051, payload: 48181-48426 (246 bytes)] [Segment count: 39] [Reassembled TCP length: 48427] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:25 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48087\r\n [Content length: 48087] Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:25 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5134 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 405 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1052 2012-06-20 08:38:44.157532 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 1052: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:44.157532000 GMT Daylight Time Epoch Time: 1340177924.157532000 seconds [Time delta from previous captured frame: 0.000366000 seconds] [Time delta from previous displayed frame: 0.000366000 seconds] [Time since reference or first frame: 16.135746000 seconds] Frame Number: 1052 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x23ba (9146) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd87d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 1335, Ack: 145282, Len: 133 Source port: windb (2522) Destination port: http (80) [Stream index: 17] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 145282 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0x3b8c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1051] [The RTT to ACK the segment was: 0.000366000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] No. Time Source Destination Protocol Info 1063 2012-06-20 08:38:44.429431 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 1063: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:44.429431000 GMT Daylight Time Epoch Time: 1340177924.429431000 seconds [Time delta from previous captured frame: 0.000137000 seconds] [Time delta from previous displayed frame: 0.271899000 seconds] [Time since reference or first frame: 16.407645000 seconds] Frame Number: 1063 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x23c0 (9152) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd80f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237 Source port: qke-llc-v3 (2523) Destination port: http (80) [Stream index: 19] Sequence number: 227 (relative sequence number) [Next sequence number: 464 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x354f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 463] TCP segment data (237 bytes) [2 Reassembled TCP Segments (463 bytes): #1062(226), #1063(237)] [Frame: 1062, payload: 0-225 (226 bytes)] [Frame: 1063, payload: 226-462 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 463] Hypertext Transfer Protocol PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1114 2012-06-20 08:38:44.979192 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1114: 331 bytes on wire (2648 bits), 331 bytes captured (2648 bits) Arrival Time: Jun 20, 2012 08:38:44.979192000 GMT Daylight Time Epoch Time: 1340177924.979192000 seconds [Time delta from previous captured frame: 0.000016000 seconds] [Time delta from previous displayed frame: 0.549761000 seconds] [Time since reference or first frame: 16.957406000 seconds] Frame Number: 1114 Frame Length: 331 bytes (2648 bits) Capture Length: 331 bytes (2648 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 317 Identification: 0x667b (26235) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xe12c [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: qke-llc-v3 (2523), Seq: 35014, Ack: 464, Len: 277 Source port: http (80) Destination port: qke-llc-v3 (2523) [Stream index: 19] Sequence number: 35014 (relative sequence number) [Next sequence number: 35291 (relative sequence number)] Acknowledgement number: 464 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xa8e1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 277] TCP segment data (277 bytes) [27 Reassembled TCP Segments (35290 bytes): #1068(1380), #1069(1380), #1071(1380), #1072(1380), #1074(1380), #1075(1380), #1077(1380), #1078(513), #1081(1380), #1082(1380), #1084(1380), #1085(1380), #1087(1380), #1088(1380), #1090(1380), #1] [Frame: 1068, payload: 0-1379 (1380 bytes)] [Frame: 1069, payload: 1380-2759 (1380 bytes)] [Frame: 1071, payload: 2760-4139 (1380 bytes)] [Frame: 1072, payload: 4140-5519 (1380 bytes)] [Frame: 1074, payload: 5520-6899 (1380 bytes)] [Frame: 1075, payload: 6900-8279 (1380 bytes)] [Frame: 1077, payload: 8280-9659 (1380 bytes)] [Frame: 1078, payload: 9660-10172 (513 bytes)] [Frame: 1081, payload: 10173-11552 (1380 bytes)] [Frame: 1082, payload: 11553-12932 (1380 bytes)] [Frame: 1084, payload: 12933-14312 (1380 bytes)] [Frame: 1085, payload: 14313-15692 (1380 bytes)] [Frame: 1087, payload: 15693-17072 (1380 bytes)] [Frame: 1088, payload: 17073-18452 (1380 bytes)] [Frame: 1090, payload: 18453-19832 (1380 bytes)] [Frame: 1091, payload: 19833-21212 (1380 bytes)] [Frame: 1093, payload: 21213-22592 (1380 bytes)] [Frame: 1094, payload: 22593-23972 (1380 bytes)] [Frame: 1096, payload: 23973-25352 (1380 bytes)] [Frame: 1103, payload: 25353-26732 (1380 bytes)] [Frame: 1105, payload: 26733-28112 (1380 bytes)] [Frame: 1106, payload: 28113-29492 (1380 bytes)] [Frame: 1108, payload: 29493-30872 (1380 bytes)] [Frame: 1109, payload: 30873-32252 (1380 bytes)] [Frame: 1111, payload: 32253-33632 (1380 bytes)] [Frame: 1112, payload: 33633-35012 (1380 bytes)] [Frame: 1114, payload: 35013-35289 (277 bytes)] [Segment count: 27] [Reassembled TCP length: 35290] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:25 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 34949\r\n [Content length: 34949] Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:25 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7221 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 238 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1116 2012-06-20 08:38:44.979626 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 1116: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:44.979626000 GMT Daylight Time Epoch Time: 1340177924.979626000 seconds [Time delta from previous captured frame: 0.000103000 seconds] [Time delta from previous displayed frame: 0.000434000 seconds] [Time since reference or first frame: 16.957840000 seconds] Frame Number: 1116 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x23d2 (9170) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7fd [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 664, Ack: 35291, Len: 237 Source port: qke-llc-v3 (2523) Destination port: http (80) [Stream index: 19] Sequence number: 664 (relative sequence number) [Next sequence number: 901 (relative sequence number)] Acknowledgement number: 35291 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0xa9c0 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #1115(200), #1116(237)] [Frame: 1115, payload: 0-199 (200 bytes)] [Frame: 1116, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1168 2012-06-20 08:38:45.401594 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1168: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Arrival Time: Jun 20, 2012 08:38:45.401594000 GMT Daylight Time Epoch Time: 1340177925.401594000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.421968000 seconds] [Time since reference or first frame: 17.379808000 seconds] Frame Number: 1168 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 00 Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 45 Identification: 0x669a (26266) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xe21d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: qke-llc-v3 (2523), Seq: 70576, Ack: 901, Len: 5 Source port: http (80) Destination port: qke-llc-v3 (2523) [Stream index: 19] Sequence number: 70576 (relative sequence number) [Next sequence number: 70581 (relative sequence number)] Acknowledgement number: 901 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xae64 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 5] TCP segment data (5 bytes) [29 Reassembled TCP Segments (35290 bytes): #1124(1380), #1125(105), #1127(1380), #1128(1380), #1130(1380), #1131(1380), #1133(1380), #1134(1380), #1136(1380), #1137(1380), #1139(1380), #1140(612), #1142(1380), #1143(68), #1147(1380), #1148] [Frame: 1124, payload: 0-1379 (1380 bytes)] [Frame: 1125, payload: 1380-1484 (105 bytes)] [Frame: 1127, payload: 1485-2864 (1380 bytes)] [Frame: 1128, payload: 2865-4244 (1380 bytes)] [Frame: 1130, payload: 4245-5624 (1380 bytes)] [Frame: 1131, payload: 5625-7004 (1380 bytes)] [Frame: 1133, payload: 7005-8384 (1380 bytes)] [Frame: 1134, payload: 8385-9764 (1380 bytes)] [Frame: 1136, payload: 9765-11144 (1380 bytes)] [Frame: 1137, payload: 11145-12524 (1380 bytes)] [Frame: 1139, payload: 12525-13904 (1380 bytes)] [Frame: 1140, payload: 13905-14516 (612 bytes)] [Frame: 1142, payload: 14517-15896 (1380 bytes)] [Frame: 1143, payload: 15897-15964 (68 bytes)] [Frame: 1147, payload: 15965-17344 (1380 bytes)] [Frame: 1148, payload: 17345-18724 (1380 bytes)] [Frame: 1150, payload: 18725-20104 (1380 bytes)] [Frame: 1151, payload: 20105-21484 (1380 bytes)] [Frame: 1153, payload: 21485-22864 (1380 bytes)] [Frame: 1154, payload: 22865-24244 (1380 bytes)] [Frame: 1156, payload: 24245-25624 (1380 bytes)] [Frame: 1157, payload: 25625-27004 (1380 bytes)] [Frame: 1159, payload: 27005-28384 (1380 bytes)] [Frame: 1160, payload: 28385-29764 (1380 bytes)] [Frame: 1162, payload: 29765-31144 (1380 bytes)] [Frame: 1163, payload: 31145-32524 (1380 bytes)] [Frame: 1165, payload: 32525-33904 (1380 bytes)] [Frame: 1166, payload: 33905-35284 (1380 bytes)] [Frame: 1168, payload: 35285-35289 (5 bytes)] [Segment count: 29] [Reassembled TCP length: 35290] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:26 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 34949\r\n [Content length: 34949] Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:26 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7221 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 238 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1170 2012-06-20 08:38:45.401945 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 1170: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:45.401945000 GMT Daylight Time Epoch Time: 1340177925.401945000 seconds [Time delta from previous captured frame: 0.000103000 seconds] [Time delta from previous displayed frame: 0.000351000 seconds] [Time since reference or first frame: 17.380159000 seconds] Frame Number: 1170 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x23e2 (9186) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7ed [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 1101, Ack: 70581, Len: 237 Source port: qke-llc-v3 (2523) Destination port: http (80) [Stream index: 19] Sequence number: 1101 (relative sequence number) [Next sequence number: 1338 (relative sequence number)] Acknowledgement number: 70581 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x1e30 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #1169(200), #1170(237)] [Frame: 1169, payload: 0-199 (200 bytes)] [Frame: 1170, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1218 2012-06-20 08:38:45.821609 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1218: 1031 bytes on wire (8248 bits), 1031 bytes captured (8248 bits) Arrival Time: Jun 20, 2012 08:38:45.821609000 GMT Daylight Time Epoch Time: 1340177925.821609000 seconds [Time delta from previous captured frame: 0.000016000 seconds] [Time delta from previous displayed frame: 0.419664000 seconds] [Time since reference or first frame: 17.799823000 seconds] Frame Number: 1218 Frame Length: 1031 bytes (8248 bits) Capture Length: 1031 bytes (8248 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1017 Identification: 0x66b8 (26296) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xde33 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: qke-llc-v3 (2523), Seq: 104894, Ack: 1338, Len: 977 Source port: http (80) Destination port: qke-llc-v3 (2523) [Stream index: 19] Sequence number: 104894 (relative sequence number) [Next sequence number: 105871 (relative sequence number)] Acknowledgement number: 1338 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x2028 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2357] TCP segment data (977 bytes) [28 Reassembled TCP Segments (35290 bytes): #1178(1380), #1179(1380), #1181(1380), #1182(241), #1184(1380), #1185(1380), #1187(1380), #1188(1380), #1190(1380), #1191(1380), #1193(408), #1194(1380), #1196(1380), #1197(1380), #1199(1380), #12] [Frame: 1178, payload: 0-1379 (1380 bytes)] [Frame: 1179, payload: 1380-2759 (1380 bytes)] [Frame: 1181, payload: 2760-4139 (1380 bytes)] [Frame: 1182, payload: 4140-4380 (241 bytes)] [Frame: 1184, payload: 4381-5760 (1380 bytes)] [Frame: 1185, payload: 5761-7140 (1380 bytes)] [Frame: 1187, payload: 7141-8520 (1380 bytes)] [Frame: 1188, payload: 8521-9900 (1380 bytes)] [Frame: 1190, payload: 9901-11280 (1380 bytes)] [Frame: 1191, payload: 11281-12660 (1380 bytes)] [Frame: 1193, payload: 12661-13068 (408 bytes)] [Frame: 1194, payload: 13069-14448 (1380 bytes)] [Frame: 1196, payload: 14449-15828 (1380 bytes)] [Frame: 1197, payload: 15829-17208 (1380 bytes)] [Frame: 1199, payload: 17209-18588 (1380 bytes)] [Frame: 1200, payload: 18589-19968 (1380 bytes)] [Frame: 1202, payload: 19969-21348 (1380 bytes)] [Frame: 1203, payload: 21349-22728 (1380 bytes)] [Frame: 1205, payload: 22729-24108 (1380 bytes)] [Frame: 1206, payload: 24109-24652 (544 bytes)] [Frame: 1208, payload: 24653-26032 (1380 bytes)] [Frame: 1209, payload: 26033-27412 (1380 bytes)] [Frame: 1211, payload: 27413-28792 (1380 bytes)] [Frame: 1212, payload: 28793-30172 (1380 bytes)] [Frame: 1214, payload: 30173-31552 (1380 bytes)] [Frame: 1215, payload: 31553-32932 (1380 bytes)] [Frame: 1217, payload: 32933-34312 (1380 bytes)] [Frame: 1218, payload: 34313-35289 (977 bytes)] [Segment count: 28] [Reassembled TCP length: 35290] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:26 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 34949\r\n [Content length: 34949] Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:26 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7221 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 238 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1220 2012-06-20 08:38:45.821976 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 1220: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits) Arrival Time: Jun 20, 2012 08:38:45.821976000 GMT Daylight Time Epoch Time: 1340177925.821976000 seconds [Time delta from previous captured frame: 0.000316000 seconds] [Time delta from previous displayed frame: 0.000367000 seconds] [Time since reference or first frame: 17.800190000 seconds] Frame Number: 1220 Frame Length: 188 bytes (1504 bits) Capture Length: 188 bytes (1504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 174 Identification: 0x23f2 (9202) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd844 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 1338, Ack: 105871, Len: 134 Source port: qke-llc-v3 (2523) Destination port: http (80) [Stream index: 19] Sequence number: 1338 (relative sequence number) [Next sequence number: 1472 (relative sequence number)] Acknowledgement number: 105871 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xdb9d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 134] Hypertext Transfer Protocol HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] No. Time Source Destination Protocol Info 1235 2012-06-20 08:38:46.090606 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 1235: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:46.090606000 GMT Daylight Time Epoch Time: 1340177926.090606000 seconds [Time delta from previous captured frame: 0.000131000 seconds] [Time delta from previous displayed frame: 0.268630000 seconds] [Time since reference or first frame: 18.068820000 seconds] Frame Number: 1235 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x23f8 (9208) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7d7 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237 Source port: optiwave-lm (2524) Destination port: http (80) [Stream index: 21] Sequence number: 227 (relative sequence number) [Next sequence number: 464 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x8d88 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 463] TCP segment data (237 bytes) [2 Reassembled TCP Segments (463 bytes): #1234(226), #1235(237)] [Frame: 1234, payload: 0-225 (226 bytes)] [Frame: 1235, payload: 226-462 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 463] Hypertext Transfer Protocol PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1277 2012-06-20 08:38:46.657150 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1277: 1288 bytes on wire (10304 bits), 1288 bytes captured (10304 bits) Arrival Time: Jun 20, 2012 08:38:46.657150000 GMT Daylight Time Epoch Time: 1340177926.657150000 seconds [Time delta from previous captured frame: 0.000035000 seconds] [Time delta from previous displayed frame: 0.566544000 seconds] [Time since reference or first frame: 18.635364000 seconds] Frame Number: 1277 Frame Length: 1288 bytes (10304 bits) Capture Length: 1288 bytes (10304 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1274 Identification: 0xbf05 (48901) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x84e5 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: optiwave-lm (2524), Seq: 26734, Ack: 464, Len: 1234 Source port: http (80) Destination port: optiwave-lm (2524) [Stream index: 21] Sequence number: 26734 (relative sequence number) [Next sequence number: 27968 (relative sequence number)] Acknowledgement number: 464 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x94a6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2614] TCP segment data (1234 bytes) [22 Reassembled TCP Segments (27967 bytes): #1241(1380), #1242(1380), #1244(1380), #1245(241), #1247(1380), #1248(1380), #1250(1380), #1251(1380), #1253(272), #1257(1380), #1259(1380), #1260(1380), #1262(1380), #1263(1380), #1265(1380), #12] [Frame: 1241, payload: 0-1379 (1380 bytes)] [Frame: 1242, payload: 1380-2759 (1380 bytes)] [Frame: 1244, payload: 2760-4139 (1380 bytes)] [Frame: 1245, payload: 4140-4380 (241 bytes)] [Frame: 1247, payload: 4381-5760 (1380 bytes)] [Frame: 1248, payload: 5761-7140 (1380 bytes)] [Frame: 1250, payload: 7141-8520 (1380 bytes)] [Frame: 1251, payload: 8521-9900 (1380 bytes)] [Frame: 1253, payload: 9901-10172 (272 bytes)] [Frame: 1257, payload: 10173-11552 (1380 bytes)] [Frame: 1259, payload: 11553-12932 (1380 bytes)] [Frame: 1260, payload: 12933-14312 (1380 bytes)] [Frame: 1262, payload: 14313-15692 (1380 bytes)] [Frame: 1263, payload: 15693-17072 (1380 bytes)] [Frame: 1265, payload: 17073-18452 (1380 bytes)] [Frame: 1266, payload: 18453-19832 (1380 bytes)] [Frame: 1268, payload: 19833-21212 (1380 bytes)] [Frame: 1269, payload: 21213-22592 (1380 bytes)] [Frame: 1271, payload: 22593-23972 (1380 bytes)] [Frame: 1274, payload: 23973-25352 (1380 bytes)] [Frame: 1276, payload: 25353-26732 (1380 bytes)] [Frame: 1277, payload: 26733-27966 (1234 bytes)] [Segment count: 22] [Reassembled TCP length: 27967] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:27 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 27627\r\n [Content length: 27627] Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:27 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6304 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 237 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1280 2012-06-20 08:38:46.657560 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 1280: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:46.657560000 GMT Daylight Time Epoch Time: 1340177926.657560000 seconds [Time delta from previous captured frame: 0.000132000 seconds] [Time delta from previous displayed frame: 0.000410000 seconds] [Time since reference or first frame: 18.635774000 seconds] Frame Number: 1280 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2405 (9221) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7ca [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 664, Ack: 27968, Len: 237 Source port: optiwave-lm (2524) Destination port: http (80) [Stream index: 21] Sequence number: 664 (relative sequence number) [Next sequence number: 901 (relative sequence number)] Acknowledgement number: 27968 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x1e94 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #1279(200), #1280(237)] [Frame: 1279, payload: 0-199 (200 bytes)] [Frame: 1280, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1319 2012-06-20 08:38:47.066469 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1319: 1220 bytes on wire (9760 bits), 1220 bytes captured (9760 bits) Arrival Time: Jun 20, 2012 08:38:47.066469000 GMT Daylight Time Epoch Time: 1340177927.066469000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.408909000 seconds] [Time since reference or first frame: 19.044683000 seconds] Frame Number: 1319 Frame Length: 1220 bytes (9760 bits) Capture Length: 1220 bytes (9760 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1206 Identification: 0xbf1e (48926) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x8510 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: optiwave-lm (2524), Seq: 54769, Ack: 901, Len: 1166 Source port: http (80) Destination port: optiwave-lm (2524) [Stream index: 21] Sequence number: 54769 (relative sequence number) [Next sequence number: 55935 (relative sequence number)] Acknowledgement number: 901 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x2016 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1166] TCP segment data (1166 bytes) [23 Reassembled TCP Segments (27967 bytes): #1285(1380), #1286(1380), #1288(1380), #1289(241), #1291(1380), #1292(1380), #1294(1380), #1295(1380), #1297(272), #1298(1380), #1300(68), #1302(1380), #1304(1380), #1305(1380), #1307(1380), #1308] [Frame: 1285, payload: 0-1379 (1380 bytes)] [Frame: 1286, payload: 1380-2759 (1380 bytes)] [Frame: 1288, payload: 2760-4139 (1380 bytes)] [Frame: 1289, payload: 4140-4380 (241 bytes)] [Frame: 1291, payload: 4381-5760 (1380 bytes)] [Frame: 1292, payload: 5761-7140 (1380 bytes)] [Frame: 1294, payload: 7141-8520 (1380 bytes)] [Frame: 1295, payload: 8521-9900 (1380 bytes)] [Frame: 1297, payload: 9901-10172 (272 bytes)] [Frame: 1298, payload: 10173-11552 (1380 bytes)] [Frame: 1300, payload: 11553-11620 (68 bytes)] [Frame: 1302, payload: 11621-13000 (1380 bytes)] [Frame: 1304, payload: 13001-14380 (1380 bytes)] [Frame: 1305, payload: 14381-15760 (1380 bytes)] [Frame: 1307, payload: 15761-17140 (1380 bytes)] [Frame: 1308, payload: 17141-18520 (1380 bytes)] [Frame: 1310, payload: 18521-19900 (1380 bytes)] [Frame: 1311, payload: 19901-21280 (1380 bytes)] [Frame: 1313, payload: 21281-22660 (1380 bytes)] [Frame: 1314, payload: 22661-24040 (1380 bytes)] [Frame: 1316, payload: 24041-25420 (1380 bytes)] [Frame: 1317, payload: 25421-26800 (1380 bytes)] [Frame: 1319, payload: 26801-27966 (1166 bytes)] [Segment count: 23] [Reassembled TCP length: 27967] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:27 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 27627\r\n [Content length: 27627] Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:27 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6304 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 237 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1321 2012-06-20 08:38:47.066763 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 1321: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:47.066763000 GMT Daylight Time Epoch Time: 1340177927.066763000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000294000 seconds] [Time since reference or first frame: 19.044977000 seconds] Frame Number: 1321 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2412 (9234) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7bd [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 1101, Ack: 55935, Len: 237 Source port: optiwave-lm (2524) Destination port: http (80) [Stream index: 21] Sequence number: 1101 (relative sequence number) [Next sequence number: 1338 (relative sequence number)] Acknowledgement number: 55935 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 254 [Calculated window size: 65024] [Window size scaling factor: 256] Checksum: 0xafa3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #1320(200), #1321(237)] [Frame: 1320, payload: 0-199 (200 bytes)] [Frame: 1321, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1360 2012-06-20 08:38:47.486388 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1360: 948 bytes on wire (7584 bits), 948 bytes captured (7584 bits) Arrival Time: Jun 20, 2012 08:38:47.486388000 GMT Daylight Time Epoch Time: 1340177927.486388000 seconds [Time delta from previous captured frame: 0.000008000 seconds] [Time delta from previous displayed frame: 0.419625000 seconds] [Time since reference or first frame: 19.464602000 seconds] Frame Number: 1360 Frame Length: 948 bytes (7584 bits) Capture Length: 948 bytes (7584 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 934 Identification: 0xbf37 (48951) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x8607 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: optiwave-lm (2524), Seq: 83008, Ack: 1338, Len: 894 Source port: http (80) Destination port: optiwave-lm (2524) [Stream index: 21] Sequence number: 83008 (relative sequence number) [Next sequence number: 83902 (relative sequence number)] Acknowledgement number: 1338 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x953f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 894] TCP segment data (894 bytes) [23 Reassembled TCP Segments (27967 bytes): #1327(1380), #1328(1380), #1330(1380), #1331(241), #1333(1380), #1334(1380), #1336(1380), #1337(1380), #1339(272), #1340(1380), #1342(1380), #1343(1380), #1345(1380), #1346(1380), #1348(340), #134] [Frame: 1327, payload: 0-1379 (1380 bytes)] [Frame: 1328, payload: 1380-2759 (1380 bytes)] [Frame: 1330, payload: 2760-4139 (1380 bytes)] [Frame: 1331, payload: 4140-4380 (241 bytes)] [Frame: 1333, payload: 4381-5760 (1380 bytes)] [Frame: 1334, payload: 5761-7140 (1380 bytes)] [Frame: 1336, payload: 7141-8520 (1380 bytes)] [Frame: 1337, payload: 8521-9900 (1380 bytes)] [Frame: 1339, payload: 9901-10172 (272 bytes)] [Frame: 1340, payload: 10173-11552 (1380 bytes)] [Frame: 1342, payload: 11553-12932 (1380 bytes)] [Frame: 1343, payload: 12933-14312 (1380 bytes)] [Frame: 1345, payload: 14313-15692 (1380 bytes)] [Frame: 1346, payload: 15693-17072 (1380 bytes)] [Frame: 1348, payload: 17073-17412 (340 bytes)] [Frame: 1349, payload: 17413-18792 (1380 bytes)] [Frame: 1351, payload: 18793-20172 (1380 bytes)] [Frame: 1352, payload: 20173-21552 (1380 bytes)] [Frame: 1354, payload: 21553-22932 (1380 bytes)] [Frame: 1355, payload: 22933-24312 (1380 bytes)] [Frame: 1357, payload: 24313-25692 (1380 bytes)] [Frame: 1358, payload: 25693-27072 (1380 bytes)] [Frame: 1360, payload: 27073-27966 (894 bytes)] [Segment count: 23] [Reassembled TCP length: 27967] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:28 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 27627\r\n [Content length: 27627] Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:28 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6304 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 237 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1361 2012-06-20 08:38:47.486649 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 1361: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits) Arrival Time: Jun 20, 2012 08:38:47.486649000 GMT Daylight Time Epoch Time: 1340177927.486649000 seconds [Time delta from previous captured frame: 0.000261000 seconds] [Time delta from previous displayed frame: 0.000261000 seconds] [Time since reference or first frame: 19.464863000 seconds] Frame Number: 1361 Frame Length: 188 bytes (1504 bits) Capture Length: 188 bytes (1504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 174 Identification: 0x241e (9246) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd818 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 1338, Ack: 83902, Len: 134 Source port: optiwave-lm (2524) Destination port: http (80) [Stream index: 21] Sequence number: 1338 (relative sequence number) [Next sequence number: 1472 (relative sequence number)] Acknowledgement number: 83902 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x8aac [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1360] [The RTT to ACK the segment was: 0.000261000 seconds] [Bytes in flight: 134] Hypertext Transfer Protocol HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] No. Time Source Destination Protocol Info 1375 2012-06-20 08:38:47.757852 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 1375: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:47.757852000 GMT Daylight Time Epoch Time: 1340177927.757852000 seconds [Time delta from previous captured frame: 0.000132000 seconds] [Time delta from previous displayed frame: 0.271203000 seconds] [Time since reference or first frame: 19.736066000 seconds] Frame Number: 1375 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2424 (9252) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7ab [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: ms-v-worlds (2525) Destination port: http (80) [Stream index: 22] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x58a4 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #1374(225), #1375(237)] [Frame: 1374, payload: 0-224 (225 bytes)] [Frame: 1375, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1437 2012-06-20 08:38:48.313092 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1437: 1089 bytes on wire (8712 bits), 1089 bytes captured (8712 bits) Arrival Time: Jun 20, 2012 08:38:48.313092000 GMT Daylight Time Epoch Time: 1340177928.313092000 seconds [Time delta from previous captured frame: 0.000240000 seconds] [Time delta from previous displayed frame: 0.555240000 seconds] [Time since reference or first frame: 20.291306000 seconds] Frame Number: 1437 Frame Length: 1089 bytes (8712 bits) Capture Length: 1089 bytes (8712 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1075 Identification: 0x0f9d (3997) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x3515 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ms-v-worlds (2525), Seq: 45850, Ack: 463, Len: 1035 Source port: http (80) Destination port: ms-v-worlds (2525) [Stream index: 22] Sequence number: 45850 (relative sequence number) [Next sequence number: 46885 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x18ed [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1035] TCP segment data (1035 bytes) [35 Reassembled TCP Segments (46884 bytes): #1385(1380), #1386(1380), #1388(1380), #1389(1380), #1391(309), #1392(1380), #1394(1380), #1395(1380), #1397(1380), #1398(1380), #1401(1380), #1402(1380), #1404(1380), #1405(1380), #1407(1380), #1] [Frame: 1385, payload: 0-1379 (1380 bytes)] [Frame: 1386, payload: 1380-2759 (1380 bytes)] [Frame: 1388, payload: 2760-4139 (1380 bytes)] [Frame: 1389, payload: 4140-5519 (1380 bytes)] [Frame: 1391, payload: 5520-5828 (309 bytes)] [Frame: 1392, payload: 5829-7208 (1380 bytes)] [Frame: 1394, payload: 7209-8588 (1380 bytes)] [Frame: 1395, payload: 8589-9968 (1380 bytes)] [Frame: 1397, payload: 9969-11348 (1380 bytes)] [Frame: 1398, payload: 11349-12728 (1380 bytes)] [Frame: 1401, payload: 12729-14108 (1380 bytes)] [Frame: 1402, payload: 14109-15488 (1380 bytes)] [Frame: 1404, payload: 15489-16868 (1380 bytes)] [Frame: 1405, payload: 16869-18248 (1380 bytes)] [Frame: 1407, payload: 18249-19628 (1380 bytes)] [Frame: 1408, payload: 19629-21008 (1380 bytes)] [Frame: 1410, payload: 21009-22388 (1380 bytes)] [Frame: 1411, payload: 22389-23768 (1380 bytes)] [Frame: 1413, payload: 23769-25148 (1380 bytes)] [Frame: 1414, payload: 25149-26528 (1380 bytes)] [Frame: 1416, payload: 26529-27908 (1380 bytes)] [Frame: 1417, payload: 27909-29288 (1380 bytes)] [Frame: 1419, payload: 29289-30668 (1380 bytes)] [Frame: 1420, payload: 30669-32048 (1380 bytes)] [Frame: 1422, payload: 32049-33428 (1380 bytes)] [Frame: 1423, payload: 33429-34808 (1380 bytes)] [Frame: 1425, payload: 34809-36188 (1380 bytes)] [Frame: 1426, payload: 36189-37568 (1380 bytes)] [Frame: 1428, payload: 37569-38948 (1380 bytes)] [Frame: 1429, payload: 38949-40328 (1380 bytes)] [Frame: 1431, payload: 40329-41708 (1380 bytes)] [Frame: 1432, payload: 41709-43088 (1380 bytes)] [Frame: 1434, payload: 43089-44468 (1380 bytes)] [Frame: 1435, payload: 44469-45848 (1380 bytes)] [Frame: 1437, payload: 45849-46883 (1035 bytes)] [Segment count: 35] [Reassembled TCP length: 46884] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:29 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 46544\r\n [Content length: 46544] Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:29 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 80\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7881 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1439 2012-06-20 08:38:48.313541 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 1439: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:48.313541000 GMT Daylight Time Epoch Time: 1340177928.313541000 seconds [Time delta from previous captured frame: 0.000134000 seconds] [Time delta from previous displayed frame: 0.000449000 seconds] [Time since reference or first frame: 20.291755000 seconds] Frame Number: 1439 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2439 (9273) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd796 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 662, Ack: 46885, Len: 237 Source port: ms-v-worlds (2525) Destination port: http (80) [Stream index: 22] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 46885 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 254 [Calculated window size: 65024] [Window size scaling factor: 256] Checksum: 0x9fcf [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #1438(199), #1439(237)] [Frame: 1438, payload: 0-198 (199 bytes)] [Frame: 1439, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1499 2012-06-20 08:38:48.767498 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1499: 477 bytes on wire (3816 bits), 477 bytes captured (3816 bits) Arrival Time: Jun 20, 2012 08:38:48.767498000 GMT Daylight Time Epoch Time: 1340177928.767498000 seconds [Time delta from previous captured frame: 0.000010000 seconds] [Time delta from previous displayed frame: 0.453957000 seconds] [Time since reference or first frame: 20.745712000 seconds] Frame Number: 1499 Frame Length: 477 bytes (3816 bits) Capture Length: 477 bytes (3816 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 463 Identification: 0x0fc4 (4036) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x3752 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ms-v-worlds (2525), Seq: 93346, Ack: 899, Len: 423 Source port: http (80) Destination port: ms-v-worlds (2525) [Stream index: 22] Sequence number: 93346 (relative sequence number) [Next sequence number: 93769 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xb2c0 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 423] TCP segment data (423 bytes) [37 Reassembled TCP Segments (46884 bytes): #1443(1380), #1444(105), #1446(1380), #1447(1380), #1449(1380), #1450(1380), #1452(1380), #1453(1380), #1455(1380), #1456(1380), #1458(1380), #1459(612), #1461(1380), #1462(1380), #1464(1380), #14] [Frame: 1443, payload: 0-1379 (1380 bytes)] [Frame: 1444, payload: 1380-1484 (105 bytes)] [Frame: 1446, payload: 1485-2864 (1380 bytes)] [Frame: 1447, payload: 2865-4244 (1380 bytes)] [Frame: 1449, payload: 4245-5624 (1380 bytes)] [Frame: 1450, payload: 5625-7004 (1380 bytes)] [Frame: 1452, payload: 7005-8384 (1380 bytes)] [Frame: 1453, payload: 8385-9764 (1380 bytes)] [Frame: 1455, payload: 9765-11144 (1380 bytes)] [Frame: 1456, payload: 11145-12524 (1380 bytes)] [Frame: 1458, payload: 12525-13904 (1380 bytes)] [Frame: 1459, payload: 13905-14516 (612 bytes)] [Frame: 1461, payload: 14517-15896 (1380 bytes)] [Frame: 1462, payload: 15897-17276 (1380 bytes)] [Frame: 1464, payload: 17277-18656 (1380 bytes)] [Frame: 1465, payload: 18657-18860 (204 bytes)] [Frame: 1469, payload: 18861-20240 (1380 bytes)] [Frame: 1470, payload: 20241-21620 (1380 bytes)] [Frame: 1472, payload: 21621-23000 (1380 bytes)] [Frame: 1473, payload: 23001-24380 (1380 bytes)] [Frame: 1475, payload: 24381-25760 (1380 bytes)] [Frame: 1476, payload: 25761-27140 (1380 bytes)] [Frame: 1478, payload: 27141-28520 (1380 bytes)] [Frame: 1479, payload: 28521-29900 (1380 bytes)] [Frame: 1481, payload: 29901-31280 (1380 bytes)] [Frame: 1482, payload: 31281-32660 (1380 bytes)] [Frame: 1484, payload: 32661-34040 (1380 bytes)] [Frame: 1485, payload: 34041-35420 (1380 bytes)] [Frame: 1487, payload: 35421-36800 (1380 bytes)] [Frame: 1488, payload: 36801-38180 (1380 bytes)] [Frame: 1490, payload: 38181-39560 (1380 bytes)] [Frame: 1491, payload: 39561-40940 (1380 bytes)] [Frame: 1493, payload: 40941-42320 (1380 bytes)] [Frame: 1494, payload: 42321-43700 (1380 bytes)] [Frame: 1496, payload: 43701-45080 (1380 bytes)] [Frame: 1497, payload: 45081-46460 (1380 bytes)] [Frame: 1499, payload: 46461-46883 (423 bytes)] [Segment count: 37] [Reassembled TCP length: 46884] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:29 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 46544\r\n [Content length: 46544] Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:29 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 80\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7881 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1501 2012-06-20 08:38:48.767869 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 1501: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:48.767869000 GMT Daylight Time Epoch Time: 1340177928.767869000 seconds [Time delta from previous captured frame: 0.000061000 seconds] [Time delta from previous displayed frame: 0.000371000 seconds] [Time since reference or first frame: 20.746083000 seconds] Frame Number: 1501 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x244d (9293) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd782 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 1098, Ack: 93769, Len: 237 Source port: ms-v-worlds (2525) Destination port: http (80) [Stream index: 22] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 93769 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0xe6f3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #1500(199), #1501(237)] [Frame: 1500, payload: 0-198 (199 bytes)] [Frame: 1501, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1567 2012-06-20 08:38:49.201113 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1567: 1381 bytes on wire (11048 bits), 1381 bytes captured (11048 bits) Arrival Time: Jun 20, 2012 08:38:49.201113000 GMT Daylight Time Epoch Time: 1340177929.201113000 seconds [Time delta from previous captured frame: 0.000181000 seconds] [Time delta from previous displayed frame: 0.433244000 seconds] [Time since reference or first frame: 21.179327000 seconds] Frame Number: 1567 Frame Length: 1381 bytes (11048 bits) Capture Length: 1381 bytes (11048 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1367 Identification: 0x0fee (4078) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x33a0 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ms-v-worlds (2525), Seq: 139326, Ack: 1335, Len: 1327 Source port: http (80) Destination port: ms-v-worlds (2525) [Stream index: 22] Sequence number: 139326 (relative sequence number) [Next sequence number: 140653 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x8d78 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2707] TCP segment data (1327 bytes) [40 Reassembled TCP Segments (46884 bytes): #1507(1380), #1508(105), #1510(1380), #1511(1380), #1513(1380), #1514(1380), #1516(1380), #1517(1380), #1519(408), #1520(1380), #1522(1380), #1523(1380), #1525(204), #1526(1380), #1528(68), #1529(] [Frame: 1507, payload: 0-1379 (1380 bytes)] [Frame: 1508, payload: 1380-1484 (105 bytes)] [Frame: 1510, payload: 1485-2864 (1380 bytes)] [Frame: 1511, payload: 2865-4244 (1380 bytes)] [Frame: 1513, payload: 4245-5624 (1380 bytes)] [Frame: 1514, payload: 5625-7004 (1380 bytes)] [Frame: 1516, payload: 7005-8384 (1380 bytes)] [Frame: 1517, payload: 8385-9764 (1380 bytes)] [Frame: 1519, payload: 9765-10172 (408 bytes)] [Frame: 1520, payload: 10173-11552 (1380 bytes)] [Frame: 1522, payload: 11553-12932 (1380 bytes)] [Frame: 1523, payload: 12933-14312 (1380 bytes)] [Frame: 1525, payload: 14313-14516 (204 bytes)] [Frame: 1526, payload: 14517-15896 (1380 bytes)] [Frame: 1528, payload: 15897-15964 (68 bytes)] [Frame: 1529, payload: 15965-17344 (1380 bytes)] [Frame: 1531, payload: 17345-17412 (68 bytes)] [Frame: 1532, payload: 17413-18792 (1380 bytes)] [Frame: 1534, payload: 18793-18860 (68 bytes)] [Frame: 1535, payload: 18861-20240 (1380 bytes)] [Frame: 1537, payload: 20241-21620 (1380 bytes)] [Frame: 1538, payload: 21621-23000 (1380 bytes)] [Frame: 1540, payload: 23001-24380 (1380 bytes)] [Frame: 1541, payload: 24381-25760 (1380 bytes)] [Frame: 1543, payload: 25761-27140 (1380 bytes)] [Frame: 1544, payload: 27141-28520 (1380 bytes)] [Frame: 1546, payload: 28521-28996 (476 bytes)] [Frame: 1549, payload: 28997-30376 (1380 bytes)] [Frame: 1551, payload: 30377-31756 (1380 bytes)] [Frame: 1552, payload: 31757-33136 (1380 bytes)] [Frame: 1554, payload: 33137-34516 (1380 bytes)] [Frame: 1555, payload: 34517-35896 (1380 bytes)] [Frame: 1557, payload: 35897-37276 (1380 bytes)] [Frame: 1558, payload: 37277-38656 (1380 bytes)] [Frame: 1560, payload: 38657-40036 (1380 bytes)] [Frame: 1561, payload: 40037-41416 (1380 bytes)] [Frame: 1563, payload: 41417-42796 (1380 bytes)] [Frame: 1564, payload: 42797-44176 (1380 bytes)] [Frame: 1566, payload: 44177-45556 (1380 bytes)] [Frame: 1567, payload: 45557-46883 (1327 bytes)] [Segment count: 40] [Reassembled TCP length: 46884] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:30 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 46544\r\n [Content length: 46544] Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:30 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 80\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7881 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1569 2012-06-20 08:38:49.201401 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 1569: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:49.201401000 GMT Daylight Time Epoch Time: 1340177929.201401000 seconds [Time delta from previous captured frame: 0.000223000 seconds] [Time delta from previous displayed frame: 0.000288000 seconds] [Time since reference or first frame: 21.179615000 seconds] Frame Number: 1569 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2462 (9314) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7d5 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 1335, Ack: 140653, Len: 133 Source port: ms-v-worlds (2525) Destination port: http (80) [Stream index: 22] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 140653 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x5c71 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] No. Time Source Destination Protocol Info 1582 2012-06-20 08:38:49.470670 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 1582: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:49.470670000 GMT Daylight Time Epoch Time: 1340177929.470670000 seconds [Time delta from previous captured frame: 0.000130000 seconds] [Time delta from previous displayed frame: 0.269269000 seconds] [Time since reference or first frame: 21.448884000 seconds] Frame Number: 1582 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2468 (9320) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd767 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: ema-sent-lm (2526) Destination port: http (80) [Stream index: 25] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x6522 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #1581(225), #1582(237)] [Frame: 1581, payload: 0-224 (225 bytes)] [Frame: 1582, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1626 2012-06-20 08:38:50.094913 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1626: 1013 bytes on wire (8104 bits), 1013 bytes captured (8104 bits) Arrival Time: Jun 20, 2012 08:38:50.094913000 GMT Daylight Time Epoch Time: 1340177930.094913000 seconds [Time delta from previous captured frame: 0.000154000 seconds] [Time delta from previous displayed frame: 0.624243000 seconds] [Time since reference or first frame: 22.073127000 seconds] Frame Number: 1626 Frame Length: 1013 bytes (8104 bits) Capture Length: 1013 bytes (8104 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 999 Identification: 0x4180 (16768) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x037e [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ema-sent-lm (2526), Seq: 34946, Ack: 463, Len: 959 Source port: http (80) Destination port: ema-sent-lm (2526) [Stream index: 25] Sequence number: 34946 (relative sequence number) [Next sequence number: 35905 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xecbe [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 959] TCP segment data (959 bytes) [27 Reassembled TCP Segments (35904 bytes): #1586(1380), #1587(1380), #1589(1380), #1590(1380), #1592(1380), #1593(1380), #1595(445), #1596(1380), #1598(1380), #1599(1380), #1601(1380), #1602(1380), #1604(1380), #1605(1380), #1607(1380), #1] [Frame: 1586, payload: 0-1379 (1380 bytes)] [Frame: 1587, payload: 1380-2759 (1380 bytes)] [Frame: 1589, payload: 2760-4139 (1380 bytes)] [Frame: 1590, payload: 4140-5519 (1380 bytes)] [Frame: 1592, payload: 5520-6899 (1380 bytes)] [Frame: 1593, payload: 6900-8279 (1380 bytes)] [Frame: 1595, payload: 8280-8724 (445 bytes)] [Frame: 1596, payload: 8725-10104 (1380 bytes)] [Frame: 1598, payload: 10105-11484 (1380 bytes)] [Frame: 1599, payload: 11485-12864 (1380 bytes)] [Frame: 1601, payload: 12865-14244 (1380 bytes)] [Frame: 1602, payload: 14245-15624 (1380 bytes)] [Frame: 1604, payload: 15625-17004 (1380 bytes)] [Frame: 1605, payload: 17005-18384 (1380 bytes)] [Frame: 1607, payload: 18385-19764 (1380 bytes)] [Frame: 1608, payload: 19765-21144 (1380 bytes)] [Frame: 1610, payload: 21145-22524 (1380 bytes)] [Frame: 1611, payload: 22525-23904 (1380 bytes)] [Frame: 1613, payload: 23905-25284 (1380 bytes)] [Frame: 1615, payload: 25285-26664 (1380 bytes)] [Frame: 1617, payload: 26665-28044 (1380 bytes)] [Frame: 1618, payload: 28045-29424 (1380 bytes)] [Frame: 1620, payload: 29425-30804 (1380 bytes)] [Frame: 1621, payload: 30805-32184 (1380 bytes)] [Frame: 1623, payload: 32185-33564 (1380 bytes)] [Frame: 1624, payload: 33565-34944 (1380 bytes)] [Frame: 1626, payload: 34945-35903 (959 bytes)] [Segment count: 27] [Reassembled TCP length: 35904] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:30 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 35564\r\n [Content length: 35564] Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:30 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7094 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1628 2012-06-20 08:38:50.095397 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 1628: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:50.095397000 GMT Daylight Time Epoch Time: 1340177930.095397000 seconds [Time delta from previous captured frame: 0.000135000 seconds] [Time delta from previous displayed frame: 0.000484000 seconds] [Time since reference or first frame: 22.073611000 seconds] Frame Number: 1628 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2477 (9335) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd758 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 662, Ack: 35905, Len: 237 Source port: ema-sent-lm (2526) Destination port: http (80) [Stream index: 25] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 35905 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0xd730 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #1627(199), #1628(237)] [Frame: 1627, payload: 0-198 (199 bytes)] [Frame: 1628, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1675 2012-06-20 08:38:50.508214 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1675: 469 bytes on wire (3752 bits), 469 bytes captured (3752 bits) Arrival Time: Jun 20, 2012 08:38:50.508214000 GMT Daylight Time Epoch Time: 1340177930.508214000 seconds [Time delta from previous captured frame: 0.000016000 seconds] [Time delta from previous displayed frame: 0.412817000 seconds] [Time since reference or first frame: 22.486428000 seconds] Frame Number: 1675 Frame Length: 469 bytes (3752 bits) Capture Length: 469 bytes (3752 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 455 Identification: 0x419f (16799) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x057f [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ema-sent-lm (2526), Seq: 71394, Ack: 899, Len: 415 Source port: http (80) Destination port: ema-sent-lm (2526) [Stream index: 25] Sequence number: 71394 (relative sequence number) [Next sequence number: 71809 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x426d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 415] TCP segment data (415 bytes) [29 Reassembled TCP Segments (35904 bytes): #1632(1380), #1633(1380), #1635(1380), #1636(241), #1638(1380), #1639(1380), #1641(1380), #1642(1380), #1644(1380), #1645(1380), #1647(1380), #1648(476), #1650(1380), #1651(1380), #1653(1380), #16] [Frame: 1632, payload: 0-1379 (1380 bytes)] [Frame: 1633, payload: 1380-2759 (1380 bytes)] [Frame: 1635, payload: 2760-4139 (1380 bytes)] [Frame: 1636, payload: 4140-4380 (241 bytes)] [Frame: 1638, payload: 4381-5760 (1380 bytes)] [Frame: 1639, payload: 5761-7140 (1380 bytes)] [Frame: 1641, payload: 7141-8520 (1380 bytes)] [Frame: 1642, payload: 8521-9900 (1380 bytes)] [Frame: 1644, payload: 9901-11280 (1380 bytes)] [Frame: 1645, payload: 11281-12660 (1380 bytes)] [Frame: 1647, payload: 12661-14040 (1380 bytes)] [Frame: 1648, payload: 14041-14516 (476 bytes)] [Frame: 1650, payload: 14517-15896 (1380 bytes)] [Frame: 1651, payload: 15897-17276 (1380 bytes)] [Frame: 1653, payload: 17277-18656 (1380 bytes)] [Frame: 1654, payload: 18657-20036 (1380 bytes)] [Frame: 1656, payload: 20037-20308 (272 bytes)] [Frame: 1658, payload: 20309-21688 (1380 bytes)] [Frame: 1660, payload: 21689-23068 (1380 bytes)] [Frame: 1661, payload: 23069-24448 (1380 bytes)] [Frame: 1663, payload: 24449-25828 (1380 bytes)] [Frame: 1664, payload: 25829-27208 (1380 bytes)] [Frame: 1666, payload: 27209-28588 (1380 bytes)] [Frame: 1667, payload: 28589-29968 (1380 bytes)] [Frame: 1669, payload: 29969-31348 (1380 bytes)] [Frame: 1670, payload: 31349-32728 (1380 bytes)] [Frame: 1672, payload: 32729-34108 (1380 bytes)] [Frame: 1673, payload: 34109-35488 (1380 bytes)] [Frame: 1675, payload: 35489-35903 (415 bytes)] [Segment count: 29] [Reassembled TCP length: 35904] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:31 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 35564\r\n [Content length: 35564] Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:31 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7094 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1677 2012-06-20 08:38:50.508701 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 1677: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:50.508701000 GMT Daylight Time Epoch Time: 1340177930.508701000 seconds [Time delta from previous captured frame: 0.000099000 seconds] [Time delta from previous displayed frame: 0.000487000 seconds] [Time since reference or first frame: 22.486915000 seconds] Frame Number: 1677 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2487 (9351) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd748 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 1098, Ack: 71809, Len: 237 Source port: ema-sent-lm (2526) Destination port: http (80) [Stream index: 25] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 71809 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0x493a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #1676(199), #1677(237)] [Frame: 1676, payload: 0-198 (199 bytes)] [Frame: 1677, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1724 2012-06-20 08:38:50.904470 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1724: 1305 bytes on wire (10440 bits), 1305 bytes captured (10440 bits) Arrival Time: Jun 20, 2012 08:38:50.904470000 GMT Daylight Time Epoch Time: 1340177930.904470000 seconds [Time delta from previous captured frame: 0.000124000 seconds] [Time delta from previous displayed frame: 0.395769000 seconds] [Time since reference or first frame: 22.882684000 seconds] Frame Number: 1724 Frame Length: 1305 bytes (10440 bits) Capture Length: 1305 bytes (10440 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1291 Identification: 0x41bd (16829) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x021d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ema-sent-lm (2526), Seq: 106462, Ack: 1335, Len: 1251 Source port: http (80) Destination port: ema-sent-lm (2526) [Stream index: 25] Sequence number: 106462 (relative sequence number) [Next sequence number: 107713 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xac86 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2631] TCP segment data (1251 bytes) [28 Reassembled TCP Segments (35904 bytes): #1684(1380), #1685(1380), #1687(1380), #1688(1380), #1690(309), #1691(1380), #1693(1380), #1694(1380), #1696(1380), #1697(1380), #1699(340), #1700(1380), #1702(1380), #1703(1380), #1705(1380), #17] [Frame: 1684, payload: 0-1379 (1380 bytes)] [Frame: 1685, payload: 1380-2759 (1380 bytes)] [Frame: 1687, payload: 2760-4139 (1380 bytes)] [Frame: 1688, payload: 4140-5519 (1380 bytes)] [Frame: 1690, payload: 5520-5828 (309 bytes)] [Frame: 1691, payload: 5829-7208 (1380 bytes)] [Frame: 1693, payload: 7209-8588 (1380 bytes)] [Frame: 1694, payload: 8589-9968 (1380 bytes)] [Frame: 1696, payload: 9969-11348 (1380 bytes)] [Frame: 1697, payload: 11349-12728 (1380 bytes)] [Frame: 1699, payload: 12729-13068 (340 bytes)] [Frame: 1700, payload: 13069-14448 (1380 bytes)] [Frame: 1702, payload: 14449-15828 (1380 bytes)] [Frame: 1703, payload: 15829-17208 (1380 bytes)] [Frame: 1705, payload: 17209-18588 (1380 bytes)] [Frame: 1706, payload: 18589-19968 (1380 bytes)] [Frame: 1708, payload: 19969-21348 (1380 bytes)] [Frame: 1709, payload: 21349-22728 (1380 bytes)] [Frame: 1711, payload: 22729-24108 (1380 bytes)] [Frame: 1712, payload: 24109-25488 (1380 bytes)] [Frame: 1714, payload: 25489-26868 (1380 bytes)] [Frame: 1715, payload: 26869-28248 (1380 bytes)] [Frame: 1717, payload: 28249-29628 (1380 bytes)] [Frame: 1718, payload: 29629-31008 (1380 bytes)] [Frame: 1720, payload: 31009-31892 (884 bytes)] [Frame: 1721, payload: 31893-33272 (1380 bytes)] [Frame: 1723, payload: 33273-34652 (1380 bytes)] [Frame: 1724, payload: 34653-35903 (1251 bytes)] [Segment count: 28] [Reassembled TCP length: 35904] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:31 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 35564\r\n [Content length: 35564] Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:31 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7094 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1726 2012-06-20 08:38:50.904750 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 1726: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:50.904750000 GMT Daylight Time Epoch Time: 1340177930.904750000 seconds [Time delta from previous captured frame: 0.000228000 seconds] [Time delta from previous displayed frame: 0.000280000 seconds] [Time since reference or first frame: 22.882964000 seconds] Frame Number: 1726 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2496 (9366) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd7a1 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 1335, Ack: 107713, Len: 133 Source port: ema-sent-lm (2526) Destination port: http (80) [Stream index: 25] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 107713 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xe99c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] No. Time Source Destination Protocol Info 1738 2012-06-20 08:38:51.208825 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 1738: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:51.208825000 GMT Daylight Time Epoch Time: 1340177931.208825000 seconds [Time delta from previous captured frame: 0.000130000 seconds] [Time delta from previous displayed frame: 0.304075000 seconds] [Time since reference or first frame: 23.187039000 seconds] Frame Number: 1738 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x249c (9372) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd733 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: iqserver (2527) Destination port: http (80) [Stream index: 26] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x6d0e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #1737(225), #1738(237)] [Frame: 1737, payload: 0-224 (225 bytes)] [Frame: 1738, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1804 2012-06-20 08:38:51.783098 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1804: 349 bytes on wire (2792 bits), 349 bytes captured (2792 bits) Arrival Time: Jun 20, 2012 08:38:51.783098000 GMT Daylight Time Epoch Time: 1340177931.783098000 seconds [Time delta from previous captured frame: 0.000016000 seconds] [Time delta from previous displayed frame: 0.574273000 seconds] [Time since reference or first frame: 23.761312000 seconds] Frame Number: 1804 Frame Length: 349 bytes (2792 bits) Capture Length: 349 bytes (2792 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 335 Identification: 0xdb28 (56104) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6c6d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: iqserver (2527), Seq: 52886, Ack: 463, Len: 295 Source port: http (80) Destination port: iqserver (2527) [Stream index: 26] Sequence number: 52886 (relative sequence number) [Next sequence number: 53181 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xd054 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1675] TCP segment data (295 bytes) [40 Reassembled TCP Segments (53180 bytes): #1744(1380), #1745(1380), #1747(1380), #1748(1380), #1750(1380), #1751(1380), #1753(445), #1754(1380), #1756(1380), #1757(1380), #1759(1380), #1760(1380), #1762(1380), #1763(1380), #1765(1380), #1] [Frame: 1744, payload: 0-1379 (1380 bytes)] [Frame: 1745, payload: 1380-2759 (1380 bytes)] [Frame: 1747, payload: 2760-4139 (1380 bytes)] [Frame: 1748, payload: 4140-5519 (1380 bytes)] [Frame: 1750, payload: 5520-6899 (1380 bytes)] [Frame: 1751, payload: 6900-8279 (1380 bytes)] [Frame: 1753, payload: 8280-8724 (445 bytes)] [Frame: 1754, payload: 8725-10104 (1380 bytes)] [Frame: 1756, payload: 10105-11484 (1380 bytes)] [Frame: 1757, payload: 11485-12864 (1380 bytes)] [Frame: 1759, payload: 12865-14244 (1380 bytes)] [Frame: 1760, payload: 14245-15624 (1380 bytes)] [Frame: 1762, payload: 15625-17004 (1380 bytes)] [Frame: 1763, payload: 17005-18384 (1380 bytes)] [Frame: 1765, payload: 18385-19764 (1380 bytes)] [Frame: 1766, payload: 19765-21144 (1380 bytes)] [Frame: 1768, payload: 21145-22524 (1380 bytes)] [Frame: 1769, payload: 22525-23904 (1380 bytes)] [Frame: 1771, payload: 23905-25284 (1380 bytes)] [Frame: 1772, payload: 25285-26664 (1380 bytes)] [Frame: 1774, payload: 26665-28044 (1380 bytes)] [Frame: 1775, payload: 28045-29424 (1380 bytes)] [Frame: 1777, payload: 29425-30804 (1380 bytes)] [Frame: 1778, payload: 30805-32184 (1380 bytes)] [Frame: 1780, payload: 32185-33564 (1380 bytes)] [Frame: 1783, payload: 33565-34944 (1380 bytes)] [Frame: 1785, payload: 34945-36324 (1380 bytes)] [Frame: 1786, payload: 36325-37704 (1380 bytes)] [Frame: 1788, payload: 37705-39084 (1380 bytes)] [Frame: 1789, payload: 39085-40464 (1380 bytes)] [Frame: 1791, payload: 40465-41844 (1380 bytes)] [Frame: 1792, payload: 41845-43224 (1380 bytes)] [Frame: 1794, payload: 43225-44604 (1380 bytes)] [Frame: 1795, payload: 44605-45984 (1380 bytes)] [Frame: 1797, payload: 45985-47364 (1380 bytes)] [Frame: 1798, payload: 47365-48744 (1380 bytes)] [Frame: 1800, payload: 48745-50124 (1380 bytes)] [Frame: 1801, payload: 50125-51504 (1380 bytes)] [Frame: 1803, payload: 51505-52884 (1380 bytes)] [Frame: 1804, payload: 52885-53179 (295 bytes)] [Segment count: 40] [Reassembled TCP length: 53180] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:32 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 52840\r\n [Content length: 52840] Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:32 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 70\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10026 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 379 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1807 2012-06-20 08:38:51.783561 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 1807: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:51.783561000 GMT Daylight Time Epoch Time: 1340177931.783561000 seconds [Time delta from previous captured frame: 0.000109000 seconds] [Time delta from previous displayed frame: 0.000463000 seconds] [Time since reference or first frame: 23.761775000 seconds] Frame Number: 1807 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x24b2 (9394) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd71d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 662, Ack: 53181, Len: 237 Source port: iqserver (2527) Destination port: http (80) [Stream index: 26] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 53181 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x9b9d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #1806(199), #1807(237)] [Frame: 1806, payload: 0-198 (199 bytes)] [Frame: 1807, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1874 2012-06-20 08:38:52.198366 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1874: 1389 bytes on wire (11112 bits), 1389 bytes captured (11112 bits) Arrival Time: Jun 20, 2012 08:38:52.198366000 GMT Daylight Time Epoch Time: 1340177932.198366000 seconds [Time delta from previous captured frame: 0.000172000 seconds] [Time delta from previous displayed frame: 0.414805000 seconds] [Time since reference or first frame: 24.176580000 seconds] Frame Number: 1874 Frame Length: 1389 bytes (11112 bits) Capture Length: 1389 bytes (11112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1375 Identification: 0xdb54 (56148) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6831 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: iqserver (2527), Seq: 105026, Ack: 899, Len: 1335 Source port: http (80) Destination port: iqserver (2527) [Stream index: 26] Sequence number: 105026 (relative sequence number) [Next sequence number: 106361 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xbe40 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2715] TCP segment data (1335 bytes) [42 Reassembled TCP Segments (53180 bytes): #1811(1380), #1812(1380), #1814(173), #1815(1380), #1817(1380), #1818(136), #1820(1380), #1821(1380), #1823(1380), #1824(1380), #1826(1380), #1827(1380), #1829(408), #1830(1380), #1832(68), #1833(] [Frame: 1811, payload: 0-1379 (1380 bytes)] [Frame: 1812, payload: 1380-2759 (1380 bytes)] [Frame: 1814, payload: 2760-2932 (173 bytes)] [Frame: 1815, payload: 2933-4312 (1380 bytes)] [Frame: 1817, payload: 4313-5692 (1380 bytes)] [Frame: 1818, payload: 5693-5828 (136 bytes)] [Frame: 1820, payload: 5829-7208 (1380 bytes)] [Frame: 1821, payload: 7209-8588 (1380 bytes)] [Frame: 1823, payload: 8589-9968 (1380 bytes)] [Frame: 1824, payload: 9969-11348 (1380 bytes)] [Frame: 1826, payload: 11349-12728 (1380 bytes)] [Frame: 1827, payload: 12729-14108 (1380 bytes)] [Frame: 1829, payload: 14109-14516 (408 bytes)] [Frame: 1830, payload: 14517-15896 (1380 bytes)] [Frame: 1832, payload: 15897-15964 (68 bytes)] [Frame: 1833, payload: 15965-17344 (1380 bytes)] [Frame: 1835, payload: 17345-18724 (1380 bytes)] [Frame: 1836, payload: 18725-20104 (1380 bytes)] [Frame: 1838, payload: 20105-21484 (1380 bytes)] [Frame: 1839, payload: 21485-22864 (1380 bytes)] [Frame: 1841, payload: 22865-24244 (1380 bytes)] [Frame: 1842, payload: 24245-25624 (1380 bytes)] [Frame: 1844, payload: 25625-27004 (1380 bytes)] [Frame: 1847, payload: 27005-28384 (1380 bytes)] [Frame: 1849, payload: 28385-29764 (1380 bytes)] [Frame: 1850, payload: 29765-31144 (1380 bytes)] [Frame: 1852, payload: 31145-32524 (1380 bytes)] [Frame: 1853, payload: 32525-33904 (1380 bytes)] [Frame: 1855, payload: 33905-35284 (1380 bytes)] [Frame: 1856, payload: 35285-36664 (1380 bytes)] [Frame: 1858, payload: 36665-38044 (1380 bytes)] [Frame: 1859, payload: 38045-39424 (1380 bytes)] [Frame: 1861, payload: 39425-40804 (1380 bytes)] [Frame: 1862, payload: 40805-42184 (1380 bytes)] [Frame: 1864, payload: 42185-43564 (1380 bytes)] [Frame: 1865, payload: 43565-44944 (1380 bytes)] [Frame: 1867, payload: 44945-46324 (1380 bytes)] [Frame: 1868, payload: 46325-47704 (1380 bytes)] [Frame: 1870, payload: 47705-49084 (1380 bytes)] [Frame: 1871, payload: 49085-50464 (1380 bytes)] [Frame: 1873, payload: 50465-51844 (1380 bytes)] [Frame: 1874, payload: 51845-53179 (1335 bytes)] [Segment count: 42] [Reassembled TCP length: 53180] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:33 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 52840\r\n [Content length: 52840] Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:33 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 70\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10026 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 379 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1877 2012-06-20 08:38:52.198694 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 1877: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:52.198694000 GMT Daylight Time Epoch Time: 1340177932.198694000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000328000 seconds] [Time since reference or first frame: 24.176908000 seconds] Frame Number: 1877 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x24c9 (9417) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd706 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 1098, Ack: 106361, Len: 237 Source port: iqserver (2527) Destination port: http (80) [Stream index: 26] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 106361 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xca2c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #1876(199), #1877(237)] [Frame: 1876, payload: 0-198 (199 bytes)] [Frame: 1877, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 1947 2012-06-20 08:38:52.618470 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 1947: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits) Arrival Time: Jun 20, 2012 08:38:52.618470000 GMT Daylight Time Epoch Time: 1340177932.618470000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.419776000 seconds] [Time since reference or first frame: 24.596684000 seconds] Frame Number: 1947 Frame Length: 777 bytes (6216 bits) Capture Length: 777 bytes (6216 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 763 Identification: 0xdb80 (56192) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6a69 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: iqserver (2527), Seq: 158818, Ack: 1335, Len: 723 Source port: http (80) Destination port: iqserver (2527) [Stream index: 26] Sequence number: 158818 (relative sequence number) [Next sequence number: 159541 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xab3f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2103] TCP segment data (723 bytes) [42 Reassembled TCP Segments (53180 bytes): #1886(1380), #1887(1380), #1889(1380), #1890(1380), #1892(1380), #1893(1380), #1895(445), #1896(1380), #1898(1380), #1899(1380), #1901(1380), #1902(272), #1904(1380), #1905(1380), #1907(1380), #19] [Frame: 1886, payload: 0-1379 (1380 bytes)] [Frame: 1887, payload: 1380-2759 (1380 bytes)] [Frame: 1889, payload: 2760-4139 (1380 bytes)] [Frame: 1890, payload: 4140-5519 (1380 bytes)] [Frame: 1892, payload: 5520-6899 (1380 bytes)] [Frame: 1893, payload: 6900-8279 (1380 bytes)] [Frame: 1895, payload: 8280-8724 (445 bytes)] [Frame: 1896, payload: 8725-10104 (1380 bytes)] [Frame: 1898, payload: 10105-11484 (1380 bytes)] [Frame: 1899, payload: 11485-12864 (1380 bytes)] [Frame: 1901, payload: 12865-14244 (1380 bytes)] [Frame: 1902, payload: 14245-14516 (272 bytes)] [Frame: 1904, payload: 14517-15896 (1380 bytes)] [Frame: 1905, payload: 15897-17276 (1380 bytes)] [Frame: 1907, payload: 17277-18656 (1380 bytes)] [Frame: 1908, payload: 18657-20036 (1380 bytes)] [Frame: 1910, payload: 20037-21416 (1380 bytes)] [Frame: 1911, payload: 21417-22796 (1380 bytes)] [Frame: 1913, payload: 22797-23204 (408 bytes)] [Frame: 1914, payload: 23205-24584 (1380 bytes)] [Frame: 1916, payload: 24585-25964 (1380 bytes)] [Frame: 1917, payload: 25965-27344 (1380 bytes)] [Frame: 1919, payload: 27345-28724 (1380 bytes)] [Frame: 1920, payload: 28725-28996 (272 bytes)] [Frame: 1922, payload: 28997-30376 (1380 bytes)] [Frame: 1923, payload: 30377-31756 (1380 bytes)] [Frame: 1925, payload: 31757-33136 (1380 bytes)] [Frame: 1926, payload: 33137-34516 (1380 bytes)] [Frame: 1928, payload: 34517-35896 (1380 bytes)] [Frame: 1929, payload: 35897-37276 (1380 bytes)] [Frame: 1931, payload: 37277-38656 (1380 bytes)] [Frame: 1932, payload: 38657-40036 (1380 bytes)] [Frame: 1934, payload: 40037-41416 (1380 bytes)] [Frame: 1935, payload: 41417-42796 (1380 bytes)] [Frame: 1937, payload: 42797-44176 (1380 bytes)] [Frame: 1938, payload: 44177-45556 (1380 bytes)] [Frame: 1940, payload: 45557-46936 (1380 bytes)] [Frame: 1941, payload: 46937-48316 (1380 bytes)] [Frame: 1943, payload: 48317-49696 (1380 bytes)] [Frame: 1944, payload: 49697-51076 (1380 bytes)] [Frame: 1946, payload: 51077-52456 (1380 bytes)] [Frame: 1947, payload: 52457-53179 (723 bytes)] [Segment count: 42] [Reassembled TCP length: 53180] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:33 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 52840\r\n [Content length: 52840] Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:33 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 70\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10026 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 379 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 1949 2012-06-20 08:38:52.618776 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 1949: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:52.618776000 GMT Daylight Time Epoch Time: 1340177932.618776000 seconds [Time delta from previous captured frame: 0.000263000 seconds] [Time delta from previous displayed frame: 0.000306000 seconds] [Time since reference or first frame: 24.596990000 seconds] Frame Number: 1949 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x24df (9439) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd758 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 1335, Ack: 159541, Len: 133 Source port: iqserver (2527) Destination port: http (80) [Stream index: 26] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 159541 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x2608 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] No. Time Source Destination Protocol Info 1961 2012-06-20 08:38:52.888743 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 1961: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:52.888743000 GMT Daylight Time Epoch Time: 1340177932.888743000 seconds [Time delta from previous captured frame: 0.000131000 seconds] [Time delta from previous displayed frame: 0.269967000 seconds] [Time since reference or first frame: 24.866957000 seconds] Frame Number: 1961 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x24e5 (9445) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd6ea [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: ncr_ccl (2528) Destination port: http (80) [Stream index: 29] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x924e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #1960(225), #1961(237)] [Frame: 1960, payload: 0-224 (225 bytes)] [Frame: 1961, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2059 2012-06-20 08:38:53.633621 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2059: 1295 bytes on wire (10360 bits), 1295 bytes captured (10360 bits) Arrival Time: Jun 20, 2012 08:38:53.633621000 GMT Daylight Time Epoch Time: 1340177933.633621000 seconds [Time delta from previous captured frame: 0.000048000 seconds] [Time delta from previous displayed frame: 0.744878000 seconds] [Time since reference or first frame: 25.611835000 seconds] Frame Number: 2059 Frame Length: 1295 bytes (10360 bits) Capture Length: 1295 bytes (10360 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1281 Identification: 0xe7e8 (59368) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x5bfb [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ncr_ccl (2528), Seq: 78970, Ack: 463, Len: 1241 Source port: http (80) Destination port: ncr_ccl (2528) [Stream index: 29] Sequence number: 78970 (relative sequence number) [Next sequence number: 80211 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xfb95 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1241] TCP segment data (1241 bytes) [59 Reassembled TCP Segments (80210 bytes): #1967(1380), #1968(1380), #1970(1380), #1971(1380), #1973(309), #1974(1380), #1976(1380), #1977(1380), #1979(1380), #1980(1380), #1985(1380), #1986(1380), #1988(1380), #1989(1380), #1991(1380), #1] [Frame: 1967, payload: 0-1379 (1380 bytes)] [Frame: 1968, payload: 1380-2759 (1380 bytes)] [Frame: 1970, payload: 2760-4139 (1380 bytes)] [Frame: 1971, payload: 4140-5519 (1380 bytes)] [Frame: 1973, payload: 5520-5828 (309 bytes)] [Frame: 1974, payload: 5829-7208 (1380 bytes)] [Frame: 1976, payload: 7209-8588 (1380 bytes)] [Frame: 1977, payload: 8589-9968 (1380 bytes)] [Frame: 1979, payload: 9969-11348 (1380 bytes)] [Frame: 1980, payload: 11349-12728 (1380 bytes)] [Frame: 1985, payload: 12729-14108 (1380 bytes)] [Frame: 1986, payload: 14109-15488 (1380 bytes)] [Frame: 1988, payload: 15489-16868 (1380 bytes)] [Frame: 1989, payload: 16869-18248 (1380 bytes)] [Frame: 1991, payload: 18249-19628 (1380 bytes)] [Frame: 1992, payload: 19629-21008 (1380 bytes)] [Frame: 1994, payload: 21009-22388 (1380 bytes)] [Frame: 1995, payload: 22389-23768 (1380 bytes)] [Frame: 1997, payload: 23769-25148 (1380 bytes)] [Frame: 1998, payload: 25149-26528 (1380 bytes)] [Frame: 2000, payload: 26529-27908 (1380 bytes)] [Frame: 2001, payload: 27909-29288 (1380 bytes)] [Frame: 2004, payload: 29289-30668 (1380 bytes)] [Frame: 2005, payload: 30669-32048 (1380 bytes)] [Frame: 2007, payload: 32049-33428 (1380 bytes)] [Frame: 2008, payload: 33429-34808 (1380 bytes)] [Frame: 2010, payload: 34809-36188 (1380 bytes)] [Frame: 2011, payload: 36189-37568 (1380 bytes)] [Frame: 2013, payload: 37569-38948 (1380 bytes)] [Frame: 2014, payload: 38949-40328 (1380 bytes)] [Frame: 2016, payload: 40329-41708 (1380 bytes)] [Frame: 2017, payload: 41709-43088 (1380 bytes)] [Frame: 2019, payload: 43089-44468 (1380 bytes)] [Frame: 2020, payload: 44469-45848 (1380 bytes)] [Frame: 2022, payload: 45849-47228 (1380 bytes)] [Frame: 2023, payload: 47229-48608 (1380 bytes)] [Frame: 2025, payload: 48609-49988 (1380 bytes)] [Frame: 2026, payload: 49989-51368 (1380 bytes)] [Frame: 2028, payload: 51369-52748 (1380 bytes)] [Frame: 2029, payload: 52749-54128 (1380 bytes)] [Frame: 2032, payload: 54129-55508 (1380 bytes)] [Frame: 2033, payload: 55509-56888 (1380 bytes)] [Frame: 2035, payload: 56889-58268 (1380 bytes)] [Frame: 2036, payload: 58269-59648 (1380 bytes)] [Frame: 2038, payload: 59649-61028 (1380 bytes)] [Frame: 2039, payload: 61029-62408 (1380 bytes)] [Frame: 2041, payload: 62409-63788 (1380 bytes)] [Frame: 2042, payload: 63789-65168 (1380 bytes)] [Frame: 2044, payload: 65169-66548 (1380 bytes)] [Frame: 2045, payload: 66549-67928 (1380 bytes)] [Frame: 2047, payload: 67929-69308 (1380 bytes)] [Frame: 2048, payload: 69309-70688 (1380 bytes)] [Frame: 2050, payload: 70689-72068 (1380 bytes)] [Frame: 2051, payload: 72069-73448 (1380 bytes)] [Frame: 2053, payload: 73449-74828 (1380 bytes)] [Frame: 2054, payload: 74829-76208 (1380 bytes)] [Frame: 2056, payload: 76209-77588 (1380 bytes)] [Frame: 2057, payload: 77589-78968 (1380 bytes)] [Frame: 2059, payload: 78969-80209 (1241 bytes)] [Segment count: 59] [Reassembled TCP length: 80210] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:34 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 79869\r\n [Content length: 79869] Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:34 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6704 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2061 2012-06-20 08:38:53.633977 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 2061: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:53.633977000 GMT Daylight Time Epoch Time: 1340177933.633977000 seconds [Time delta from previous captured frame: 0.000100000 seconds] [Time delta from previous displayed frame: 0.000356000 seconds] [Time since reference or first frame: 25.612191000 seconds] Frame Number: 2061 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2504 (9476) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd6cb [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 662, Ack: 80211, Len: 237 Source port: ncr_ccl (2528) Destination port: http (80) [Stream index: 29] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 80211 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0x574c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2060(199), #2061(237)] [Frame: 2060, payload: 0-198 (199 bytes)] [Frame: 2061, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2158 2012-06-20 08:38:54.090053 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2158: 207 bytes on wire (1656 bits), 207 bytes captured (1656 bits) Arrival Time: Jun 20, 2012 08:38:54.090053000 GMT Daylight Time Epoch Time: 1340177934.090053000 seconds [Time delta from previous captured frame: 0.000012000 seconds] [Time delta from previous displayed frame: 0.456076000 seconds] [Time since reference or first frame: 26.068267000 seconds] Frame Number: 2158 Frame Length: 207 bytes (1656 bits) Capture Length: 207 bytes (1656 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 193 Identification: 0xe828 (59432) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x5ffb [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ncr_ccl (2528), Seq: 160268, Ack: 899, Len: 153 Source port: http (80) Destination port: ncr_ccl (2528) [Stream index: 29] Sequence number: 160268 (relative sequence number) [Next sequence number: 160421 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x6983 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1533] TCP segment data (153 bytes) [62 Reassembled TCP Segments (80210 bytes): #2067(1380), #2068(1380), #2070(1380), #2071(1380), #2073(1380), #2074(1380), #2076(445), #2077(1380), #2079(1380), #2080(1380), #2082(1380), #2083(272), #2085(1380), #2086(1380), #2088(1380), #20] [Frame: 2067, payload: 0-1379 (1380 bytes)] [Frame: 2068, payload: 1380-2759 (1380 bytes)] [Frame: 2070, payload: 2760-4139 (1380 bytes)] [Frame: 2071, payload: 4140-5519 (1380 bytes)] [Frame: 2073, payload: 5520-6899 (1380 bytes)] [Frame: 2074, payload: 6900-8279 (1380 bytes)] [Frame: 2076, payload: 8280-8724 (445 bytes)] [Frame: 2077, payload: 8725-10104 (1380 bytes)] [Frame: 2079, payload: 10105-11484 (1380 bytes)] [Frame: 2080, payload: 11485-12864 (1380 bytes)] [Frame: 2082, payload: 12865-14244 (1380 bytes)] [Frame: 2083, payload: 14245-14516 (272 bytes)] [Frame: 2085, payload: 14517-15896 (1380 bytes)] [Frame: 2086, payload: 15897-17276 (1380 bytes)] [Frame: 2088, payload: 17277-18656 (1380 bytes)] [Frame: 2089, payload: 18657-20036 (1380 bytes)] [Frame: 2091, payload: 20037-20308 (272 bytes)] [Frame: 2092, payload: 20309-21688 (1380 bytes)] [Frame: 2094, payload: 21689-23068 (1380 bytes)] [Frame: 2095, payload: 23069-24448 (1380 bytes)] [Frame: 2097, payload: 24449-25828 (1380 bytes)] [Frame: 2098, payload: 25829-27208 (1380 bytes)] [Frame: 2100, payload: 27209-28588 (1380 bytes)] [Frame: 2101, payload: 28589-28996 (408 bytes)] [Frame: 2103, payload: 28997-30376 (1380 bytes)] [Frame: 2104, payload: 30377-31756 (1380 bytes)] [Frame: 2106, payload: 31757-33136 (1380 bytes)] [Frame: 2107, payload: 33137-34516 (1380 bytes)] [Frame: 2109, payload: 34517-35896 (1380 bytes)] [Frame: 2110, payload: 35897-37276 (1380 bytes)] [Frame: 2112, payload: 37277-38656 (1380 bytes)] [Frame: 2113, payload: 38657-40036 (1380 bytes)] [Frame: 2115, payload: 40037-41416 (1380 bytes)] [Frame: 2116, payload: 41417-42796 (1380 bytes)] [Frame: 2118, payload: 42797-44176 (1380 bytes)] [Frame: 2119, payload: 44177-45556 (1380 bytes)] [Frame: 2121, payload: 45557-46936 (1380 bytes)] [Frame: 2122, payload: 46937-48316 (1380 bytes)] [Frame: 2124, payload: 48317-49696 (1380 bytes)] [Frame: 2125, payload: 49697-51076 (1380 bytes)] [Frame: 2127, payload: 51077-52456 (1380 bytes)] [Frame: 2128, payload: 52457-53836 (1380 bytes)] [Frame: 2130, payload: 53837-55216 (1380 bytes)] [Frame: 2131, payload: 55217-56596 (1380 bytes)] [Frame: 2133, payload: 56597-57976 (1380 bytes)] [Frame: 2134, payload: 57977-59356 (1380 bytes)] [Frame: 2136, payload: 59357-60736 (1380 bytes)] [Frame: 2137, payload: 60737-62116 (1380 bytes)] [Frame: 2139, payload: 62117-63496 (1380 bytes)] [Frame: 2140, payload: 63497-64876 (1380 bytes)] [Frame: 2142, payload: 64877-66256 (1380 bytes)] [Frame: 2143, payload: 66257-67636 (1380 bytes)] [Frame: 2145, payload: 67637-69016 (1380 bytes)] [Frame: 2146, payload: 69017-70396 (1380 bytes)] [Frame: 2148, payload: 70397-71776 (1380 bytes)] [Frame: 2149, payload: 71777-73156 (1380 bytes)] [Frame: 2151, payload: 73157-74536 (1380 bytes)] [Frame: 2152, payload: 74537-75916 (1380 bytes)] [Frame: 2154, payload: 75917-77296 (1380 bytes)] [Frame: 2155, payload: 77297-78676 (1380 bytes)] [Frame: 2157, payload: 78677-80056 (1380 bytes)] [Frame: 2158, payload: 80057-80209 (153 bytes)] [Segment count: 62] [Reassembled TCP length: 80210] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:34 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 79869\r\n [Content length: 79869] Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:34 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6704 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2161 2012-06-20 08:38:54.090409 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 2161: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:54.090409000 GMT Daylight Time Epoch Time: 1340177934.090409000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000356000 seconds] [Time since reference or first frame: 26.068623000 seconds] Frame Number: 2161 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2525 (9509) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd6aa [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 1098, Ack: 160421, Len: 237 Source port: ncr_ccl (2528) Destination port: http (80) [Stream index: 29] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 160421 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x1c40 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2160(199), #2161(237)] [Frame: 2160, payload: 0-198 (199 bytes)] [Frame: 2161, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2268 2012-06-20 08:38:54.747226 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2268: 615 bytes on wire (4920 bits), 615 bytes captured (4920 bits) Arrival Time: Jun 20, 2012 08:38:54.747226000 GMT Daylight Time Epoch Time: 1340177934.747226000 seconds [Time delta from previous captured frame: 0.000012000 seconds] [Time delta from previous displayed frame: 0.656817000 seconds] [Time since reference or first frame: 26.725440000 seconds] Frame Number: 2268 Frame Length: 615 bytes (4920 bits) Capture Length: 615 bytes (4920 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 601 Identification: 0xe867 (59495) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x5e24 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ncr_ccl (2528), Seq: 240070, Ack: 1335, Len: 561 Source port: http (80) Destination port: ncr_ccl (2528) [Stream index: 29] Sequence number: 240070 (relative sequence number) [Next sequence number: 240631 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x1a14 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 561] TCP segment data (561 bytes) [61 Reassembled TCP Segments (80210 bytes): #2171(1380), #2172(1380), #2174(1380), #2175(1380), #2177(1380), #2178(1380), #2180(445), #2181(1380), #2183(1380), #2184(1380), #2186(1380), #2187(272), #2189(1380), #2190(1380), #2192(1380), #21] [Frame: 2171, payload: 0-1379 (1380 bytes)] [Frame: 2172, payload: 1380-2759 (1380 bytes)] [Frame: 2174, payload: 2760-4139 (1380 bytes)] [Frame: 2175, payload: 4140-5519 (1380 bytes)] [Frame: 2177, payload: 5520-6899 (1380 bytes)] [Frame: 2178, payload: 6900-8279 (1380 bytes)] [Frame: 2180, payload: 8280-8724 (445 bytes)] [Frame: 2181, payload: 8725-10104 (1380 bytes)] [Frame: 2183, payload: 10105-11484 (1380 bytes)] [Frame: 2184, payload: 11485-12864 (1380 bytes)] [Frame: 2186, payload: 12865-14244 (1380 bytes)] [Frame: 2187, payload: 14245-14516 (272 bytes)] [Frame: 2189, payload: 14517-15896 (1380 bytes)] [Frame: 2190, payload: 15897-17276 (1380 bytes)] [Frame: 2192, payload: 17277-18656 (1380 bytes)] [Frame: 2193, payload: 18657-20036 (1380 bytes)] [Frame: 2195, payload: 20037-20308 (272 bytes)] [Frame: 2196, payload: 20309-21688 (1380 bytes)] [Frame: 2198, payload: 21689-23068 (1380 bytes)] [Frame: 2199, payload: 23069-24448 (1380 bytes)] [Frame: 2201, payload: 24449-25828 (1380 bytes)] [Frame: 2202, payload: 25829-27208 (1380 bytes)] [Frame: 2204, payload: 27209-28588 (1380 bytes)] [Frame: 2209, payload: 28589-29968 (1380 bytes)] [Frame: 2211, payload: 29969-31348 (1380 bytes)] [Frame: 2212, payload: 31349-32728 (1380 bytes)] [Frame: 2214, payload: 32729-34108 (1380 bytes)] [Frame: 2215, payload: 34109-35488 (1380 bytes)] [Frame: 2217, payload: 35489-36868 (1380 bytes)] [Frame: 2218, payload: 36869-38248 (1380 bytes)] [Frame: 2220, payload: 38249-39628 (1380 bytes)] [Frame: 2221, payload: 39629-41008 (1380 bytes)] [Frame: 2223, payload: 41009-42388 (1380 bytes)] [Frame: 2224, payload: 42389-43768 (1380 bytes)] [Frame: 2226, payload: 43769-45148 (1380 bytes)] [Frame: 2227, payload: 45149-46528 (1380 bytes)] [Frame: 2229, payload: 46529-47908 (1380 bytes)] [Frame: 2230, payload: 47909-49288 (1380 bytes)] [Frame: 2232, payload: 49289-50668 (1380 bytes)] [Frame: 2233, payload: 50669-52048 (1380 bytes)] [Frame: 2235, payload: 52049-53428 (1380 bytes)] [Frame: 2236, payload: 53429-54808 (1380 bytes)] [Frame: 2238, payload: 54809-56188 (1380 bytes)] [Frame: 2239, payload: 56189-57568 (1380 bytes)] [Frame: 2241, payload: 57569-58948 (1380 bytes)] [Frame: 2242, payload: 58949-60328 (1380 bytes)] [Frame: 2247, payload: 60329-61708 (1380 bytes)] [Frame: 2248, payload: 61709-63088 (1380 bytes)] [Frame: 2250, payload: 63089-64468 (1380 bytes)] [Frame: 2251, payload: 64469-65848 (1380 bytes)] [Frame: 2253, payload: 65849-67228 (1380 bytes)] [Frame: 2254, payload: 67229-68608 (1380 bytes)] [Frame: 2256, payload: 68609-69988 (1380 bytes)] [Frame: 2257, payload: 69989-71368 (1380 bytes)] [Frame: 2259, payload: 71369-72748 (1380 bytes)] [Frame: 2260, payload: 72749-74128 (1380 bytes)] [Frame: 2262, payload: 74129-75508 (1380 bytes)] [Frame: 2263, payload: 75509-76888 (1380 bytes)] [Frame: 2265, payload: 76889-78268 (1380 bytes)] [Frame: 2266, payload: 78269-79648 (1380 bytes)] [Frame: 2268, payload: 79649-80209 (561 bytes)] [Segment count: 61] [Reassembled TCP length: 80210] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:35 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 79869\r\n [Content length: 79869] Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:35 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6704 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2269 2012-06-20 08:38:54.747525 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 2269: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:54.747525000 GMT Daylight Time Epoch Time: 1340177934.747525000 seconds [Time delta from previous captured frame: 0.000299000 seconds] [Time delta from previous displayed frame: 0.000299000 seconds] [Time since reference or first frame: 26.725739000 seconds] Frame Number: 2269 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2544 (9540) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd6f3 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 1335, Ack: 240631, Len: 133 Source port: ncr_ccl (2528) Destination port: http (80) [Stream index: 29] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 240631 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x1187 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2268] [The RTT to ACK the segment was: 0.000299000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] No. Time Source Destination Protocol Info 2281 2012-06-20 08:38:55.017775 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 2281: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:55.017775000 GMT Daylight Time Epoch Time: 1340177935.017775000 seconds [Time delta from previous captured frame: 0.000127000 seconds] [Time delta from previous displayed frame: 0.270250000 seconds] [Time since reference or first frame: 26.995989000 seconds] Frame Number: 2281 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x254a (9546) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd685 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: utsftp (2529) Destination port: http (80) [Stream index: 31] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x85a4 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #2280(225), #2281(237)] [Frame: 2280, payload: 0-224 (225 bytes)] [Frame: 2281, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2348 2012-06-20 08:38:55.634279 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2348: 1339 bytes on wire (10712 bits), 1339 bytes captured (10712 bits) Arrival Time: Jun 20, 2012 08:38:55.634279000 GMT Daylight Time Epoch Time: 1340177935.634279000 seconds [Time delta from previous captured frame: 0.000387000 seconds] [Time delta from previous displayed frame: 0.616504000 seconds] [Time since reference or first frame: 27.612493000 seconds] Frame Number: 2348 Frame Length: 1339 bytes (10712 bits) Capture Length: 1339 bytes (10712 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1325 Identification: 0x8ee2 (36578) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xb4d5 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: utsftp (2529), Seq: 52886, Ack: 463, Len: 1285 Source port: http (80) Destination port: utsftp (2529) [Stream index: 31] Sequence number: 52886 (relative sequence number) [Next sequence number: 54171 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x9ae9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1285] TCP segment data (1285 bytes) [41 Reassembled TCP Segments (54170 bytes): #2288(1380), #2289(105), #2291(1380), #2292(1380), #2294(1380), #2295(1380), #2297(1380), #2298(340), #2300(1380), #2301(1380), #2303(1380), #2304(1380), #2306(1380), #2307(1380), #2309(1380), #23] [Frame: 2288, payload: 0-1379 (1380 bytes)] [Frame: 2289, payload: 1380-1484 (105 bytes)] [Frame: 2291, payload: 1485-2864 (1380 bytes)] [Frame: 2292, payload: 2865-4244 (1380 bytes)] [Frame: 2294, payload: 4245-5624 (1380 bytes)] [Frame: 2295, payload: 5625-7004 (1380 bytes)] [Frame: 2297, payload: 7005-8384 (1380 bytes)] [Frame: 2298, payload: 8385-8724 (340 bytes)] [Frame: 2300, payload: 8725-10104 (1380 bytes)] [Frame: 2301, payload: 10105-11484 (1380 bytes)] [Frame: 2303, payload: 11485-12864 (1380 bytes)] [Frame: 2304, payload: 12865-14244 (1380 bytes)] [Frame: 2306, payload: 14245-15624 (1380 bytes)] [Frame: 2307, payload: 15625-17004 (1380 bytes)] [Frame: 2309, payload: 17005-18384 (1380 bytes)] [Frame: 2310, payload: 18385-19764 (1380 bytes)] [Frame: 2312, payload: 19765-21144 (1380 bytes)] [Frame: 2313, payload: 21145-22524 (1380 bytes)] [Frame: 2315, payload: 22525-23904 (1380 bytes)] [Frame: 2316, payload: 23905-25284 (1380 bytes)] [Frame: 2318, payload: 25285-26664 (1380 bytes)] [Frame: 2319, payload: 26665-28044 (1380 bytes)] [Frame: 2321, payload: 28045-29424 (1380 bytes)] [Frame: 2322, payload: 29425-30804 (1380 bytes)] [Frame: 2324, payload: 30805-32184 (1380 bytes)] [Frame: 2325, payload: 32185-33564 (1380 bytes)] [Frame: 2327, payload: 33565-34944 (1380 bytes)] [Frame: 2328, payload: 34945-36324 (1380 bytes)] [Frame: 2330, payload: 36325-37704 (1380 bytes)] [Frame: 2331, payload: 37705-39084 (1380 bytes)] [Frame: 2333, payload: 39085-40464 (1380 bytes)] [Frame: 2334, payload: 40465-41844 (1380 bytes)] [Frame: 2336, payload: 41845-43224 (1380 bytes)] [Frame: 2337, payload: 43225-44604 (1380 bytes)] [Frame: 2339, payload: 44605-45984 (1380 bytes)] [Frame: 2340, payload: 45985-47364 (1380 bytes)] [Frame: 2342, payload: 47365-48744 (1380 bytes)] [Frame: 2343, payload: 48745-50124 (1380 bytes)] [Frame: 2345, payload: 50125-51504 (1380 bytes)] [Frame: 2346, payload: 51505-52884 (1380 bytes)] [Frame: 2348, payload: 52885-54169 (1285 bytes)] [Segment count: 41] [Reassembled TCP length: 54170] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:36 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 53829\r\n [Content length: 53829] Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:36 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 237\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10024 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 400 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2350 2012-06-20 08:38:55.634704 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 2350: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:55.634704000 GMT Daylight Time Epoch Time: 1340177935.634704000 seconds [Time delta from previous captured frame: 0.000100000 seconds] [Time delta from previous displayed frame: 0.000425000 seconds] [Time since reference or first frame: 27.612918000 seconds] Frame Number: 2350 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2560 (9568) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd66f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 662, Ack: 54171, Len: 237 Source port: utsftp (2529) Destination port: http (80) [Stream index: 31] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 54171 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0xb05a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2349(199), #2350(237)] [Frame: 2349, payload: 0-198 (199 bytes)] [Frame: 2350, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2416 2012-06-20 08:38:56.051176 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2416: 931 bytes on wire (7448 bits), 931 bytes captured (7448 bits) Arrival Time: Jun 20, 2012 08:38:56.051176000 GMT Daylight Time Epoch Time: 1340177936.051176000 seconds [Time delta from previous captured frame: 0.000010000 seconds] [Time delta from previous displayed frame: 0.416472000 seconds] [Time since reference or first frame: 28.029390000 seconds] Frame Number: 2416 Frame Length: 931 bytes (7448 bits) Capture Length: 931 bytes (7448 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 917 Identification: 0x8f0d (36621) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xb642 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: utsftp (2529), Seq: 107464, Ack: 899, Len: 877 Source port: http (80) Destination port: utsftp (2529) [Stream index: 31] Sequence number: 107464 (relative sequence number) [Next sequence number: 108341 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xd2e8 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 877] TCP segment data (877 bytes) [41 Reassembled TCP Segments (54170 bytes): #2356(1380), #2357(1380), #2359(1380), #2360(1380), #2362(1380), #2363(1380), #2365(1380), #2366(1380), #2368(581), #2369(1380), #2371(1380), #2372(1380), #2374(1380), #2375(272), #2377(1380), #23] [Frame: 2356, payload: 0-1379 (1380 bytes)] [Frame: 2357, payload: 1380-2759 (1380 bytes)] [Frame: 2359, payload: 2760-4139 (1380 bytes)] [Frame: 2360, payload: 4140-5519 (1380 bytes)] [Frame: 2362, payload: 5520-6899 (1380 bytes)] [Frame: 2363, payload: 6900-8279 (1380 bytes)] [Frame: 2365, payload: 8280-9659 (1380 bytes)] [Frame: 2366, payload: 9660-11039 (1380 bytes)] [Frame: 2368, payload: 11040-11620 (581 bytes)] [Frame: 2369, payload: 11621-13000 (1380 bytes)] [Frame: 2371, payload: 13001-14380 (1380 bytes)] [Frame: 2372, payload: 14381-15760 (1380 bytes)] [Frame: 2374, payload: 15761-17140 (1380 bytes)] [Frame: 2375, payload: 17141-17412 (272 bytes)] [Frame: 2377, payload: 17413-18792 (1380 bytes)] [Frame: 2378, payload: 18793-20172 (1380 bytes)] [Frame: 2380, payload: 20173-21552 (1380 bytes)] [Frame: 2381, payload: 21553-22932 (1380 bytes)] [Frame: 2383, payload: 22933-24312 (1380 bytes)] [Frame: 2384, payload: 24313-25692 (1380 bytes)] [Frame: 2386, payload: 25693-27072 (1380 bytes)] [Frame: 2387, payload: 27073-28452 (1380 bytes)] [Frame: 2389, payload: 28453-29832 (1380 bytes)] [Frame: 2390, payload: 29833-31212 (1380 bytes)] [Frame: 2392, payload: 31213-32592 (1380 bytes)] [Frame: 2393, payload: 32593-33972 (1380 bytes)] [Frame: 2395, payload: 33973-35352 (1380 bytes)] [Frame: 2396, payload: 35353-36732 (1380 bytes)] [Frame: 2398, payload: 36733-38112 (1380 bytes)] [Frame: 2399, payload: 38113-39492 (1380 bytes)] [Frame: 2401, payload: 39493-40872 (1380 bytes)] [Frame: 2402, payload: 40873-42252 (1380 bytes)] [Frame: 2404, payload: 42253-43632 (1380 bytes)] [Frame: 2405, payload: 43633-45012 (1380 bytes)] [Frame: 2407, payload: 45013-46392 (1380 bytes)] [Frame: 2408, payload: 46393-47772 (1380 bytes)] [Frame: 2410, payload: 47773-49152 (1380 bytes)] [Frame: 2411, payload: 49153-50532 (1380 bytes)] [Frame: 2413, payload: 50533-51912 (1380 bytes)] [Frame: 2414, payload: 51913-53292 (1380 bytes)] [Frame: 2416, payload: 53293-54169 (877 bytes)] [Segment count: 41] [Reassembled TCP length: 54170] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:36 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 53829\r\n [Content length: 53829] Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:36 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 237\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10024 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 400 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2418 2012-06-20 08:38:56.051451 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 2418: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:56.051451000 GMT Daylight Time Epoch Time: 1340177936.051451000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000275000 seconds] [Time since reference or first frame: 28.029665000 seconds] Frame Number: 2418 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2576 (9590) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd659 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 1098, Ack: 108341, Len: 237 Source port: utsftp (2529) Destination port: http (80) [Stream index: 31] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 108341 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0xdb09 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2417(199), #2418(237)] [Frame: 2417, payload: 0-198 (199 bytes)] [Frame: 2418, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2485 2012-06-20 08:38:56.501635 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2485: 387 bytes on wire (3096 bits), 387 bytes captured (3096 bits) Arrival Time: Jun 20, 2012 08:38:56.501635000 GMT Daylight Time Epoch Time: 1340177936.501635000 seconds [Time delta from previous captured frame: 0.000009000 seconds] [Time delta from previous displayed frame: 0.450184000 seconds] [Time since reference or first frame: 28.479849000 seconds] Frame Number: 2485 Frame Length: 387 bytes (3096 bits) Capture Length: 387 bytes (3096 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 373 Identification: 0x8f3a (36666) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xb835 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: utsftp (2529), Seq: 162178, Ack: 1335, Len: 333 Source port: http (80) Destination port: utsftp (2529) [Stream index: 31] Sequence number: 162178 (relative sequence number) [Next sequence number: 162511 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xfaab [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 333] TCP segment data (333 bytes) [43 Reassembled TCP Segments (54170 bytes): #2421(1380), #2422(1380), #2424(173), #2425(1380), #2427(1380), #2428(1380), #2430(1380), #2431(1380), #2433(1380), #2434(1380), #2436(1380), #2437(544), #2439(1380), #2440(1380), #2442(1380), #24] [Frame: 2421, payload: 0-1379 (1380 bytes)] [Frame: 2422, payload: 1380-2759 (1380 bytes)] [Frame: 2424, payload: 2760-2932 (173 bytes)] [Frame: 2425, payload: 2933-4312 (1380 bytes)] [Frame: 2427, payload: 4313-5692 (1380 bytes)] [Frame: 2428, payload: 5693-7072 (1380 bytes)] [Frame: 2430, payload: 7073-8452 (1380 bytes)] [Frame: 2431, payload: 8453-9832 (1380 bytes)] [Frame: 2433, payload: 9833-11212 (1380 bytes)] [Frame: 2434, payload: 11213-12592 (1380 bytes)] [Frame: 2436, payload: 12593-13972 (1380 bytes)] [Frame: 2437, payload: 13973-14516 (544 bytes)] [Frame: 2439, payload: 14517-15896 (1380 bytes)] [Frame: 2440, payload: 15897-17276 (1380 bytes)] [Frame: 2442, payload: 17277-18656 (1380 bytes)] [Frame: 2443, payload: 18657-20036 (1380 bytes)] [Frame: 2445, payload: 20037-21416 (1380 bytes)] [Frame: 2446, payload: 21417-22796 (1380 bytes)] [Frame: 2448, payload: 22797-24176 (1380 bytes)] [Frame: 2449, payload: 24177-24652 (476 bytes)] [Frame: 2451, payload: 24653-26032 (1380 bytes)] [Frame: 2452, payload: 26033-27412 (1380 bytes)] [Frame: 2454, payload: 27413-28792 (1380 bytes)] [Frame: 2455, payload: 28793-28996 (204 bytes)] [Frame: 2458, payload: 28997-30376 (1380 bytes)] [Frame: 2459, payload: 30377-31756 (1380 bytes)] [Frame: 2461, payload: 31757-33136 (1380 bytes)] [Frame: 2462, payload: 33137-34516 (1380 bytes)] [Frame: 2464, payload: 34517-35896 (1380 bytes)] [Frame: 2465, payload: 35897-37276 (1380 bytes)] [Frame: 2467, payload: 37277-38656 (1380 bytes)] [Frame: 2468, payload: 38657-40036 (1380 bytes)] [Frame: 2470, payload: 40037-41416 (1380 bytes)] [Frame: 2471, payload: 41417-42796 (1380 bytes)] [Frame: 2473, payload: 42797-44176 (1380 bytes)] [Frame: 2474, payload: 44177-45556 (1380 bytes)] [Frame: 2476, payload: 45557-46936 (1380 bytes)] [Frame: 2477, payload: 46937-48316 (1380 bytes)] [Frame: 2479, payload: 48317-49696 (1380 bytes)] [Frame: 2480, payload: 49697-51076 (1380 bytes)] [Frame: 2482, payload: 51077-52456 (1380 bytes)] [Frame: 2483, payload: 52457-53836 (1380 bytes)] [Frame: 2485, payload: 53837-54169 (333 bytes)] [Segment count: 43] [Reassembled TCP length: 54170] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:37 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 53829\r\n [Content length: 53829] Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:37 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 237\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10024 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 400 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2486 2012-06-20 08:38:56.501882 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 2486: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:56.501882000 GMT Daylight Time Epoch Time: 1340177936.501882000 seconds [Time delta from previous captured frame: 0.000247000 seconds] [Time delta from previous displayed frame: 0.000247000 seconds] [Time since reference or first frame: 28.480096000 seconds] Frame Number: 2486 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x258c (9612) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd6ab [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 1335, Ack: 162511, Len: 133 Source port: utsftp (2529) Destination port: http (80) [Stream index: 31] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 162511 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0x320b [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2485] [The RTT to ACK the segment was: 0.000247000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] No. Time Source Destination Protocol Info 2496 2012-06-20 08:38:56.771905 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 2496: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:56.771905000 GMT Daylight Time Epoch Time: 1340177936.771905000 seconds [Time delta from previous captured frame: 0.000123000 seconds] [Time delta from previous displayed frame: 0.270023000 seconds] [Time since reference or first frame: 28.750119000 seconds] Frame Number: 2496 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2592 (9618) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd63d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: vrcommerce (2530) Destination port: http (80) [Stream index: 32] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xe1c7 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #2495(225), #2496(237)] [Frame: 2495, payload: 0-224 (225 bytes)] [Frame: 2496, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2574 2012-06-20 08:38:57.499571 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2574: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) Arrival Time: Jun 20, 2012 08:38:57.499571000 GMT Daylight Time Epoch Time: 1340177937.499571000 seconds [Time delta from previous captured frame: 0.000048000 seconds] [Time delta from previous displayed frame: 0.727666000 seconds] [Time since reference or first frame: 29.477785000 seconds] Frame Number: 2574 Frame Length: 86 bytes (688 bits) Capture Length: 86 bytes (688 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 72 Identification: 0x0340 (832) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x455d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vrcommerce (2530), Seq: 58270, Ack: 463, Len: 32 Source port: http (80) Destination port: vrcommerce (2530) [Stream index: 32] Sequence number: 58270 (relative sequence number) [Next sequence number: 58302 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xccae [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 32] TCP segment data (32 bytes) [47 Reassembled TCP Segments (58301 bytes): #2501(1380), #2502(105), #2504(1380), #2505(68), #2507(1380), #2508(68), #2510(1380), #2511(68), #2513(1380), #2514(1380), #2517(1380), #2518(1380), #2520(1380), #2521(1380), #2523(1380), #2524(13] [Frame: 2501, payload: 0-1379 (1380 bytes)] [Frame: 2502, payload: 1380-1484 (105 bytes)] [Frame: 2504, payload: 1485-2864 (1380 bytes)] [Frame: 2505, payload: 2865-2932 (68 bytes)] [Frame: 2507, payload: 2933-4312 (1380 bytes)] [Frame: 2508, payload: 4313-4380 (68 bytes)] [Frame: 2510, payload: 4381-5760 (1380 bytes)] [Frame: 2511, payload: 5761-5828 (68 bytes)] [Frame: 2513, payload: 5829-7208 (1380 bytes)] [Frame: 2514, payload: 7209-8588 (1380 bytes)] [Frame: 2517, payload: 8589-9968 (1380 bytes)] [Frame: 2518, payload: 9969-11348 (1380 bytes)] [Frame: 2520, payload: 11349-12728 (1380 bytes)] [Frame: 2521, payload: 12729-14108 (1380 bytes)] [Frame: 2523, payload: 14109-15488 (1380 bytes)] [Frame: 2524, payload: 15489-16868 (1380 bytes)] [Frame: 2526, payload: 16869-18248 (1380 bytes)] [Frame: 2527, payload: 18249-19628 (1380 bytes)] [Frame: 2529, payload: 19629-21008 (1380 bytes)] [Frame: 2530, payload: 21009-22388 (1380 bytes)] [Frame: 2532, payload: 22389-23768 (1380 bytes)] [Frame: 2533, payload: 23769-25148 (1380 bytes)] [Frame: 2535, payload: 25149-26528 (1380 bytes)] [Frame: 2536, payload: 26529-27908 (1380 bytes)] [Frame: 2538, payload: 27909-29288 (1380 bytes)] [Frame: 2541, payload: 29289-30668 (1380 bytes)] [Frame: 2543, payload: 30669-32048 (1380 bytes)] [Frame: 2544, payload: 32049-33428 (1380 bytes)] [Frame: 2546, payload: 33429-34808 (1380 bytes)] [Frame: 2547, payload: 34809-36188 (1380 bytes)] [Frame: 2549, payload: 36189-37568 (1380 bytes)] [Frame: 2550, payload: 37569-38948 (1380 bytes)] [Frame: 2552, payload: 38949-40328 (1380 bytes)] [Frame: 2553, payload: 40329-41708 (1380 bytes)] [Frame: 2555, payload: 41709-43088 (1380 bytes)] [Frame: 2556, payload: 43089-44468 (1380 bytes)] [Frame: 2558, payload: 44469-45848 (1380 bytes)] [Frame: 2559, payload: 45849-47228 (1380 bytes)] [Frame: 2561, payload: 47229-48608 (1380 bytes)] [Frame: 2562, payload: 48609-49988 (1380 bytes)] [Frame: 2565, payload: 49989-51368 (1380 bytes)] [Frame: 2566, payload: 51369-52748 (1380 bytes)] [Frame: 2568, payload: 52749-54128 (1380 bytes)] [Frame: 2569, payload: 54129-55508 (1380 bytes)] [Frame: 2571, payload: 55509-56888 (1380 bytes)] [Frame: 2572, payload: 56889-58268 (1380 bytes)] [Frame: 2574, payload: 58269-58300 (32 bytes)] [Segment count: 47] [Reassembled TCP length: 58301] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:38 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57961\r\n [Content length: 57961] Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:38 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6507 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2576 2012-06-20 08:38:57.500006 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 2576: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:57.500006000 GMT Daylight Time Epoch Time: 1340177937.500006000 seconds [Time delta from previous captured frame: 0.000104000 seconds] [Time delta from previous displayed frame: 0.000435000 seconds] [Time since reference or first frame: 29.478220000 seconds] Frame Number: 2576 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x25ab (9643) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd624 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 662, Ack: 58302, Len: 237 Source port: vrcommerce (2530) Destination port: http (80) [Stream index: 32] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 58302 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xfc55 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2575(199), #2576(237)] [Frame: 2575, payload: 0-198 (199 bytes)] [Frame: 2576, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2656 2012-06-20 08:38:57.982060 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2656: 650 bytes on wire (5200 bits), 650 bytes captured (5200 bits) Arrival Time: Jun 20, 2012 08:38:57.982060000 GMT Daylight Time Epoch Time: 1340177937.982060000 seconds [Time delta from previous captured frame: 0.000007000 seconds] [Time delta from previous displayed frame: 0.482054000 seconds] [Time since reference or first frame: 29.960274000 seconds] Frame Number: 2656 Frame Length: 650 bytes (5200 bits) Capture Length: 650 bytes (5200 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 636 Identification: 0x0371 (881) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x42f8 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vrcommerce (2530), Seq: 116007, Ack: 899, Len: 596 Source port: http (80) Destination port: vrcommerce (2530) [Stream index: 32] Sequence number: 116007 (relative sequence number) [Next sequence number: 116603 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x763c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 596] TCP segment data (596 bytes) [47 Reassembled TCP Segments (58301 bytes): #2585(1380), #2586(1380), #2588(1380), #2589(241), #2591(1380), #2592(1380), #2594(1380), #2595(1380), #2597(272), #2598(1380), #2600(1380), #2601(136), #2603(1380), #2604(1380), #2606(1380), #260] [Frame: 2585, payload: 0-1379 (1380 bytes)] [Frame: 2586, payload: 1380-2759 (1380 bytes)] [Frame: 2588, payload: 2760-4139 (1380 bytes)] [Frame: 2589, payload: 4140-4380 (241 bytes)] [Frame: 2591, payload: 4381-5760 (1380 bytes)] [Frame: 2592, payload: 5761-7140 (1380 bytes)] [Frame: 2594, payload: 7141-8520 (1380 bytes)] [Frame: 2595, payload: 8521-9900 (1380 bytes)] [Frame: 2597, payload: 9901-10172 (272 bytes)] [Frame: 2598, payload: 10173-11552 (1380 bytes)] [Frame: 2600, payload: 11553-12932 (1380 bytes)] [Frame: 2601, payload: 12933-13068 (136 bytes)] [Frame: 2603, payload: 13069-14448 (1380 bytes)] [Frame: 2604, payload: 14449-15828 (1380 bytes)] [Frame: 2606, payload: 15829-17208 (1380 bytes)] [Frame: 2607, payload: 17209-17412 (204 bytes)] [Frame: 2609, payload: 17413-18792 (1380 bytes)] [Frame: 2610, payload: 18793-20172 (1380 bytes)] [Frame: 2612, payload: 20173-21552 (1380 bytes)] [Frame: 2613, payload: 21553-22932 (1380 bytes)] [Frame: 2615, payload: 22933-23204 (272 bytes)] [Frame: 2616, payload: 23205-24584 (1380 bytes)] [Frame: 2618, payload: 24585-25964 (1380 bytes)] [Frame: 2619, payload: 25965-27344 (1380 bytes)] [Frame: 2621, payload: 27345-28724 (1380 bytes)] [Frame: 2622, payload: 28725-30104 (1380 bytes)] [Frame: 2626, payload: 30105-31484 (1380 bytes)] [Frame: 2627, payload: 31485-32864 (1380 bytes)] [Frame: 2629, payload: 32865-34244 (1380 bytes)] [Frame: 2630, payload: 34245-35624 (1380 bytes)] [Frame: 2632, payload: 35625-37004 (1380 bytes)] [Frame: 2633, payload: 37005-38384 (1380 bytes)] [Frame: 2635, payload: 38385-39764 (1380 bytes)] [Frame: 2636, payload: 39765-41144 (1380 bytes)] [Frame: 2638, payload: 41145-42524 (1380 bytes)] [Frame: 2639, payload: 42525-43904 (1380 bytes)] [Frame: 2641, payload: 43905-45284 (1380 bytes)] [Frame: 2642, payload: 45285-46664 (1380 bytes)] [Frame: 2644, payload: 46665-48044 (1380 bytes)] [Frame: 2645, payload: 48045-49424 (1380 bytes)] [Frame: 2647, payload: 49425-50804 (1380 bytes)] [Frame: 2648, payload: 50805-52184 (1380 bytes)] [Frame: 2650, payload: 52185-53564 (1380 bytes)] [Frame: 2651, payload: 53565-54944 (1380 bytes)] [Frame: 2653, payload: 54945-56324 (1380 bytes)] [Frame: 2654, payload: 56325-57704 (1380 bytes)] [Frame: 2656, payload: 57705-58300 (596 bytes)] [Segment count: 47] [Reassembled TCP length: 58301] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:38 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57961\r\n [Content length: 57961] Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:38 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6507 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2658 2012-06-20 08:38:57.982379 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 2658: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:57.982379000 GMT Daylight Time Epoch Time: 1340177937.982379000 seconds [Time delta from previous captured frame: 0.000051000 seconds] [Time delta from previous displayed frame: 0.000319000 seconds] [Time since reference or first frame: 29.960593000 seconds] Frame Number: 2658 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x25c4 (9668) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd60b [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 1098, Ack: 116603, Len: 237 Source port: vrcommerce (2530) Destination port: http (80) [Stream index: 32] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 116603 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x16e6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2657(199), #2658(237)] [Frame: 2657, payload: 0-198 (199 bytes)] [Frame: 2658, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 2734 2012-06-20 08:38:58.432747 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2734: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) Arrival Time: Jun 20, 2012 08:38:58.432747000 GMT Daylight Time Epoch Time: 1340177938.432747000 seconds [Time delta from previous captured frame: 0.000025000 seconds] [Time delta from previous displayed frame: 0.450368000 seconds] [Time since reference or first frame: 30.410961000 seconds] Frame Number: 2734 Frame Length: 174 bytes (1392 bits) Capture Length: 174 bytes (1392 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 160 Identification: 0x03a3 (931) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x44a2 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vrcommerce (2530), Seq: 174784, Ack: 1335, Len: 120 Source port: http (80) Destination port: vrcommerce (2530) [Stream index: 32] Sequence number: 174784 (relative sequence number) [Next sequence number: 174904 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x305b [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1500] TCP segment data (120 bytes) [48 Reassembled TCP Segments (58301 bytes): #2664(1380), #2665(105), #2667(1380), #2668(1380), #2670(136), #2671(1380), #2673(1380), #2674(1380), #2676(1380), #2677(1380), #2679(340), #2680(1380), #2682(1380), #2683(136), #2685(1380), #2686] [Frame: 2664, payload: 0-1379 (1380 bytes)] [Frame: 2665, payload: 1380-1484 (105 bytes)] [Frame: 2667, payload: 1485-2864 (1380 bytes)] [Frame: 2668, payload: 2865-4244 (1380 bytes)] [Frame: 2670, payload: 4245-4380 (136 bytes)] [Frame: 2671, payload: 4381-5760 (1380 bytes)] [Frame: 2673, payload: 5761-7140 (1380 bytes)] [Frame: 2674, payload: 7141-8520 (1380 bytes)] [Frame: 2676, payload: 8521-9900 (1380 bytes)] [Frame: 2677, payload: 9901-11280 (1380 bytes)] [Frame: 2679, payload: 11281-11620 (340 bytes)] [Frame: 2680, payload: 11621-13000 (1380 bytes)] [Frame: 2682, payload: 13001-14380 (1380 bytes)] [Frame: 2683, payload: 14381-14516 (136 bytes)] [Frame: 2685, payload: 14517-15896 (1380 bytes)] [Frame: 2686, payload: 15897-17276 (1380 bytes)] [Frame: 2688, payload: 17277-18656 (1380 bytes)] [Frame: 2689, payload: 18657-20036 (1380 bytes)] [Frame: 2691, payload: 20037-21416 (1380 bytes)] [Frame: 2692, payload: 21417-22796 (1380 bytes)] [Frame: 2694, payload: 22797-24176 (1380 bytes)] [Frame: 2695, payload: 24177-24652 (476 bytes)] [Frame: 2697, payload: 24653-26032 (1380 bytes)] [Frame: 2698, payload: 26033-27412 (1380 bytes)] [Frame: 2700, payload: 27413-28792 (1380 bytes)] [Frame: 2701, payload: 28793-30172 (1380 bytes)] [Frame: 2703, payload: 30173-31552 (1380 bytes)] [Frame: 2704, payload: 31553-32932 (1380 bytes)] [Frame: 2706, payload: 32933-33340 (408 bytes)] [Frame: 2707, payload: 33341-34720 (1380 bytes)] [Frame: 2709, payload: 34721-36100 (1380 bytes)] [Frame: 2710, payload: 36101-37480 (1380 bytes)] [Frame: 2712, payload: 37481-38860 (1380 bytes)] [Frame: 2713, payload: 38861-40240 (1380 bytes)] [Frame: 2715, payload: 40241-41620 (1380 bytes)] [Frame: 2716, payload: 41621-43000 (1380 bytes)] [Frame: 2718, payload: 43001-44380 (1380 bytes)] [Frame: 2719, payload: 44381-45760 (1380 bytes)] [Frame: 2721, payload: 45761-47140 (1380 bytes)] [Frame: 2722, payload: 47141-48520 (1380 bytes)] [Frame: 2724, payload: 48521-49900 (1380 bytes)] [Frame: 2725, payload: 49901-51280 (1380 bytes)] [Frame: 2727, payload: 51281-52660 (1380 bytes)] [Frame: 2728, payload: 52661-54040 (1380 bytes)] [Frame: 2730, payload: 54041-55420 (1380 bytes)] [Frame: 2731, payload: 55421-56800 (1380 bytes)] [Frame: 2733, payload: 56801-58180 (1380 bytes)] [Frame: 2734, payload: 58181-58300 (120 bytes)] [Segment count: 48] [Reassembled TCP length: 58301] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:39 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57961\r\n [Content length: 57961] Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:39 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6507 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2736 2012-06-20 08:38:58.433022 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 2736: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:38:58.433022000 GMT Daylight Time Epoch Time: 1340177938.433022000 seconds [Time delta from previous captured frame: 0.000252000 seconds] [Time delta from previous displayed frame: 0.000275000 seconds] [Time since reference or first frame: 30.411236000 seconds] Frame Number: 2736 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x25dd (9693) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd65a [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 1335, Ack: 174904, Len: 133 Source port: vrcommerce (2530) Destination port: http (80) [Stream index: 32] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 174904 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x61b6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] No. Time Source Destination Protocol Info 2748 2012-06-20 08:38:58.704220 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 2748: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:58.704220000 GMT Daylight Time Epoch Time: 1340177938.704220000 seconds [Time delta from previous captured frame: 0.000102000 seconds] [Time delta from previous displayed frame: 0.271198000 seconds] [Time since reference or first frame: 30.682434000 seconds] Frame Number: 2748 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x25e3 (9699) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd5ec [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: ito-e-gui (2531) Destination port: http (80) [Stream index: 33] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x8df5 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #2747(225), #2748(237)] [Frame: 2747, payload: 0-224 (225 bytes)] [Frame: 2748, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 2820 2012-06-20 08:38:59.442036 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2820: 726 bytes on wire (5808 bits), 726 bytes captured (5808 bits) Arrival Time: Jun 20, 2012 08:38:59.442036000 GMT Daylight Time Epoch Time: 1340177939.442036000 seconds [Time delta from previous captured frame: 0.000099000 seconds] [Time delta from previous displayed frame: 0.737816000 seconds] [Time since reference or first frame: 31.420250000 seconds] Frame Number: 2820 Frame Length: 726 bytes (5808 bits) Capture Length: 726 bytes (5808 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 712 Identification: 0x745f (29791) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xd1bd [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ito-e-gui (2531), Seq: 57094, Ack: 463, Len: 672 Source port: http (80) Destination port: ito-e-gui (2531) [Stream index: 33] Sequence number: 57094 (relative sequence number) [Next sequence number: 57766 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x4c94 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 672] TCP segment data (672 bytes) [43 Reassembled TCP Segments (57765 bytes): #2754(1380), #2755(1380), #2757(1380), #2758(1380), #2760(1380), #2761(1380), #2763(1380), #2764(513), #2766(1380), #2767(1380), #2769(1380), #2770(1380), #2772(1380), #2773(1380), #2775(1380), #2] [Frame: 2754, payload: 0-1379 (1380 bytes)] [Frame: 2755, payload: 1380-2759 (1380 bytes)] [Frame: 2757, payload: 2760-4139 (1380 bytes)] [Frame: 2758, payload: 4140-5519 (1380 bytes)] [Frame: 2760, payload: 5520-6899 (1380 bytes)] [Frame: 2761, payload: 6900-8279 (1380 bytes)] [Frame: 2763, payload: 8280-9659 (1380 bytes)] [Frame: 2764, payload: 9660-10172 (513 bytes)] [Frame: 2766, payload: 10173-11552 (1380 bytes)] [Frame: 2767, payload: 11553-12932 (1380 bytes)] [Frame: 2769, payload: 12933-14312 (1380 bytes)] [Frame: 2770, payload: 14313-15692 (1380 bytes)] [Frame: 2772, payload: 15693-17072 (1380 bytes)] [Frame: 2773, payload: 17073-18452 (1380 bytes)] [Frame: 2775, payload: 18453-19832 (1380 bytes)] [Frame: 2776, payload: 19833-21212 (1380 bytes)] [Frame: 2778, payload: 21213-22592 (1380 bytes)] [Frame: 2779, payload: 22593-23972 (1380 bytes)] [Frame: 2781, payload: 23973-25352 (1380 bytes)] [Frame: 2782, payload: 25353-26732 (1380 bytes)] [Frame: 2784, payload: 26733-28112 (1380 bytes)] [Frame: 2785, payload: 28113-29492 (1380 bytes)] [Frame: 2787, payload: 29493-30872 (1380 bytes)] [Frame: 2788, payload: 30873-32252 (1380 bytes)] [Frame: 2790, payload: 32253-33632 (1380 bytes)] [Frame: 2793, payload: 33633-35012 (1380 bytes)] [Frame: 2795, payload: 35013-36392 (1380 bytes)] [Frame: 2796, payload: 36393-37772 (1380 bytes)] [Frame: 2798, payload: 37773-39152 (1380 bytes)] [Frame: 2799, payload: 39153-40532 (1380 bytes)] [Frame: 2801, payload: 40533-41912 (1380 bytes)] [Frame: 2802, payload: 41913-43292 (1380 bytes)] [Frame: 2804, payload: 43293-44672 (1380 bytes)] [Frame: 2805, payload: 44673-46052 (1380 bytes)] [Frame: 2807, payload: 46053-47432 (1380 bytes)] [Frame: 2808, payload: 47433-48812 (1380 bytes)] [Frame: 2810, payload: 48813-50192 (1380 bytes)] [Frame: 2811, payload: 50193-51572 (1380 bytes)] [Frame: 2813, payload: 51573-52952 (1380 bytes)] [Frame: 2814, payload: 52953-54332 (1380 bytes)] [Frame: 2817, payload: 54333-55712 (1380 bytes)] [Frame: 2818, payload: 55713-57092 (1380 bytes)] [Frame: 2820, payload: 57093-57764 (672 bytes)] [Segment count: 43] [Reassembled TCP length: 57765] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:40 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57425\r\n [Content length: 57425] Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:40 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 79\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5969 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 458 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2822 2012-06-20 08:38:59.442509 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 2822: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:59.442509000 GMT Daylight Time Epoch Time: 1340177939.442509000 seconds [Time delta from previous captured frame: 0.000133000 seconds] [Time delta from previous displayed frame: 0.000473000 seconds] [Time since reference or first frame: 31.420723000 seconds] Frame Number: 2822 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x25fa (9722) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd5d5 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 662, Ack: 57766, Len: 237 Source port: ito-e-gui (2531) Destination port: http (80) [Stream index: 33] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 57766 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0xaa9d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2821(199), #2822(237)] [Frame: 2821, payload: 0-198 (199 bytes)] [Frame: 2822, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 2893 2012-06-20 08:38:59.918142 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2893: 1222 bytes on wire (9776 bits), 1222 bytes captured (9776 bits) Arrival Time: Jun 20, 2012 08:38:59.918142000 GMT Daylight Time Epoch Time: 1340177939.918142000 seconds [Time delta from previous captured frame: 0.000090000 seconds] [Time delta from previous displayed frame: 0.475633000 seconds] [Time since reference or first frame: 31.896356000 seconds] Frame Number: 2893 Frame Length: 1222 bytes (9776 bits) Capture Length: 1222 bytes (9776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1208 Identification: 0x748d (29837) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xcf9f [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ito-e-gui (2531), Seq: 114363, Ack: 899, Len: 1168 Source port: http (80) Destination port: ito-e-gui (2531) [Stream index: 33] Sequence number: 114363 (relative sequence number) [Next sequence number: 115531 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x9eb2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2548] TCP segment data (1168 bytes) [44 Reassembled TCP Segments (57765 bytes): #2829(1380), #2830(1380), #2832(1380), #2833(1380), #2835(1380), #2836(1380), #2838(1380), #2839(1380), #2841(581), #2842(1380), #2844(1380), #2845(136), #2847(1380), #2848(1380), #2850(1380), #28] [Frame: 2829, payload: 0-1379 (1380 bytes)] [Frame: 2830, payload: 1380-2759 (1380 bytes)] [Frame: 2832, payload: 2760-4139 (1380 bytes)] [Frame: 2833, payload: 4140-5519 (1380 bytes)] [Frame: 2835, payload: 5520-6899 (1380 bytes)] [Frame: 2836, payload: 6900-8279 (1380 bytes)] [Frame: 2838, payload: 8280-9659 (1380 bytes)] [Frame: 2839, payload: 9660-11039 (1380 bytes)] [Frame: 2841, payload: 11040-11620 (581 bytes)] [Frame: 2842, payload: 11621-13000 (1380 bytes)] [Frame: 2844, payload: 13001-14380 (1380 bytes)] [Frame: 2845, payload: 14381-14516 (136 bytes)] [Frame: 2847, payload: 14517-15896 (1380 bytes)] [Frame: 2848, payload: 15897-17276 (1380 bytes)] [Frame: 2850, payload: 17277-18656 (1380 bytes)] [Frame: 2851, payload: 18657-20036 (1380 bytes)] [Frame: 2853, payload: 20037-21416 (1380 bytes)] [Frame: 2854, payload: 21417-22796 (1380 bytes)] [Frame: 2856, payload: 22797-24176 (1380 bytes)] [Frame: 2857, payload: 24177-25556 (1380 bytes)] [Frame: 2859, payload: 25557-26936 (1380 bytes)] [Frame: 2860, payload: 26937-28316 (1380 bytes)] [Frame: 2862, payload: 28317-28996 (680 bytes)] [Frame: 2863, payload: 28997-30376 (1380 bytes)] [Frame: 2865, payload: 30377-31756 (1380 bytes)] [Frame: 2866, payload: 31757-33136 (1380 bytes)] [Frame: 2868, payload: 33137-34516 (1380 bytes)] [Frame: 2869, payload: 34517-35896 (1380 bytes)] [Frame: 2871, payload: 35897-37276 (1380 bytes)] [Frame: 2872, payload: 37277-38656 (1380 bytes)] [Frame: 2874, payload: 38657-40036 (1380 bytes)] [Frame: 2875, payload: 40037-41416 (1380 bytes)] [Frame: 2877, payload: 41417-42796 (1380 bytes)] [Frame: 2878, payload: 42797-44176 (1380 bytes)] [Frame: 2880, payload: 44177-45556 (1380 bytes)] [Frame: 2881, payload: 45557-46936 (1380 bytes)] [Frame: 2883, payload: 46937-48316 (1380 bytes)] [Frame: 2884, payload: 48317-49696 (1380 bytes)] [Frame: 2886, payload: 49697-51076 (1380 bytes)] [Frame: 2887, payload: 51077-52456 (1380 bytes)] [Frame: 2889, payload: 52457-53836 (1380 bytes)] [Frame: 2890, payload: 53837-55216 (1380 bytes)] [Frame: 2892, payload: 55217-56596 (1380 bytes)] [Frame: 2893, payload: 56597-57764 (1168 bytes)] [Segment count: 44] [Reassembled TCP length: 57765] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:40 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57425\r\n [Content length: 57425] Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:40 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 79\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5969 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 458 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2896 2012-06-20 08:38:59.918454 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 2896: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:38:59.918454000 GMT Daylight Time Epoch Time: 1340177939.918454000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000312000 seconds] [Time since reference or first frame: 31.896668000 seconds] Frame Number: 2896 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2612 (9746) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd5bd [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 1098, Ack: 115531, Len: 237 Source port: ito-e-gui (2531) Destination port: http (80) [Stream index: 33] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 115531 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc741 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #2895(199), #2896(237)] [Frame: 2895, payload: 0-198 (199 bytes)] [Frame: 2896, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 2968 2012-06-20 08:39:00.377041 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 2968: 542 bytes on wire (4336 bits), 542 bytes captured (4336 bits) Arrival Time: Jun 20, 2012 08:39:00.377041000 GMT Daylight Time Epoch Time: 1340177940.377041000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.458587000 seconds] [Time since reference or first frame: 32.355255000 seconds] Frame Number: 2968 Frame Length: 542 bytes (4336 bits) Capture Length: 542 bytes (4336 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 528 Identification: 0x74bc (29884) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xd218 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ito-e-gui (2531), Seq: 172808, Ack: 1335, Len: 488 Source port: http (80) Destination port: ito-e-gui (2531) [Stream index: 33] Sequence number: 172808 (relative sequence number) [Next sequence number: 173296 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x6f63 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 488] TCP segment data (488 bytes) [45 Reassembled TCP Segments (57765 bytes): #2901(1380), #2902(1380), #2904(1380), #2905(1380), #2907(1380), #2908(1380), #2910(445), #2911(1380), #2913(1380), #2914(1380), #2916(1380), #2917(272), #2919(1380), #2920(1380), #2922(1380), #29] [Frame: 2901, payload: 0-1379 (1380 bytes)] [Frame: 2902, payload: 1380-2759 (1380 bytes)] [Frame: 2904, payload: 2760-4139 (1380 bytes)] [Frame: 2905, payload: 4140-5519 (1380 bytes)] [Frame: 2907, payload: 5520-6899 (1380 bytes)] [Frame: 2908, payload: 6900-8279 (1380 bytes)] [Frame: 2910, payload: 8280-8724 (445 bytes)] [Frame: 2911, payload: 8725-10104 (1380 bytes)] [Frame: 2913, payload: 10105-11484 (1380 bytes)] [Frame: 2914, payload: 11485-12864 (1380 bytes)] [Frame: 2916, payload: 12865-14244 (1380 bytes)] [Frame: 2917, payload: 14245-14516 (272 bytes)] [Frame: 2919, payload: 14517-15896 (1380 bytes)] [Frame: 2920, payload: 15897-17276 (1380 bytes)] [Frame: 2922, payload: 17277-18656 (1380 bytes)] [Frame: 2923, payload: 18657-20036 (1380 bytes)] [Frame: 2925, payload: 20037-21416 (1380 bytes)] [Frame: 2926, payload: 21417-22796 (1380 bytes)] [Frame: 2928, payload: 22797-24176 (1380 bytes)] [Frame: 2929, payload: 24177-25556 (1380 bytes)] [Frame: 2931, payload: 25557-26936 (1380 bytes)] [Frame: 2932, payload: 26937-28316 (1380 bytes)] [Frame: 2934, payload: 28317-28996 (680 bytes)] [Frame: 2935, payload: 28997-30376 (1380 bytes)] [Frame: 2937, payload: 30377-31756 (1380 bytes)] [Frame: 2938, payload: 31757-33136 (1380 bytes)] [Frame: 2940, payload: 33137-34516 (1380 bytes)] [Frame: 2941, payload: 34517-35896 (1380 bytes)] [Frame: 2943, payload: 35897-37276 (1380 bytes)] [Frame: 2944, payload: 37277-38656 (1380 bytes)] [Frame: 2946, payload: 38657-40036 (1380 bytes)] [Frame: 2947, payload: 40037-41416 (1380 bytes)] [Frame: 2949, payload: 41417-42796 (1380 bytes)] [Frame: 2950, payload: 42797-43476 (680 bytes)] [Frame: 2953, payload: 43477-44856 (1380 bytes)] [Frame: 2954, payload: 44857-46236 (1380 bytes)] [Frame: 2956, payload: 46237-47616 (1380 bytes)] [Frame: 2957, payload: 47617-48996 (1380 bytes)] [Frame: 2959, payload: 48997-50376 (1380 bytes)] [Frame: 2960, payload: 50377-51756 (1380 bytes)] [Frame: 2962, payload: 51757-53136 (1380 bytes)] [Frame: 2963, payload: 53137-54516 (1380 bytes)] [Frame: 2965, payload: 54517-55896 (1380 bytes)] [Frame: 2966, payload: 55897-57276 (1380 bytes)] [Frame: 2968, payload: 57277-57764 (488 bytes)] [Segment count: 45] [Reassembled TCP length: 57765] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:41 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57425\r\n [Content length: 57425] Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:41 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 79\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5969 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 458 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 2969 2012-06-20 08:39:00.377338 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 2969: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:00.377338000 GMT Daylight Time Epoch Time: 1340177940.377338000 seconds [Time delta from previous captured frame: 0.000297000 seconds] [Time delta from previous displayed frame: 0.000297000 seconds] [Time since reference or first frame: 32.355552000 seconds] Frame Number: 2969 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2629 (9769) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd60e [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 1335, Ack: 173296, Len: 133 Source port: ito-e-gui (2531) Destination port: http (80) [Stream index: 33] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 173296 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x0e32 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2968] [The RTT to ACK the segment was: 0.000297000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] No. Time Source Destination Protocol Info 2983 2012-06-20 08:39:00.650604 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 2983: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:00.650604000 GMT Daylight Time Epoch Time: 1340177940.650604000 seconds [Time delta from previous captured frame: 0.000127000 seconds] [Time delta from previous displayed frame: 0.273266000 seconds] [Time since reference or first frame: 32.628818000 seconds] Frame Number: 2983 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x262f (9775) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd5a0 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: ovtopmd (2532) Destination port: http (80) [Stream index: 34] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x97a3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #2982(225), #2983(237)] [Frame: 2982, payload: 0-224 (225 bytes)] [Frame: 2983, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3059 2012-06-20 08:39:01.394506 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3059: 1351 bytes on wire (10808 bits), 1351 bytes captured (10808 bits) Arrival Time: Jun 20, 2012 08:39:01.394506000 GMT Daylight Time Epoch Time: 1340177941.394506000 seconds [Time delta from previous captured frame: 0.000009000 seconds] [Time delta from previous displayed frame: 0.743902000 seconds] [Time since reference or first frame: 33.372720000 seconds] Frame Number: 3059 Frame Length: 1351 bytes (10808 bits) Capture Length: 1351 bytes (10808 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1337 Identification: 0x37b8 (14264) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0bf4 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ovtopmd (2532), Seq: 60721, Ack: 463, Len: 1297 Source port: http (80) Destination port: ovtopmd (2532) [Stream index: 34] Sequence number: 60721 (relative sequence number) [Next sequence number: 62018 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x571c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1297] TCP segment data (1297 bytes) [45 Reassembled TCP Segments (62017 bytes): #2986(1380), #2987(1380), #2989(1380), #2990(1380), #2992(1380), #2993(1380), #2995(1380), #2996(1380), #2998(1380), #2999(1380), #3005(1380), #3006(1380), #3008(1380), #3009(1380), #3011(1380), #] [Frame: 2986, payload: 0-1379 (1380 bytes)] [Frame: 2987, payload: 1380-2759 (1380 bytes)] [Frame: 2989, payload: 2760-4139 (1380 bytes)] [Frame: 2990, payload: 4140-5519 (1380 bytes)] [Frame: 2992, payload: 5520-6899 (1380 bytes)] [Frame: 2993, payload: 6900-8279 (1380 bytes)] [Frame: 2995, payload: 8280-9659 (1380 bytes)] [Frame: 2996, payload: 9660-11039 (1380 bytes)] [Frame: 2998, payload: 11040-12419 (1380 bytes)] [Frame: 2999, payload: 12420-13799 (1380 bytes)] [Frame: 3005, payload: 13800-15179 (1380 bytes)] [Frame: 3006, payload: 15180-16559 (1380 bytes)] [Frame: 3008, payload: 16560-17939 (1380 bytes)] [Frame: 3009, payload: 17940-19319 (1380 bytes)] [Frame: 3011, payload: 19320-20699 (1380 bytes)] [Frame: 3012, payload: 20700-22079 (1380 bytes)] [Frame: 3014, payload: 22080-23459 (1380 bytes)] [Frame: 3015, payload: 23460-24839 (1380 bytes)] [Frame: 3017, payload: 24840-26219 (1380 bytes)] [Frame: 3018, payload: 26220-27599 (1380 bytes)] [Frame: 3020, payload: 27600-28979 (1380 bytes)] [Frame: 3021, payload: 28980-30359 (1380 bytes)] [Frame: 3025, payload: 30360-31739 (1380 bytes)] [Frame: 3026, payload: 31740-33119 (1380 bytes)] [Frame: 3028, payload: 33120-34499 (1380 bytes)] [Frame: 3029, payload: 34500-35879 (1380 bytes)] [Frame: 3031, payload: 35880-37259 (1380 bytes)] [Frame: 3032, payload: 37260-38639 (1380 bytes)] [Frame: 3034, payload: 38640-40019 (1380 bytes)] [Frame: 3035, payload: 40020-41399 (1380 bytes)] [Frame: 3037, payload: 41400-42779 (1380 bytes)] [Frame: 3038, payload: 42780-44159 (1380 bytes)] [Frame: 3040, payload: 44160-45539 (1380 bytes)] [Frame: 3041, payload: 45540-46919 (1380 bytes)] [Frame: 3043, payload: 46920-48299 (1380 bytes)] [Frame: 3044, payload: 48300-49679 (1380 bytes)] [Frame: 3046, payload: 49680-51059 (1380 bytes)] [Frame: 3047, payload: 51060-52439 (1380 bytes)] [Frame: 3049, payload: 52440-53819 (1380 bytes)] [Frame: 3050, payload: 53820-55199 (1380 bytes)] [Frame: 3053, payload: 55200-56579 (1380 bytes)] [Frame: 3054, payload: 56580-57959 (1380 bytes)] [Frame: 3056, payload: 57960-59339 (1380 bytes)] [Frame: 3057, payload: 59340-60719 (1380 bytes)] [Frame: 3059, payload: 60720-62016 (1297 bytes)] [Segment count: 45] [Reassembled TCP length: 62017] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:42 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 61677\r\n [Content length: 61677] Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:42 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7157 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 476 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3061 2012-06-20 08:39:01.394961 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 3061: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:01.394961000 GMT Daylight Time Epoch Time: 1340177941.394961000 seconds [Time delta from previous captured frame: 0.000132000 seconds] [Time delta from previous displayed frame: 0.000455000 seconds] [Time since reference or first frame: 33.373175000 seconds] Frame Number: 3061 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2647 (9799) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd588 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 662, Ack: 62018, Len: 237 Source port: ovtopmd (2532) Destination port: http (80) [Stream index: 34] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 62018 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0xa3b2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #3060(199), #3061(237)] [Frame: 3060, payload: 0-198 (199 bytes)] [Frame: 3061, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3140 2012-06-20 08:39:01.854160 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3140: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits) Arrival Time: Jun 20, 2012 08:39:01.854160000 GMT Daylight Time Epoch Time: 1340177941.854160000 seconds [Time delta from previous captured frame: 0.000008000 seconds] [Time delta from previous displayed frame: 0.459199000 seconds] [Time since reference or first frame: 33.832374000 seconds] Frame Number: 3140 Frame Length: 362 bytes (2896 bits) Capture Length: 362 bytes (2896 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 348 Identification: 0x37ea (14314) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0f9f [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ovtopmd (2532), Seq: 123727, Ack: 899, Len: 308 Source port: http (80) Destination port: ovtopmd (2532) [Stream index: 34] Sequence number: 123727 (relative sequence number) [Next sequence number: 124035 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x1eef [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1688] TCP segment data (308 bytes) [48 Reassembled TCP Segments (62017 bytes): #3069(1380), #3070(1380), #3072(1380), #3073(1380), #3075(309), #3076(1380), #3078(1380), #3079(1380), #3081(1380), #3082(1380), #3084(1380), #3085(408), #3087(1380), #3088(1380), #3090(1380), #30] [Frame: 3069, payload: 0-1379 (1380 bytes)] [Frame: 3070, payload: 1380-2759 (1380 bytes)] [Frame: 3072, payload: 2760-4139 (1380 bytes)] [Frame: 3073, payload: 4140-5519 (1380 bytes)] [Frame: 3075, payload: 5520-5828 (309 bytes)] [Frame: 3076, payload: 5829-7208 (1380 bytes)] [Frame: 3078, payload: 7209-8588 (1380 bytes)] [Frame: 3079, payload: 8589-9968 (1380 bytes)] [Frame: 3081, payload: 9969-11348 (1380 bytes)] [Frame: 3082, payload: 11349-12728 (1380 bytes)] [Frame: 3084, payload: 12729-14108 (1380 bytes)] [Frame: 3085, payload: 14109-14516 (408 bytes)] [Frame: 3087, payload: 14517-15896 (1380 bytes)] [Frame: 3088, payload: 15897-17276 (1380 bytes)] [Frame: 3090, payload: 17277-18656 (1380 bytes)] [Frame: 3091, payload: 18657-20036 (1380 bytes)] [Frame: 3093, payload: 20037-20308 (272 bytes)] [Frame: 3094, payload: 20309-21688 (1380 bytes)] [Frame: 3096, payload: 21689-23068 (1380 bytes)] [Frame: 3097, payload: 23069-24448 (1380 bytes)] [Frame: 3099, payload: 24449-25828 (1380 bytes)] [Frame: 3100, payload: 25829-27208 (1380 bytes)] [Frame: 3102, payload: 27209-28588 (1380 bytes)] [Frame: 3103, payload: 28589-29968 (1380 bytes)] [Frame: 3105, payload: 29969-31348 (1380 bytes)] [Frame: 3107, payload: 31349-32728 (1380 bytes)] [Frame: 3109, payload: 32729-34108 (1380 bytes)] [Frame: 3110, payload: 34109-35488 (1380 bytes)] [Frame: 3112, payload: 35489-36868 (1380 bytes)] [Frame: 3113, payload: 36869-38248 (1380 bytes)] [Frame: 3115, payload: 38249-39628 (1380 bytes)] [Frame: 3116, payload: 39629-41008 (1380 bytes)] [Frame: 3118, payload: 41009-42388 (1380 bytes)] [Frame: 3119, payload: 42389-43768 (1380 bytes)] [Frame: 3121, payload: 43769-45148 (1380 bytes)] [Frame: 3122, payload: 45149-46528 (1380 bytes)] [Frame: 3124, payload: 46529-47908 (1380 bytes)] [Frame: 3125, payload: 47909-49288 (1380 bytes)] [Frame: 3127, payload: 49289-50668 (1380 bytes)] [Frame: 3128, payload: 50669-52048 (1380 bytes)] [Frame: 3130, payload: 52049-53428 (1380 bytes)] [Frame: 3131, payload: 53429-54808 (1380 bytes)] [Frame: 3133, payload: 54809-56188 (1380 bytes)] [Frame: 3134, payload: 56189-57568 (1380 bytes)] [Frame: 3136, payload: 57569-58948 (1380 bytes)] [Frame: 3137, payload: 58949-60328 (1380 bytes)] [Frame: 3139, payload: 60329-61708 (1380 bytes)] [Frame: 3140, payload: 61709-62016 (308 bytes)] [Segment count: 48] [Reassembled TCP length: 62017] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:42 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 61677\r\n [Content length: 61677] Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:42 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7157 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 476 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3143 2012-06-20 08:39:01.854438 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 3143: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:01.854438000 GMT Daylight Time Epoch Time: 1340177941.854438000 seconds [Time delta from previous captured frame: 0.000039000 seconds] [Time delta from previous displayed frame: 0.000278000 seconds] [Time since reference or first frame: 33.832652000 seconds] Frame Number: 3143 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2661 (9825) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd56e [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 1098, Ack: 124035, Len: 237 Source port: ovtopmd (2532) Destination port: http (80) [Stream index: 34] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 124035 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xafb7 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #3142(199), #3143(237)] [Frame: 3142, payload: 0-198 (199 bytes)] [Frame: 3143, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3216 2012-06-20 08:39:02.292722 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3216: 858 bytes on wire (6864 bits), 858 bytes captured (6864 bits) Arrival Time: Jun 20, 2012 08:39:02.292722000 GMT Daylight Time Epoch Time: 1340177942.292722000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.438284000 seconds] [Time since reference or first frame: 34.270936000 seconds] Frame Number: 3216 Frame Length: 858 bytes (6864 bits) Capture Length: 858 bytes (6864 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 844 Identification: 0x381c (14364) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0d7d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ovtopmd (2532), Seq: 185248, Ack: 1335, Len: 804 Source port: http (80) Destination port: ovtopmd (2532) [Stream index: 34] Sequence number: 185248 (relative sequence number) [Next sequence number: 186052 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x9418 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2184] TCP segment data (804 bytes) [48 Reassembled TCP Segments (62017 bytes): #3146(1380), #3147(1380), #3149(1380), #3150(1380), #3152(1380), #3153(1380), #3155(445), #3156(1380), #3158(1380), #3159(1380), #3161(1380), #3162(272), #3164(1380), #3165(1380), #3167(1380), #31] [Frame: 3146, payload: 0-1379 (1380 bytes)] [Frame: 3147, payload: 1380-2759 (1380 bytes)] [Frame: 3149, payload: 2760-4139 (1380 bytes)] [Frame: 3150, payload: 4140-5519 (1380 bytes)] [Frame: 3152, payload: 5520-6899 (1380 bytes)] [Frame: 3153, payload: 6900-8279 (1380 bytes)] [Frame: 3155, payload: 8280-8724 (445 bytes)] [Frame: 3156, payload: 8725-10104 (1380 bytes)] [Frame: 3158, payload: 10105-11484 (1380 bytes)] [Frame: 3159, payload: 11485-12864 (1380 bytes)] [Frame: 3161, payload: 12865-14244 (1380 bytes)] [Frame: 3162, payload: 14245-14516 (272 bytes)] [Frame: 3164, payload: 14517-15896 (1380 bytes)] [Frame: 3165, payload: 15897-17276 (1380 bytes)] [Frame: 3167, payload: 17277-18656 (1380 bytes)] [Frame: 3168, payload: 18657-20036 (1380 bytes)] [Frame: 3170, payload: 20037-21416 (1380 bytes)] [Frame: 3171, payload: 21417-22796 (1380 bytes)] [Frame: 3173, payload: 22797-24176 (1380 bytes)] [Frame: 3174, payload: 24177-25556 (1380 bytes)] [Frame: 3176, payload: 25557-26936 (1380 bytes)] [Frame: 3177, payload: 26937-28316 (1380 bytes)] [Frame: 3179, payload: 28317-28996 (680 bytes)] [Frame: 3180, payload: 28997-30376 (1380 bytes)] [Frame: 3182, payload: 30377-31756 (1380 bytes)] [Frame: 3183, payload: 31757-33136 (1380 bytes)] [Frame: 3185, payload: 33137-34516 (1380 bytes)] [Frame: 3186, payload: 34517-35896 (1380 bytes)] [Frame: 3188, payload: 35897-37276 (1380 bytes)] [Frame: 3189, payload: 37277-38656 (1380 bytes)] [Frame: 3191, payload: 38657-39132 (476 bytes)] [Frame: 3192, payload: 39133-40512 (1380 bytes)] [Frame: 3194, payload: 40513-41892 (1380 bytes)] [Frame: 3195, payload: 41893-43272 (1380 bytes)] [Frame: 3197, payload: 43273-44652 (1380 bytes)] [Frame: 3198, payload: 44653-46032 (1380 bytes)] [Frame: 3200, payload: 46033-47412 (1380 bytes)] [Frame: 3201, payload: 47413-48792 (1380 bytes)] [Frame: 3203, payload: 48793-50172 (1380 bytes)] [Frame: 3204, payload: 50173-51552 (1380 bytes)] [Frame: 3206, payload: 51553-52932 (1380 bytes)] [Frame: 3207, payload: 52933-54312 (1380 bytes)] [Frame: 3209, payload: 54313-55692 (1380 bytes)] [Frame: 3210, payload: 55693-57072 (1380 bytes)] [Frame: 3212, payload: 57073-58452 (1380 bytes)] [Frame: 3213, payload: 58453-59832 (1380 bytes)] [Frame: 3215, payload: 59833-61212 (1380 bytes)] [Frame: 3216, payload: 61213-62016 (804 bytes)] [Segment count: 48] [Reassembled TCP length: 62017] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:43 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 61677\r\n [Content length: 61677] Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:43 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7157 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 476 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3218 2012-06-20 08:39:02.292981 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 3218: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:02.292981000 GMT Daylight Time Epoch Time: 1340177942.292981000 seconds [Time delta from previous captured frame: 0.000235000 seconds] [Time delta from previous displayed frame: 0.000259000 seconds] [Time since reference or first frame: 34.271195000 seconds] Frame Number: 3218 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x267a (9850) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd5bd [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 1335, Ack: 186052, Len: 133 Source port: ovtopmd (2532) Destination port: http (80) [Stream index: 34] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 186052 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xdd08 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] No. Time Source Destination Protocol Info 3231 2012-06-20 08:39:02.588467 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 3231: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:02.588467000 GMT Daylight Time Epoch Time: 1340177942.588467000 seconds [Time delta from previous captured frame: 0.000129000 seconds] [Time delta from previous displayed frame: 0.295486000 seconds] [Time since reference or first frame: 34.566681000 seconds] Frame Number: 3231 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2680 (9856) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd54f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237 Source port: snifferserver (2533) Destination port: http (80) [Stream index: 36] Sequence number: 227 (relative sequence number) [Next sequence number: 464 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x9c2c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 463] TCP segment data (237 bytes) [2 Reassembled TCP Segments (463 bytes): #3230(226), #3231(237)] [Frame: 3230, payload: 0-225 (226 bytes)] [Frame: 3231, payload: 226-462 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 463] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3292 2012-06-20 08:39:03.162505 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3292: 1110 bytes on wire (8880 bits), 1110 bytes captured (8880 bits) Arrival Time: Jun 20, 2012 08:39:03.162505000 GMT Daylight Time Epoch Time: 1340177943.162505000 seconds [Time delta from previous captured frame: 0.000071000 seconds] [Time delta from previous displayed frame: 0.574038000 seconds] [Time since reference or first frame: 35.140719000 seconds] Frame Number: 3292 Frame Length: 1110 bytes (8880 bits) Capture Length: 1110 bytes (8880 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1096 Identification: 0xc1d4 (49620) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x82c8 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: snifferserver (2533), Seq: 49990, Ack: 464, Len: 1056 Source port: http (80) Destination port: snifferserver (2533) [Stream index: 36] Sequence number: 49990 (relative sequence number) [Next sequence number: 51046 (relative sequence number)] Acknowledgement number: 464 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x02db [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2436] TCP segment data (1056 bytes) [38 Reassembled TCP Segments (51045 bytes): #3236(1380), #3237(1380), #3239(1380), #3240(1380), #3242(309), #3243(1380), #3245(1380), #3246(1380), #3248(1380), #3249(1380), #3252(1380), #3253(1380), #3255(1380), #3256(1380), #3258(1380), #3] [Frame: 3236, payload: 0-1379 (1380 bytes)] [Frame: 3237, payload: 1380-2759 (1380 bytes)] [Frame: 3239, payload: 2760-4139 (1380 bytes)] [Frame: 3240, payload: 4140-5519 (1380 bytes)] [Frame: 3242, payload: 5520-5828 (309 bytes)] [Frame: 3243, payload: 5829-7208 (1380 bytes)] [Frame: 3245, payload: 7209-8588 (1380 bytes)] [Frame: 3246, payload: 8589-9968 (1380 bytes)] [Frame: 3248, payload: 9969-11348 (1380 bytes)] [Frame: 3249, payload: 11349-12728 (1380 bytes)] [Frame: 3252, payload: 12729-14108 (1380 bytes)] [Frame: 3253, payload: 14109-15488 (1380 bytes)] [Frame: 3255, payload: 15489-16868 (1380 bytes)] [Frame: 3256, payload: 16869-18248 (1380 bytes)] [Frame: 3258, payload: 18249-19628 (1380 bytes)] [Frame: 3259, payload: 19629-21008 (1380 bytes)] [Frame: 3261, payload: 21009-22388 (1380 bytes)] [Frame: 3262, payload: 22389-23768 (1380 bytes)] [Frame: 3264, payload: 23769-25148 (1380 bytes)] [Frame: 3265, payload: 25149-26528 (1380 bytes)] [Frame: 3267, payload: 26529-27908 (1380 bytes)] [Frame: 3268, payload: 27909-29288 (1380 bytes)] [Frame: 3270, payload: 29289-30668 (1380 bytes)] [Frame: 3271, payload: 30669-32048 (1380 bytes)] [Frame: 3273, payload: 32049-33428 (1380 bytes)] [Frame: 3274, payload: 33429-34808 (1380 bytes)] [Frame: 3276, payload: 34809-36188 (1380 bytes)] [Frame: 3277, payload: 36189-37568 (1380 bytes)] [Frame: 3279, payload: 37569-38948 (1380 bytes)] [Frame: 3280, payload: 38949-40328 (1380 bytes)] [Frame: 3282, payload: 40329-41708 (1380 bytes)] [Frame: 3283, payload: 41709-43088 (1380 bytes)] [Frame: 3285, payload: 43089-44468 (1380 bytes)] [Frame: 3286, payload: 44469-45848 (1380 bytes)] [Frame: 3288, payload: 45849-47228 (1380 bytes)] [Frame: 3289, payload: 47229-48608 (1380 bytes)] [Frame: 3291, payload: 48609-49988 (1380 bytes)] [Frame: 3292, payload: 49989-51044 (1056 bytes)] [Segment count: 38] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:43 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:43 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3295 2012-06-20 08:39:03.162835 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 3295: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:03.162835000 GMT Daylight Time Epoch Time: 1340177943.162835000 seconds [Time delta from previous captured frame: 0.000040000 seconds] [Time delta from previous displayed frame: 0.000330000 seconds] [Time since reference or first frame: 35.141049000 seconds] Frame Number: 3295 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2695 (9877) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd53a [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 664, Ack: 51046, Len: 237 Source port: snifferserver (2533) Destination port: http (80) [Stream index: 36] Sequence number: 664 (relative sequence number) [Next sequence number: 901 (relative sequence number)] Acknowledgement number: 51046 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xd311 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #3294(200), #3295(237)] [Frame: 3294, payload: 0-199 (200 bytes)] [Frame: 3295, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3358 2012-06-20 08:39:03.597064 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3358: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits) Arrival Time: Jun 20, 2012 08:39:03.597064000 GMT Daylight Time Epoch Time: 1340177943.597064000 seconds [Time delta from previous captured frame: 0.000007000 seconds] [Time delta from previous displayed frame: 0.434229000 seconds] [Time since reference or first frame: 35.575278000 seconds] Frame Number: 3358 Frame Length: 362 bytes (2896 bits) Capture Length: 362 bytes (2896 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 348 Identification: 0xc1fd (49661) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x858b [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: snifferserver (2533), Seq: 101783, Ack: 901, Len: 308 Source port: http (80) Destination port: snifferserver (2533) [Stream index: 36] Sequence number: 101783 (relative sequence number) [Next sequence number: 102091 (relative sequence number)] Acknowledgement number: 901 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xf95a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 308] TCP segment data (308 bytes) [39 Reassembled TCP Segments (51045 bytes): #3301(1380), #3302(1380), #3304(1380), #3305(1380), #3307(309), #3308(1380), #3310(1380), #3311(1380), #3313(1380), #3314(1380), #3316(1380), #3317(1380), #3319(1380), #3320(1380), #3322(1380), #3] [Frame: 3301, payload: 0-1379 (1380 bytes)] [Frame: 3302, payload: 1380-2759 (1380 bytes)] [Frame: 3304, payload: 2760-4139 (1380 bytes)] [Frame: 3305, payload: 4140-5519 (1380 bytes)] [Frame: 3307, payload: 5520-5828 (309 bytes)] [Frame: 3308, payload: 5829-7208 (1380 bytes)] [Frame: 3310, payload: 7209-8588 (1380 bytes)] [Frame: 3311, payload: 8589-9968 (1380 bytes)] [Frame: 3313, payload: 9969-11348 (1380 bytes)] [Frame: 3314, payload: 11349-12728 (1380 bytes)] [Frame: 3316, payload: 12729-14108 (1380 bytes)] [Frame: 3317, payload: 14109-15488 (1380 bytes)] [Frame: 3319, payload: 15489-16868 (1380 bytes)] [Frame: 3320, payload: 16869-18248 (1380 bytes)] [Frame: 3322, payload: 18249-19628 (1380 bytes)] [Frame: 3323, payload: 19629-21008 (1380 bytes)] [Frame: 3325, payload: 21009-21756 (748 bytes)] [Frame: 3326, payload: 21757-23136 (1380 bytes)] [Frame: 3328, payload: 23137-24516 (1380 bytes)] [Frame: 3329, payload: 24517-25896 (1380 bytes)] [Frame: 3331, payload: 25897-27276 (1380 bytes)] [Frame: 3332, payload: 27277-28656 (1380 bytes)] [Frame: 3334, payload: 28657-30036 (1380 bytes)] [Frame: 3335, payload: 30037-31416 (1380 bytes)] [Frame: 3337, payload: 31417-32796 (1380 bytes)] [Frame: 3338, payload: 32797-34176 (1380 bytes)] [Frame: 3340, payload: 34177-35556 (1380 bytes)] [Frame: 3341, payload: 35557-36936 (1380 bytes)] [Frame: 3343, payload: 36937-38316 (1380 bytes)] [Frame: 3344, payload: 38317-39696 (1380 bytes)] [Frame: 3346, payload: 39697-41076 (1380 bytes)] [Frame: 3347, payload: 41077-42456 (1380 bytes)] [Frame: 3349, payload: 42457-43836 (1380 bytes)] [Frame: 3350, payload: 43837-45216 (1380 bytes)] [Frame: 3352, payload: 45217-46596 (1380 bytes)] [Frame: 3353, payload: 46597-47976 (1380 bytes)] [Frame: 3355, payload: 47977-49356 (1380 bytes)] [Frame: 3356, payload: 49357-50736 (1380 bytes)] [Frame: 3358, payload: 50737-51044 (308 bytes)] [Segment count: 39] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:44 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:44 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3360 2012-06-20 08:39:03.597406 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 3360: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:03.597406000 GMT Daylight Time Epoch Time: 1340177943.597406000 seconds [Time delta from previous captured frame: 0.000100000 seconds] [Time delta from previous displayed frame: 0.000342000 seconds] [Time since reference or first frame: 35.575620000 seconds] Frame Number: 3360 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x26aa (9898) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd525 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 1101, Ack: 102091, Len: 237 Source port: snifferserver (2533) Destination port: http (80) [Stream index: 36] Sequence number: 1101 (relative sequence number) [Next sequence number: 1338 (relative sequence number)] Acknowledgement number: 102091 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0x09f8 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #3359(200), #3360(237)] [Frame: 3359, payload: 0-199 (200 bytes)] [Frame: 3360, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3424 2012-06-20 08:39:04.236906 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3424: 634 bytes on wire (5072 bits), 634 bytes captured (5072 bits) Arrival Time: Jun 20, 2012 08:39:04.236906000 GMT Daylight Time Epoch Time: 1340177944.236906000 seconds [Time delta from previous captured frame: 0.000023000 seconds] [Time delta from previous displayed frame: 0.639500000 seconds] [Time since reference or first frame: 36.215120000 seconds] Frame Number: 3424 Frame Length: 634 bytes (5072 bits) Capture Length: 634 bytes (5072 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 620 Identification: 0xc226 (49702) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x8452 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: snifferserver (2533), Seq: 152556, Ack: 1338, Len: 580 Source port: http (80) Destination port: snifferserver (2533) [Stream index: 36] Sequence number: 152556 (relative sequence number) [Next sequence number: 153136 (relative sequence number)] Acknowledgement number: 1338 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x6ebd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 580] TCP segment data (580 bytes) [39 Reassembled TCP Segments (51045 bytes): #3366(1380), #3367(1380), #3369(1380), #3370(241), #3372(1380), #3373(1380), #3375(1380), #3376(1380), #3378(1380), #3379(1380), #3381(1380), #3382(1380), #3384(544), #3385(1380), #3387(1380), #33] [Frame: 3366, payload: 0-1379 (1380 bytes)] [Frame: 3367, payload: 1380-2759 (1380 bytes)] [Frame: 3369, payload: 2760-4139 (1380 bytes)] [Frame: 3370, payload: 4140-4380 (241 bytes)] [Frame: 3372, payload: 4381-5760 (1380 bytes)] [Frame: 3373, payload: 5761-7140 (1380 bytes)] [Frame: 3375, payload: 7141-8520 (1380 bytes)] [Frame: 3376, payload: 8521-9900 (1380 bytes)] [Frame: 3378, payload: 9901-11280 (1380 bytes)] [Frame: 3379, payload: 11281-12660 (1380 bytes)] [Frame: 3381, payload: 12661-14040 (1380 bytes)] [Frame: 3382, payload: 14041-15420 (1380 bytes)] [Frame: 3384, payload: 15421-15964 (544 bytes)] [Frame: 3385, payload: 15965-17344 (1380 bytes)] [Frame: 3387, payload: 17345-18724 (1380 bytes)] [Frame: 3388, payload: 18725-20104 (1380 bytes)] [Frame: 3391, payload: 20105-21484 (1380 bytes)] [Frame: 3392, payload: 21485-22864 (1380 bytes)] [Frame: 3394, payload: 22865-24244 (1380 bytes)] [Frame: 3395, payload: 24245-25624 (1380 bytes)] [Frame: 3397, payload: 25625-27004 (1380 bytes)] [Frame: 3398, payload: 27005-28384 (1380 bytes)] [Frame: 3400, payload: 28385-29764 (1380 bytes)] [Frame: 3401, payload: 29765-31144 (1380 bytes)] [Frame: 3403, payload: 31145-32524 (1380 bytes)] [Frame: 3404, payload: 32525-33904 (1380 bytes)] [Frame: 3406, payload: 33905-35284 (1380 bytes)] [Frame: 3407, payload: 35285-36664 (1380 bytes)] [Frame: 3409, payload: 36665-38044 (1380 bytes)] [Frame: 3410, payload: 38045-39424 (1380 bytes)] [Frame: 3412, payload: 39425-40804 (1380 bytes)] [Frame: 3413, payload: 40805-42184 (1380 bytes)] [Frame: 3415, payload: 42185-43564 (1380 bytes)] [Frame: 3416, payload: 43565-44944 (1380 bytes)] [Frame: 3418, payload: 44945-46324 (1380 bytes)] [Frame: 3419, payload: 46325-47704 (1380 bytes)] [Frame: 3421, payload: 47705-49084 (1380 bytes)] [Frame: 3422, payload: 49085-50464 (1380 bytes)] [Frame: 3424, payload: 50465-51044 (580 bytes)] [Segment count: 39] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:44 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:44 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3425 2012-06-20 08:39:04.237249 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 3425: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits) Arrival Time: Jun 20, 2012 08:39:04.237249000 GMT Daylight Time Epoch Time: 1340177944.237249000 seconds [Time delta from previous captured frame: 0.000343000 seconds] [Time delta from previous displayed frame: 0.000343000 seconds] [Time since reference or first frame: 36.215463000 seconds] Frame Number: 3425 Frame Length: 188 bytes (1504 bits) Capture Length: 188 bytes (1504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 174 Identification: 0x26be (9918) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd578 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 1338, Ack: 153136, Len: 134 Source port: snifferserver (2533) Destination port: http (80) [Stream index: 36] Sequence number: 1338 (relative sequence number) [Next sequence number: 1472 (relative sequence number)] Acknowledgement number: 153136 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x93d7 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 3424] [The RTT to ACK the segment was: 0.000343000 seconds] [Bytes in flight: 134] Hypertext Transfer Protocol HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] No. Time Source Destination Protocol Info 3437 2012-06-20 08:39:04.513020 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 3437: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:04.513020000 GMT Daylight Time Epoch Time: 1340177944.513020000 seconds [Time delta from previous captured frame: 0.000132000 seconds] [Time delta from previous displayed frame: 0.275771000 seconds] [Time since reference or first frame: 36.491234000 seconds] Frame Number: 3437 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x26c4 (9924) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd50b [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: combox-web-acc (2534) Destination port: http (80) [Stream index: 37] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x55b1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #3436(225), #3437(237)] [Frame: 3436, payload: 0-224 (225 bytes)] [Frame: 3437, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3498 2012-06-20 08:39:05.072479 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3498: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits) Arrival Time: Jun 20, 2012 08:39:05.072479000 GMT Daylight Time Epoch Time: 1340177945.072479000 seconds [Time delta from previous captured frame: 0.000016000 seconds] [Time delta from previous displayed frame: 0.559459000 seconds] [Time since reference or first frame: 37.050693000 seconds] Frame Number: 3498 Frame Length: 777 bytes (6216 bits) Capture Length: 777 bytes (6216 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 763 Identification: 0x7974 (31092) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xcc75 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: combox-web-acc (2534), Seq: 49681, Ack: 463, Len: 723 Source port: http (80) Destination port: combox-web-acc (2534) [Stream index: 37] Sequence number: 49681 (relative sequence number) [Next sequence number: 50404 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x2d11 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 723] TCP segment data (723 bytes) [37 Reassembled TCP Segments (50403 bytes): #3444(1380), #3445(1380), #3447(1380), #3448(1380), #3450(1380), #3451(1380), #3453(1380), #3454(1380), #3456(1380), #3457(1380), #3459(1380), #3460(1380), #3462(1380), #3463(1380), #3465(1380), #] [Frame: 3444, payload: 0-1379 (1380 bytes)] [Frame: 3445, payload: 1380-2759 (1380 bytes)] [Frame: 3447, payload: 2760-4139 (1380 bytes)] [Frame: 3448, payload: 4140-5519 (1380 bytes)] [Frame: 3450, payload: 5520-6899 (1380 bytes)] [Frame: 3451, payload: 6900-8279 (1380 bytes)] [Frame: 3453, payload: 8280-9659 (1380 bytes)] [Frame: 3454, payload: 9660-11039 (1380 bytes)] [Frame: 3456, payload: 11040-12419 (1380 bytes)] [Frame: 3457, payload: 12420-13799 (1380 bytes)] [Frame: 3459, payload: 13800-15179 (1380 bytes)] [Frame: 3460, payload: 15180-16559 (1380 bytes)] [Frame: 3462, payload: 16560-17939 (1380 bytes)] [Frame: 3463, payload: 17940-19319 (1380 bytes)] [Frame: 3465, payload: 19320-20699 (1380 bytes)] [Frame: 3466, payload: 20700-22079 (1380 bytes)] [Frame: 3468, payload: 22080-23459 (1380 bytes)] [Frame: 3469, payload: 23460-24839 (1380 bytes)] [Frame: 3471, payload: 24840-26219 (1380 bytes)] [Frame: 3472, payload: 26220-27599 (1380 bytes)] [Frame: 3474, payload: 27600-28979 (1380 bytes)] [Frame: 3475, payload: 28980-30359 (1380 bytes)] [Frame: 3477, payload: 30360-31739 (1380 bytes)] [Frame: 3478, payload: 31740-33119 (1380 bytes)] [Frame: 3480, payload: 33120-34499 (1380 bytes)] [Frame: 3481, payload: 34500-35879 (1380 bytes)] [Frame: 3483, payload: 35880-37259 (1380 bytes)] [Frame: 3484, payload: 37260-38639 (1380 bytes)] [Frame: 3486, payload: 38640-40019 (1380 bytes)] [Frame: 3487, payload: 40020-41399 (1380 bytes)] [Frame: 3489, payload: 41400-42779 (1380 bytes)] [Frame: 3490, payload: 42780-44159 (1380 bytes)] [Frame: 3492, payload: 44160-45539 (1380 bytes)] [Frame: 3493, payload: 45540-46919 (1380 bytes)] [Frame: 3495, payload: 46920-48299 (1380 bytes)] [Frame: 3496, payload: 48300-49679 (1380 bytes)] [Frame: 3498, payload: 49680-50402 (723 bytes)] [Segment count: 37] [Reassembled TCP length: 50403] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:45 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50063\r\n [Content length: 50063] Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:45 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 87\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5629 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 424 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 24 Remaining segment data (22 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3500 2012-06-20 08:39:05.072908 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 3500: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:05.072908000 GMT Daylight Time Epoch Time: 1340177945.072908000 seconds [Time delta from previous captured frame: 0.000102000 seconds] [Time delta from previous displayed frame: 0.000429000 seconds] [Time since reference or first frame: 37.051122000 seconds] Frame Number: 3500 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x26d8 (9944) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd4f7 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 662, Ack: 50404, Len: 237 Source port: combox-web-acc (2534) Destination port: http (80) [Stream index: 37] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 50404 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x8f1c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #3499(199), #3500(237)] [Frame: 3499, payload: 0-198 (199 bytes)] [Frame: 3500, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3565 2012-06-20 08:39:05.552974 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3565: 1304 bytes on wire (10432 bits), 1304 bytes captured (10432 bits) Arrival Time: Jun 20, 2012 08:39:05.552974000 GMT Daylight Time Epoch Time: 1340177945.552974000 seconds [Time delta from previous captured frame: 0.000049000 seconds] [Time delta from previous displayed frame: 0.480066000 seconds] [Time since reference or first frame: 37.531188000 seconds] Frame Number: 3565 Frame Length: 1304 bytes (10432 bits) Capture Length: 1304 bytes (10432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1290 Identification: 0x799c (31132) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xca3e [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: combox-web-acc (2534), Seq: 99557, Ack: 899, Len: 1250 Source port: http (80) Destination port: combox-web-acc (2534) [Stream index: 37] Sequence number: 99557 (relative sequence number) [Next sequence number: 100807 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x2f88 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2630] TCP segment data (1250 bytes) [38 Reassembled TCP Segments (50403 bytes): #3507(1380), #3508(1380), #3510(1380), #3511(1380), #3513(1380), #3514(1380), #3516(1380), #3517(513), #3519(1380), #3520(1380), #3522(1380), #3523(1380), #3525(1380), #3526(340), #3528(1380), #35] [Frame: 3507, payload: 0-1379 (1380 bytes)] [Frame: 3508, payload: 1380-2759 (1380 bytes)] [Frame: 3510, payload: 2760-4139 (1380 bytes)] [Frame: 3511, payload: 4140-5519 (1380 bytes)] [Frame: 3513, payload: 5520-6899 (1380 bytes)] [Frame: 3514, payload: 6900-8279 (1380 bytes)] [Frame: 3516, payload: 8280-9659 (1380 bytes)] [Frame: 3517, payload: 9660-10172 (513 bytes)] [Frame: 3519, payload: 10173-11552 (1380 bytes)] [Frame: 3520, payload: 11553-12932 (1380 bytes)] [Frame: 3522, payload: 12933-14312 (1380 bytes)] [Frame: 3523, payload: 14313-15692 (1380 bytes)] [Frame: 3525, payload: 15693-17072 (1380 bytes)] [Frame: 3526, payload: 17073-17412 (340 bytes)] [Frame: 3528, payload: 17413-18792 (1380 bytes)] [Frame: 3529, payload: 18793-20172 (1380 bytes)] [Frame: 3531, payload: 20173-21552 (1380 bytes)] [Frame: 3532, payload: 21553-22932 (1380 bytes)] [Frame: 3534, payload: 22933-24312 (1380 bytes)] [Frame: 3535, payload: 24313-25692 (1380 bytes)] [Frame: 3537, payload: 25693-27072 (1380 bytes)] [Frame: 3538, payload: 27073-28452 (1380 bytes)] [Frame: 3543, payload: 28453-29832 (1380 bytes)] [Frame: 3544, payload: 29833-31212 (1380 bytes)] [Frame: 3546, payload: 31213-32592 (1380 bytes)] [Frame: 3547, payload: 32593-33972 (1380 bytes)] [Frame: 3549, payload: 33973-35352 (1380 bytes)] [Frame: 3550, payload: 35353-36732 (1380 bytes)] [Frame: 3552, payload: 36733-38112 (1380 bytes)] [Frame: 3553, payload: 38113-39492 (1380 bytes)] [Frame: 3555, payload: 39493-40872 (1380 bytes)] [Frame: 3556, payload: 40873-42252 (1380 bytes)] [Frame: 3558, payload: 42253-43632 (1380 bytes)] [Frame: 3559, payload: 43633-45012 (1380 bytes)] [Frame: 3561, payload: 45013-46392 (1380 bytes)] [Frame: 3562, payload: 46393-47772 (1380 bytes)] [Frame: 3564, payload: 47773-49152 (1380 bytes)] [Frame: 3565, payload: 49153-50402 (1250 bytes)] [Segment count: 38] [Reassembled TCP length: 50403] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:46 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50063\r\n [Content length: 50063] Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:46 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 87\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5629 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 424 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 24 Remaining segment data (22 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3568 2012-06-20 08:39:05.553328 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 3568: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:05.553328000 GMT Daylight Time Epoch Time: 1340177945.553328000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000354000 seconds] [Time since reference or first frame: 37.531542000 seconds] Frame Number: 3568 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x26ed (9965) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd4e2 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 1098, Ack: 100807, Len: 237 Source port: combox-web-acc (2534) Destination port: http (80) [Stream index: 37] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 100807 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc881 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #3567(199), #3568(237)] [Frame: 3567, payload: 0-198 (199 bytes)] [Frame: 3568, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3631 2012-06-20 08:39:06.010821 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3631: 760 bytes on wire (6080 bits), 760 bytes captured (6080 bits) Arrival Time: Jun 20, 2012 08:39:06.010821000 GMT Daylight Time Epoch Time: 1340177946.010821000 seconds [Time delta from previous captured frame: 0.000015000 seconds] [Time delta from previous displayed frame: 0.457493000 seconds] [Time since reference or first frame: 37.989035000 seconds] Frame Number: 3631 Frame Length: 760 bytes (6080 bits) Capture Length: 760 bytes (6080 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 746 Identification: 0x79c5 (31173) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xcc35 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: combox-web-acc (2534), Seq: 150504, Ack: 1335, Len: 706 Source port: http (80) Destination port: combox-web-acc (2534) [Stream index: 37] Sequence number: 150504 (relative sequence number) [Next sequence number: 151210 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x0495 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 706] TCP segment data (706 bytes) [39 Reassembled TCP Segments (50403 bytes): #3573(1380), #3574(1380), #3576(1380), #3577(1380), #3579(1380), #3580(1380), #3582(1380), #3583(1380), #3585(1380), #3586(1380), #3588(717), #3589(1380), #3591(1380), #3592(1380), #3594(1380), #3] [Frame: 3573, payload: 0-1379 (1380 bytes)] [Frame: 3574, payload: 1380-2759 (1380 bytes)] [Frame: 3576, payload: 2760-4139 (1380 bytes)] [Frame: 3577, payload: 4140-5519 (1380 bytes)] [Frame: 3579, payload: 5520-6899 (1380 bytes)] [Frame: 3580, payload: 6900-8279 (1380 bytes)] [Frame: 3582, payload: 8280-9659 (1380 bytes)] [Frame: 3583, payload: 9660-11039 (1380 bytes)] [Frame: 3585, payload: 11040-12419 (1380 bytes)] [Frame: 3586, payload: 12420-13799 (1380 bytes)] [Frame: 3588, payload: 13800-14516 (717 bytes)] [Frame: 3589, payload: 14517-15896 (1380 bytes)] [Frame: 3591, payload: 15897-17276 (1380 bytes)] [Frame: 3592, payload: 17277-18656 (1380 bytes)] [Frame: 3594, payload: 18657-20036 (1380 bytes)] [Frame: 3595, payload: 20037-20308 (272 bytes)] [Frame: 3597, payload: 20309-21688 (1380 bytes)] [Frame: 3598, payload: 21689-23068 (1380 bytes)] [Frame: 3600, payload: 23069-24448 (1380 bytes)] [Frame: 3601, payload: 24449-25828 (1380 bytes)] [Frame: 3603, payload: 25829-27208 (1380 bytes)] [Frame: 3604, payload: 27209-28588 (1380 bytes)] [Frame: 3606, payload: 28589-28996 (408 bytes)] [Frame: 3608, payload: 28997-30376 (1380 bytes)] [Frame: 3610, payload: 30377-31756 (1380 bytes)] [Frame: 3611, payload: 31757-33136 (1380 bytes)] [Frame: 3613, payload: 33137-34516 (1380 bytes)] [Frame: 3614, payload: 34517-35896 (1380 bytes)] [Frame: 3616, payload: 35897-37276 (1380 bytes)] [Frame: 3617, payload: 37277-38656 (1380 bytes)] [Frame: 3619, payload: 38657-40036 (1380 bytes)] [Frame: 3620, payload: 40037-41416 (1380 bytes)] [Frame: 3622, payload: 41417-42796 (1380 bytes)] [Frame: 3623, payload: 42797-44176 (1380 bytes)] [Frame: 3625, payload: 44177-45556 (1380 bytes)] [Frame: 3626, payload: 45557-46936 (1380 bytes)] [Frame: 3628, payload: 46937-48316 (1380 bytes)] [Frame: 3629, payload: 48317-49696 (1380 bytes)] [Frame: 3631, payload: 49697-50402 (706 bytes)] [Segment count: 39] [Reassembled TCP length: 50403] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:46 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50063\r\n [Content length: 50063] Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:46 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 87\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5629 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 424 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 24 Remaining segment data (22 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3632 2012-06-20 08:39:06.011087 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1 Frame 3632: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:06.011087000 GMT Daylight Time Epoch Time: 1340177946.011087000 seconds [Time delta from previous captured frame: 0.000266000 seconds] [Time delta from previous displayed frame: 0.000266000 seconds] [Time since reference or first frame: 37.989301000 seconds] Frame Number: 3632 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2701 (9985) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd536 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 1335, Ack: 151210, Len: 133 Source port: combox-web-acc (2534) Destination port: http (80) [Stream index: 37] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 151210 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x313d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 3631] [The RTT to ACK the segment was: 0.000266000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0001.jpg?w=424&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640] No. Time Source Destination Protocol Info 3644 2012-06-20 08:39:06.298887 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 3644: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:06.298887000 GMT Daylight Time Epoch Time: 1340177946.298887000 seconds [Time delta from previous captured frame: 0.000130000 seconds] [Time delta from previous displayed frame: 0.287800000 seconds] [Time since reference or first frame: 38.277101000 seconds] Frame Number: 3644 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2707 (9991) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd4c8 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: madcap (2535) Destination port: http (80) [Stream index: 38] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x85aa [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #3643(225), #3644(237)] [Frame: 3643, payload: 0-224 (225 bytes)] [Frame: 3644, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3704 2012-06-20 08:39:06.863526 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3704: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits) Arrival Time: Jun 20, 2012 08:39:06.863526000 GMT Daylight Time Epoch Time: 1340177946.863526000 seconds [Time delta from previous captured frame: 0.000017000 seconds] [Time delta from previous displayed frame: 0.564639000 seconds] [Time since reference or first frame: 38.841740000 seconds] Frame Number: 3704 Frame Length: 210 bytes (1680 bits) Capture Length: 210 bytes (1680 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 196 Identification: 0x8163 (33123) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xc6bd [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: madcap (2535), Seq: 48406, Ack: 463, Len: 156 Source port: http (80) Destination port: madcap (2535) [Stream index: 38] Sequence number: 48406 (relative sequence number) [Next sequence number: 48562 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xde52 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 156] TCP segment data (156 bytes) [37 Reassembled TCP Segments (48561 bytes): #3648(1380), #3649(105), #3651(1380), #3652(1380), #3654(1380), #3655(1380), #3657(1380), #3658(1380), #3660(1380), #3661(1380), #3663(1380), #3664(1380), #3666(1380), #3667(1380), #3669(1380), #3] [Frame: 3648, payload: 0-1379 (1380 bytes)] [Frame: 3649, payload: 1380-1484 (105 bytes)] [Frame: 3651, payload: 1485-2864 (1380 bytes)] [Frame: 3652, payload: 2865-4244 (1380 bytes)] [Frame: 3654, payload: 4245-5624 (1380 bytes)] [Frame: 3655, payload: 5625-7004 (1380 bytes)] [Frame: 3657, payload: 7005-8384 (1380 bytes)] [Frame: 3658, payload: 8385-9764 (1380 bytes)] [Frame: 3660, payload: 9765-11144 (1380 bytes)] [Frame: 3661, payload: 11145-12524 (1380 bytes)] [Frame: 3663, payload: 12525-13904 (1380 bytes)] [Frame: 3664, payload: 13905-15284 (1380 bytes)] [Frame: 3666, payload: 15285-16664 (1380 bytes)] [Frame: 3667, payload: 16665-18044 (1380 bytes)] [Frame: 3669, payload: 18045-19424 (1380 bytes)] [Frame: 3670, payload: 19425-20804 (1380 bytes)] [Frame: 3672, payload: 20805-22184 (1380 bytes)] [Frame: 3673, payload: 22185-23564 (1380 bytes)] [Frame: 3675, payload: 23565-24944 (1380 bytes)] [Frame: 3676, payload: 24945-26324 (1380 bytes)] [Frame: 3678, payload: 26325-27704 (1380 bytes)] [Frame: 3679, payload: 27705-29084 (1380 bytes)] [Frame: 3683, payload: 29085-30464 (1380 bytes)] [Frame: 3684, payload: 30465-31844 (1380 bytes)] [Frame: 3686, payload: 31845-33224 (1380 bytes)] [Frame: 3687, payload: 33225-34604 (1380 bytes)] [Frame: 3689, payload: 34605-35984 (1380 bytes)] [Frame: 3690, payload: 35985-37364 (1380 bytes)] [Frame: 3692, payload: 37365-38744 (1380 bytes)] [Frame: 3693, payload: 38745-40124 (1380 bytes)] [Frame: 3695, payload: 40125-41504 (1380 bytes)] [Frame: 3696, payload: 41505-42884 (1380 bytes)] [Frame: 3698, payload: 42885-44264 (1380 bytes)] [Frame: 3699, payload: 44265-45644 (1380 bytes)] [Frame: 3701, payload: 45645-47024 (1380 bytes)] [Frame: 3702, payload: 47025-48404 (1380 bytes)] [Frame: 3704, payload: 48405-48560 (156 bytes)] [Segment count: 37] [Reassembled TCP length: 48561] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:47 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48221\r\n [Content length: 48221] Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:47 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5828 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 429 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 23 Remaining segment data (21 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3706 2012-06-20 08:39:06.863974 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 3706: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:06.863974000 GMT Daylight Time Epoch Time: 1340177946.863974000 seconds [Time delta from previous captured frame: 0.000101000 seconds] [Time delta from previous displayed frame: 0.000448000 seconds] [Time since reference or first frame: 38.842188000 seconds] Frame Number: 3706 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x271b (10011) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd4b4 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 662, Ack: 48562, Len: 237 Source port: madcap (2535) Destination port: http (80) [Stream index: 38] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 48562 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc644 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #3705(199), #3706(237)] [Frame: 3705, payload: 0-198 (199 bytes)] [Frame: 3706, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3768 2012-06-20 08:39:07.416207 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3768: 842 bytes on wire (6736 bits), 842 bytes captured (6736 bits) Arrival Time: Jun 20, 2012 08:39:07.416207000 GMT Daylight Time Epoch Time: 1340177947.416207000 seconds [Time delta from previous captured frame: 0.000005000 seconds] [Time delta from previous displayed frame: 0.552233000 seconds] [Time since reference or first frame: 39.394421000 seconds] Frame Number: 3768 Frame Length: 842 bytes (6736 bits) Capture Length: 842 bytes (6736 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 828 Identification: 0x818b (33163) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xc41d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: madcap (2535), Seq: 96335, Ack: 899, Len: 788 Source port: http (80) Destination port: madcap (2535) [Stream index: 38] Sequence number: 96335 (relative sequence number) [Next sequence number: 97123 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x19c3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2168] TCP segment data (788 bytes) [38 Reassembled TCP Segments (48561 bytes): #3710(1380), #3711(1380), #3713(1380), #3714(1380), #3716(1380), #3717(1380), #3719(445), #3720(1380), #3722(1380), #3723(1380), #3725(1380), #3726(272), #3728(1380), #3729(1380), #3731(136), #373] [Frame: 3710, payload: 0-1379 (1380 bytes)] [Frame: 3711, payload: 1380-2759 (1380 bytes)] [Frame: 3713, payload: 2760-4139 (1380 bytes)] [Frame: 3714, payload: 4140-5519 (1380 bytes)] [Frame: 3716, payload: 5520-6899 (1380 bytes)] [Frame: 3717, payload: 6900-8279 (1380 bytes)] [Frame: 3719, payload: 8280-8724 (445 bytes)] [Frame: 3720, payload: 8725-10104 (1380 bytes)] [Frame: 3722, payload: 10105-11484 (1380 bytes)] [Frame: 3723, payload: 11485-12864 (1380 bytes)] [Frame: 3725, payload: 12865-14244 (1380 bytes)] [Frame: 3726, payload: 14245-14516 (272 bytes)] [Frame: 3728, payload: 14517-15896 (1380 bytes)] [Frame: 3729, payload: 15897-17276 (1380 bytes)] [Frame: 3731, payload: 17277-17412 (136 bytes)] [Frame: 3733, payload: 17413-18792 (1380 bytes)] [Frame: 3735, payload: 18793-20172 (1380 bytes)] [Frame: 3736, payload: 20173-21552 (1380 bytes)] [Frame: 3738, payload: 21553-22932 (1380 bytes)] [Frame: 3739, payload: 22933-24312 (1380 bytes)] [Frame: 3741, payload: 24313-25692 (1380 bytes)] [Frame: 3742, payload: 25693-27072 (1380 bytes)] [Frame: 3744, payload: 27073-28452 (1380 bytes)] [Frame: 3745, payload: 28453-29832 (1380 bytes)] [Frame: 3747, payload: 29833-31212 (1380 bytes)] [Frame: 3748, payload: 31213-32592 (1380 bytes)] [Frame: 3750, payload: 32593-33972 (1380 bytes)] [Frame: 3751, payload: 33973-35352 (1380 bytes)] [Frame: 3753, payload: 35353-36732 (1380 bytes)] [Frame: 3754, payload: 36733-38112 (1380 bytes)] [Frame: 3756, payload: 38113-39492 (1380 bytes)] [Frame: 3757, payload: 39493-40872 (1380 bytes)] [Frame: 3759, payload: 40873-42252 (1380 bytes)] [Frame: 3760, payload: 42253-43632 (1380 bytes)] [Frame: 3764, payload: 43633-45012 (1380 bytes)] [Frame: 3765, payload: 45013-46392 (1380 bytes)] [Frame: 3767, payload: 46393-47772 (1380 bytes)] [Frame: 3768, payload: 47773-48560 (788 bytes)] [Segment count: 38] [Reassembled TCP length: 48561] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:48 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48221\r\n [Content length: 48221] Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:48 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5828 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 429 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 23 Remaining segment data (21 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3771 2012-06-20 08:39:07.416601 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 3771: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:07.416601000 GMT Daylight Time Epoch Time: 1340177947.416601000 seconds [Time delta from previous captured frame: 0.000135000 seconds] [Time delta from previous displayed frame: 0.000394000 seconds] [Time since reference or first frame: 39.394815000 seconds] Frame Number: 3771 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2730 (10032) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd49f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 1098, Ack: 97123, Len: 237 Source port: madcap (2535) Destination port: http (80) [Stream index: 38] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 97123 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x06df [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #3770(199), #3771(237)] [Frame: 3770, payload: 0-198 (199 bytes)] [Frame: 3771, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3833 2012-06-20 08:39:07.846154 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3833: 1338 bytes on wire (10704 bits), 1338 bytes captured (10704 bits) Arrival Time: Jun 20, 2012 08:39:07.846154000 GMT Daylight Time Epoch Time: 1340177947.846154000 seconds [Time delta from previous captured frame: 0.000121000 seconds] [Time delta from previous displayed frame: 0.429553000 seconds] [Time since reference or first frame: 39.824368000 seconds] Frame Number: 3833 Frame Length: 1338 bytes (10704 bits) Capture Length: 1338 bytes (10704 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1324 Identification: 0x81b2 (33202) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xc206 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: madcap (2535), Seq: 144400, Ack: 1335, Len: 1284 Source port: http (80) Destination port: madcap (2535) [Stream index: 38] Sequence number: 144400 (relative sequence number) [Next sequence number: 145684 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x38fa [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1284] TCP segment data (1284 bytes) [37 Reassembled TCP Segments (48561 bytes): #3777(1380), #3778(1380), #3780(1380), #3781(1380), #3783(1380), #3784(377), #3786(1380), #3787(1380), #3789(1380), #3790(1380), #3792(1380), #3793(1380), #3795(1380), #3796(1380), #3798(1380), #3] [Frame: 3777, payload: 0-1379 (1380 bytes)] [Frame: 3778, payload: 1380-2759 (1380 bytes)] [Frame: 3780, payload: 2760-4139 (1380 bytes)] [Frame: 3781, payload: 4140-5519 (1380 bytes)] [Frame: 3783, payload: 5520-6899 (1380 bytes)] [Frame: 3784, payload: 6900-7276 (377 bytes)] [Frame: 3786, payload: 7277-8656 (1380 bytes)] [Frame: 3787, payload: 8657-10036 (1380 bytes)] [Frame: 3789, payload: 10037-11416 (1380 bytes)] [Frame: 3790, payload: 11417-12796 (1380 bytes)] [Frame: 3792, payload: 12797-14176 (1380 bytes)] [Frame: 3793, payload: 14177-15556 (1380 bytes)] [Frame: 3795, payload: 15557-16936 (1380 bytes)] [Frame: 3796, payload: 16937-18316 (1380 bytes)] [Frame: 3798, payload: 18317-19696 (1380 bytes)] [Frame: 3799, payload: 19697-21076 (1380 bytes)] [Frame: 3801, payload: 21077-21756 (680 bytes)] [Frame: 3802, payload: 21757-23136 (1380 bytes)] [Frame: 3804, payload: 23137-24516 (1380 bytes)] [Frame: 3805, payload: 24517-25896 (1380 bytes)] [Frame: 3807, payload: 25897-27276 (1380 bytes)] [Frame: 3808, payload: 27277-28656 (1380 bytes)] [Frame: 3810, payload: 28657-30036 (1380 bytes)] [Frame: 3811, payload: 30037-31416 (1380 bytes)] [Frame: 3813, payload: 31417-32796 (1380 bytes)] [Frame: 3814, payload: 32797-34176 (1380 bytes)] [Frame: 3816, payload: 34177-35556 (1380 bytes)] [Frame: 3817, payload: 35557-36236 (680 bytes)] [Frame: 3821, payload: 36237-37616 (1380 bytes)] [Frame: 3822, payload: 37617-38996 (1380 bytes)] [Frame: 3824, payload: 38997-40376 (1380 bytes)] [Frame: 3825, payload: 40377-41756 (1380 bytes)] [Frame: 3827, payload: 41757-43136 (1380 bytes)] [Frame: 3828, payload: 43137-44516 (1380 bytes)] [Frame: 3830, payload: 44517-45896 (1380 bytes)] [Frame: 3831, payload: 45897-47276 (1380 bytes)] [Frame: 3833, payload: 47277-48560 (1284 bytes)] [Segment count: 37] [Reassembled TCP length: 48561] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:48 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48221\r\n [Content length: 48221] Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:48 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5828 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 429 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 23 Remaining segment data (21 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3834 2012-06-20 08:39:07.846525 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1 Frame 3834: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:07.846525000 GMT Daylight Time Epoch Time: 1340177947.846525000 seconds [Time delta from previous captured frame: 0.000371000 seconds] [Time delta from previous displayed frame: 0.000371000 seconds] [Time since reference or first frame: 39.824739000 seconds] Frame Number: 3834 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2743 (10051) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd4f4 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 1335, Ack: 145684, Len: 133 Source port: madcap (2535) Destination port: http (80) [Stream index: 38] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 145684 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0x75c6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 3833] [The RTT to ACK the segment was: 0.000371000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0014.jpg?w=429&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640] No. Time Source Destination Protocol Info 3859 2012-06-20 08:39:08.337431 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 3859: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:08.337431000 GMT Daylight Time Epoch Time: 1340177948.337431000 seconds [Time delta from previous captured frame: 0.000127000 seconds] [Time delta from previous displayed frame: 0.490906000 seconds] [Time since reference or first frame: 40.315645000 seconds] Frame Number: 3859 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2750 (10064) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd47f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 225, Ack: 1, Len: 237 Source port: upgrade (2537) Destination port: http (80) [Stream index: 41] Sequence number: 225 (relative sequence number) [Next sequence number: 462 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x1d0d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 461] TCP segment data (237 bytes) [2 Reassembled TCP Segments (461 bytes): #3858(224), #3859(237)] [Frame: 3858, payload: 0-223 (224 bytes)] [Frame: 3859, payload: 224-460 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 461] Hypertext Transfer Protocol PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] eXtensible Markup Language No. Time Source Destination Protocol Info 3866 2012-06-20 08:39:08.668052 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3866: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits) Arrival Time: Jun 20, 2012 08:39:08.668052000 GMT Daylight Time Epoch Time: 1340177948.668052000 seconds [Time delta from previous captured frame: 0.000032000 seconds] [Time delta from previous displayed frame: 0.330621000 seconds] [Time since reference or first frame: 40.646266000 seconds] Frame Number: 3866 Frame Length: 250 bytes (2000 bits) Capture Length: 250 bytes (2000 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 236 Identification: 0x390d (14605) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0eec [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: upgrade (2537), Seq: 4141, Ack: 462, Len: 196 Source port: http (80) Destination port: upgrade (2537) [Stream index: 41] Sequence number: 4141 (relative sequence number) [Next sequence number: 4337 (relative sequence number)] Acknowledgement number: 462 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x9d78 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1576] TCP segment data (196 bytes) [4 Reassembled TCP Segments (4336 bytes): #3862(1380), #3863(1380), #3865(1380), #3866(196)] [Frame: 3862, payload: 0-1379 (1380 bytes)] [Frame: 3863, payload: 1380-2759 (1380 bytes)] [Frame: 3865, payload: 2760-4139 (1380 bytes)] [Frame: 3866, payload: 4140-4335 (196 bytes)] [Segment count: 4] [Reassembled TCP length: 4336] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:49 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 3997\r\n [Content length: 3997] Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:49 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 1106 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 64 Samples per line: 134 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3869 2012-06-20 08:39:08.668386 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 3869: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:08.668386000 GMT Daylight Time Epoch Time: 1340177948.668386000 seconds [Time delta from previous captured frame: 0.000061000 seconds] [Time delta from previous displayed frame: 0.000334000 seconds] [Time since reference or first frame: 40.646600000 seconds] Frame Number: 3869 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2754 (10068) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd47b [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 660, Ack: 4337, Len: 237 Source port: upgrade (2537) Destination port: http (80) [Stream index: 41] Sequence number: 660 (relative sequence number) [Next sequence number: 897 (relative sequence number)] Acknowledgement number: 4337 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x0a6a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 435] TCP segment data (237 bytes) [2 Reassembled TCP Segments (435 bytes): #3868(198), #3869(237)] [Frame: 3868, payload: 0-197 (198 bytes)] [Frame: 3869, payload: 198-434 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 435] Hypertext Transfer Protocol PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] eXtensible Markup Language No. Time Source Destination Protocol Info 3878 2012-06-20 08:39:08.960975 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3878: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits) Arrival Time: Jun 20, 2012 08:39:08.960975000 GMT Daylight Time Epoch Time: 1340177948.960975000 seconds [Time delta from previous captured frame: 0.000045000 seconds] [Time delta from previous displayed frame: 0.292589000 seconds] [Time since reference or first frame: 40.939189000 seconds] Frame Number: 3878 Frame Length: 250 bytes (2000 bits) Capture Length: 250 bytes (2000 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 236 Identification: 0x3913 (14611) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0ee6 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: upgrade (2537), Seq: 8477, Ack: 897, Len: 196 Source port: http (80) Destination port: upgrade (2537) [Stream index: 41] Sequence number: 8477 (relative sequence number) [Next sequence number: 8673 (relative sequence number)] Acknowledgement number: 897 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x8ad1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1576] TCP segment data (196 bytes) [4 Reassembled TCP Segments (4336 bytes): #3874(1380), #3875(1380), #3877(1380), #3878(196)] [Frame: 3874, payload: 0-1379 (1380 bytes)] [Frame: 3875, payload: 1380-2759 (1380 bytes)] [Frame: 3877, payload: 2760-4139 (1380 bytes)] [Frame: 3878, payload: 4140-4335 (196 bytes)] [Segment count: 4] [Reassembled TCP length: 4336] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:49 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 3997\r\n [Content length: 3997] Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:49 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 1106 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 64 Samples per line: 134 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3881 2012-06-20 08:39:08.961322 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 3881: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:08.961322000 GMT Daylight Time Epoch Time: 1340177948.961322000 seconds [Time delta from previous captured frame: 0.000100000 seconds] [Time delta from previous displayed frame: 0.000347000 seconds] [Time since reference or first frame: 40.939536000 seconds] Frame Number: 3881 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2758 (10072) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd477 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 1095, Ack: 8673, Len: 237 Source port: upgrade (2537) Destination port: http (80) [Stream index: 41] Sequence number: 1095 (relative sequence number) [Next sequence number: 1332 (relative sequence number)] Acknowledgement number: 8673 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xf7c6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 435] TCP segment data (237 bytes) [2 Reassembled TCP Segments (435 bytes): #3880(198), #3881(237)] [Frame: 3880, payload: 0-197 (198 bytes)] [Frame: 3881, payload: 198-434 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 435] Hypertext Transfer Protocol PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] eXtensible Markup Language No. Time Source Destination Protocol Info 3891 2012-06-20 08:39:09.245792 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3891: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits) Arrival Time: Jun 20, 2012 08:39:09.245792000 GMT Daylight Time Epoch Time: 1340177949.245792000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.284470000 seconds] [Time since reference or first frame: 41.224006000 seconds] Frame Number: 3891 Frame Length: 250 bytes (2000 bits) Capture Length: 250 bytes (2000 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 236 Identification: 0x3919 (14617) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0ee0 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: upgrade (2537), Seq: 12813, Ack: 1332, Len: 196 Source port: http (80) Destination port: upgrade (2537) [Stream index: 41] Sequence number: 12813 (relative sequence number) [Next sequence number: 13009 (relative sequence number)] Acknowledgement number: 1332 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x7829 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1576] TCP segment data (196 bytes) [4 Reassembled TCP Segments (4336 bytes): #3887(1380), #3888(1380), #3890(1380), #3891(196)] [Frame: 3887, payload: 0-1379 (1380 bytes)] [Frame: 3888, payload: 1380-2759 (1380 bytes)] [Frame: 3890, payload: 2760-4139 (1380 bytes)] [Frame: 3891, payload: 4140-4335 (196 bytes)] [Segment count: 4] [Reassembled TCP length: 4336] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:50 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 3997\r\n [Content length: 3997] Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:50 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 1106 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 64 Samples per line: 134 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3893 2012-06-20 08:39:09.246078 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1 Frame 3893: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits) Arrival Time: Jun 20, 2012 08:39:09.246078000 GMT Daylight Time Epoch Time: 1340177949.246078000 seconds [Time delta from previous captured frame: 0.000272000 seconds] [Time delta from previous displayed frame: 0.000286000 seconds] [Time since reference or first frame: 41.224292000 seconds] Frame Number: 3893 Frame Length: 186 bytes (1488 bits) Capture Length: 186 bytes (1488 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 172 Identification: 0x275b (10075) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd4dd [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 1332, Ack: 13009, Len: 132 Source port: upgrade (2537) Destination port: http (80) [Stream index: 41] Sequence number: 1332 (relative sequence number) [Next sequence number: 1464 (relative sequence number)] Acknowledgement number: 13009 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xffb9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 132] Hypertext Transfer Protocol HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0020.jpg?w=134&h=64 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64] No. Time Source Destination Protocol Info 3906 2012-06-20 08:39:09.516294 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 3906: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:09.516294000 GMT Daylight Time Epoch Time: 1340177949.516294000 seconds [Time delta from previous captured frame: 0.000101000 seconds] [Time delta from previous displayed frame: 0.270216000 seconds] [Time since reference or first frame: 41.494508000 seconds] Frame Number: 3906 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2761 (10081) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd46e [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: vnwk-prapi (2538) Destination port: http (80) [Stream index: 42] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x173d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #3905(225), #3906(237)] [Frame: 3905, payload: 0-224 (225 bytes)] [Frame: 3906, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 3967 2012-06-20 08:39:10.107330 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 3967: 1048 bytes on wire (8384 bits), 1048 bytes captured (8384 bits) Arrival Time: Jun 20, 2012 08:39:10.107330000 GMT Daylight Time Epoch Time: 1340177950.107330000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.591036000 seconds] [Time since reference or first frame: 42.085544000 seconds] Frame Number: 3967 Frame Length: 1048 bytes (8384 bits) Capture Length: 1048 bytes (8384 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1034 Identification: 0x3373 (13171) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x1168 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vnwk-prapi (2538), Seq: 47434, Ack: 463, Len: 994 Source port: http (80) Destination port: vnwk-prapi (2538) [Stream index: 42] Sequence number: 47434 (relative sequence number) [Next sequence number: 48428 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x3100 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 994] TCP segment data (994 bytes) [37 Reassembled TCP Segments (48427 bytes): #3910(1380), #3911(1380), #3913(1380), #3914(241), #3916(1380), #3917(1380), #3919(1380), #3920(1380), #3922(272), #3923(1380), #3926(1380), #3927(1380), #3929(1380), #3930(1380), #3932(1380), #39] [Frame: 3910, payload: 0-1379 (1380 bytes)] [Frame: 3911, payload: 1380-2759 (1380 bytes)] [Frame: 3913, payload: 2760-4139 (1380 bytes)] [Frame: 3914, payload: 4140-4380 (241 bytes)] [Frame: 3916, payload: 4381-5760 (1380 bytes)] [Frame: 3917, payload: 5761-7140 (1380 bytes)] [Frame: 3919, payload: 7141-8520 (1380 bytes)] [Frame: 3920, payload: 8521-9900 (1380 bytes)] [Frame: 3922, payload: 9901-10172 (272 bytes)] [Frame: 3923, payload: 10173-11552 (1380 bytes)] [Frame: 3926, payload: 11553-12932 (1380 bytes)] [Frame: 3927, payload: 12933-14312 (1380 bytes)] [Frame: 3929, payload: 14313-15692 (1380 bytes)] [Frame: 3930, payload: 15693-17072 (1380 bytes)] [Frame: 3932, payload: 17073-18452 (1380 bytes)] [Frame: 3933, payload: 18453-19832 (1380 bytes)] [Frame: 3935, payload: 19833-21212 (1380 bytes)] [Frame: 3936, payload: 21213-22592 (1380 bytes)] [Frame: 3938, payload: 22593-23972 (1380 bytes)] [Frame: 3939, payload: 23973-25352 (1380 bytes)] [Frame: 3941, payload: 25353-26732 (1380 bytes)] [Frame: 3942, payload: 26733-28112 (1380 bytes)] [Frame: 3944, payload: 28113-29492 (1380 bytes)] [Frame: 3945, payload: 29493-30872 (1380 bytes)] [Frame: 3947, payload: 30873-32252 (1380 bytes)] [Frame: 3950, payload: 32253-33632 (1380 bytes)] [Frame: 3952, payload: 33633-35012 (1380 bytes)] [Frame: 3953, payload: 35013-36392 (1380 bytes)] [Frame: 3955, payload: 36393-37772 (1380 bytes)] [Frame: 3956, payload: 37773-39152 (1380 bytes)] [Frame: 3958, payload: 39153-40532 (1380 bytes)] [Frame: 3959, payload: 40533-41912 (1380 bytes)] [Frame: 3961, payload: 41913-43292 (1380 bytes)] [Frame: 3962, payload: 43293-44672 (1380 bytes)] [Frame: 3964, payload: 44673-46052 (1380 bytes)] [Frame: 3965, payload: 46053-47432 (1380 bytes)] [Frame: 3967, payload: 47433-48426 (994 bytes)] [Segment count: 37] [Reassembled TCP length: 48427] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:50 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48087\r\n [Content length: 48087] Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:50 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5134 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 405 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 3969 2012-06-20 08:39:10.107824 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 3969: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:10.107824000 GMT Daylight Time Epoch Time: 1340177950.107824000 seconds [Time delta from previous captured frame: 0.000127000 seconds] [Time delta from previous displayed frame: 0.000494000 seconds] [Time since reference or first frame: 42.086038000 seconds] Frame Number: 3969 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2775 (10101) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd45a [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 662, Ack: 48428, Len: 237 Source port: vnwk-prapi (2538) Destination port: http (80) [Stream index: 42] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 48428 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 254 [Calculated window size: 65024] [Window size scaling factor: 256] Checksum: 0x5861 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #3968(199), #3969(237)] [Frame: 3968, payload: 0-198 (199 bytes)] [Frame: 3969, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 4030 2012-06-20 08:39:10.680140 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4030: 708 bytes on wire (5664 bits), 708 bytes captured (5664 bits) Arrival Time: Jun 20, 2012 08:39:10.680140000 GMT Daylight Time Epoch Time: 1340177950.680140000 seconds [Time delta from previous captured frame: 0.000009000 seconds] [Time delta from previous displayed frame: 0.572316000 seconds] [Time since reference or first frame: 42.658354000 seconds] Frame Number: 4030 Frame Length: 708 bytes (5664 bits) Capture Length: 708 bytes (5664 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 694 Identification: 0x339b (13211) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x1294 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vnwk-prapi (2538), Seq: 96201, Ack: 899, Len: 654 Source port: http (80) Destination port: vnwk-prapi (2538) [Stream index: 42] Sequence number: 96201 (relative sequence number) [Next sequence number: 96855 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xb226 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2034] TCP segment data (654 bytes) [38 Reassembled TCP Segments (48427 bytes): #3973(1380), #3974(1380), #3976(1380), #3977(241), #3979(1380), #3980(1380), #3982(1380), #3983(1380), #3985(272), #3986(1380), #3988(1380), #3989(1380), #3991(1380), #3992(1380), #3994(340), #399] [Frame: 3973, payload: 0-1379 (1380 bytes)] [Frame: 3974, payload: 1380-2759 (1380 bytes)] [Frame: 3976, payload: 2760-4139 (1380 bytes)] [Frame: 3977, payload: 4140-4380 (241 bytes)] [Frame: 3979, payload: 4381-5760 (1380 bytes)] [Frame: 3980, payload: 5761-7140 (1380 bytes)] [Frame: 3982, payload: 7141-8520 (1380 bytes)] [Frame: 3983, payload: 8521-9900 (1380 bytes)] [Frame: 3985, payload: 9901-10172 (272 bytes)] [Frame: 3986, payload: 10173-11552 (1380 bytes)] [Frame: 3988, payload: 11553-12932 (1380 bytes)] [Frame: 3989, payload: 12933-14312 (1380 bytes)] [Frame: 3991, payload: 14313-15692 (1380 bytes)] [Frame: 3992, payload: 15693-17072 (1380 bytes)] [Frame: 3994, payload: 17073-17412 (340 bytes)] [Frame: 3997, payload: 17413-18792 (1380 bytes)] [Frame: 3999, payload: 18793-20172 (1380 bytes)] [Frame: 4000, payload: 20173-21552 (1380 bytes)] [Frame: 4002, payload: 21553-22932 (1380 bytes)] [Frame: 4003, payload: 22933-24312 (1380 bytes)] [Frame: 4005, payload: 24313-25692 (1380 bytes)] [Frame: 4006, payload: 25693-27072 (1380 bytes)] [Frame: 4008, payload: 27073-28452 (1380 bytes)] [Frame: 4009, payload: 28453-29832 (1380 bytes)] [Frame: 4011, payload: 29833-31212 (1380 bytes)] [Frame: 4012, payload: 31213-32592 (1380 bytes)] [Frame: 4014, payload: 32593-33972 (1380 bytes)] [Frame: 4015, payload: 33973-35352 (1380 bytes)] [Frame: 4017, payload: 35353-36732 (1380 bytes)] [Frame: 4018, payload: 36733-38112 (1380 bytes)] [Frame: 4020, payload: 38113-39492 (1380 bytes)] [Frame: 4021, payload: 39493-40872 (1380 bytes)] [Frame: 4023, payload: 40873-42252 (1380 bytes)] [Frame: 4024, payload: 42253-43632 (1380 bytes)] [Frame: 4026, payload: 43633-45012 (1380 bytes)] [Frame: 4027, payload: 45013-46392 (1380 bytes)] [Frame: 4029, payload: 46393-47772 (1380 bytes)] [Frame: 4030, payload: 47773-48426 (654 bytes)] [Segment count: 38] [Reassembled TCP length: 48427] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:51 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48087\r\n [Content length: 48087] Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:51 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5134 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 405 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4033 2012-06-20 08:39:10.680573 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 4033: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:10.680573000 GMT Daylight Time Epoch Time: 1340177950.680573000 seconds [Time delta from previous captured frame: 0.000132000 seconds] [Time delta from previous displayed frame: 0.000433000 seconds] [Time since reference or first frame: 42.658787000 seconds] Frame Number: 4033 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x278a (10122) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd445 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 1098, Ack: 96855, Len: 237 Source port: vnwk-prapi (2538) Destination port: http (80) [Stream index: 42] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 96855 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x997d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #4032(199), #4033(237)] [Frame: 4032, payload: 0-198 (199 bytes)] [Frame: 4033, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 4101 2012-06-20 08:39:11.126571 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4101: 300 bytes on wire (2400 bits), 300 bytes captured (2400 bits) Arrival Time: Jun 20, 2012 08:39:11.126571000 GMT Daylight Time Epoch Time: 1340177951.126571000 seconds [Time delta from previous captured frame: 0.000008000 seconds] [Time delta from previous displayed frame: 0.445998000 seconds] [Time since reference or first frame: 43.104785000 seconds] Frame Number: 4101 Frame Length: 300 bytes (2400 bits) Capture Length: 300 bytes (2400 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 286 Identification: 0x33c4 (13252) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x1403 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vnwk-prapi (2538), Seq: 145036, Ack: 1335, Len: 246 Source port: http (80) Destination port: vnwk-prapi (2538) [Stream index: 42] Sequence number: 145036 (relative sequence number) [Next sequence number: 145282 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xcf72 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 246] TCP segment data (246 bytes) [39 Reassembled TCP Segments (48427 bytes): #4041(1380), #4042(1380), #4044(1380), #4045(241), #4047(1380), #4048(1380), #4050(1380), #4051(1380), #4053(272), #4054(1380), #4056(1380), #4057(1380), #4059(1380), #4060(1380), #4062(340), #406] [Frame: 4041, payload: 0-1379 (1380 bytes)] [Frame: 4042, payload: 1380-2759 (1380 bytes)] [Frame: 4044, payload: 2760-4139 (1380 bytes)] [Frame: 4045, payload: 4140-4380 (241 bytes)] [Frame: 4047, payload: 4381-5760 (1380 bytes)] [Frame: 4048, payload: 5761-7140 (1380 bytes)] [Frame: 4050, payload: 7141-8520 (1380 bytes)] [Frame: 4051, payload: 8521-9900 (1380 bytes)] [Frame: 4053, payload: 9901-10172 (272 bytes)] [Frame: 4054, payload: 10173-11552 (1380 bytes)] [Frame: 4056, payload: 11553-12932 (1380 bytes)] [Frame: 4057, payload: 12933-14312 (1380 bytes)] [Frame: 4059, payload: 14313-15692 (1380 bytes)] [Frame: 4060, payload: 15693-17072 (1380 bytes)] [Frame: 4062, payload: 17073-17412 (340 bytes)] [Frame: 4063, payload: 17413-18792 (1380 bytes)] [Frame: 4065, payload: 18793-20172 (1380 bytes)] [Frame: 4066, payload: 20173-21552 (1380 bytes)] [Frame: 4068, payload: 21553-22932 (1380 bytes)] [Frame: 4069, payload: 22933-24312 (1380 bytes)] [Frame: 4071, payload: 24313-25692 (1380 bytes)] [Frame: 4072, payload: 25693-26100 (408 bytes)] [Frame: 4077, payload: 26101-27480 (1380 bytes)] [Frame: 4078, payload: 27481-28860 (1380 bytes)] [Frame: 4080, payload: 28861-30240 (1380 bytes)] [Frame: 4081, payload: 30241-31620 (1380 bytes)] [Frame: 4083, payload: 31621-33000 (1380 bytes)] [Frame: 4084, payload: 33001-34380 (1380 bytes)] [Frame: 4086, payload: 34381-35760 (1380 bytes)] [Frame: 4087, payload: 35761-37140 (1380 bytes)] [Frame: 4089, payload: 37141-38520 (1380 bytes)] [Frame: 4090, payload: 38521-39900 (1380 bytes)] [Frame: 4092, payload: 39901-41280 (1380 bytes)] [Frame: 4093, payload: 41281-42660 (1380 bytes)] [Frame: 4095, payload: 42661-44040 (1380 bytes)] [Frame: 4096, payload: 44041-45420 (1380 bytes)] [Frame: 4098, payload: 45421-46800 (1380 bytes)] [Frame: 4099, payload: 46801-48180 (1380 bytes)] [Frame: 4101, payload: 48181-48426 (246 bytes)] [Segment count: 39] [Reassembled TCP length: 48427] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:51 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 48087\r\n [Content length: 48087] Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:51 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5134 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 405 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4102 2012-06-20 08:39:11.126799 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1 Frame 4102: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:11.126799000 GMT Daylight Time Epoch Time: 1340177951.126799000 seconds [Time delta from previous captured frame: 0.000228000 seconds] [Time delta from previous displayed frame: 0.000228000 seconds] [Time since reference or first frame: 43.105013000 seconds] Frame Number: 4102 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x279e (10142) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd499 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 1335, Ack: 145282, Len: 133 Source port: vnwk-prapi (2538) Destination port: http (80) [Stream index: 42] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 145282 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0x03ec [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4101] [The RTT to ACK the segment was: 0.000228000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0083.jpg?w=405&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640] No. Time Source Destination Protocol Info 4114 2012-06-20 08:39:11.397443 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 4114: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:11.397443000 GMT Daylight Time Epoch Time: 1340177951.397443000 seconds [Time delta from previous captured frame: 0.000039000 seconds] [Time delta from previous displayed frame: 0.270644000 seconds] [Time since reference or first frame: 43.375657000 seconds] Frame Number: 4114 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x27a4 (10148) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd42b [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237 Source port: vsiadmin (2539) Destination port: http (80) [Stream index: 43] Sequence number: 227 (relative sequence number) [Next sequence number: 464 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xd25e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 463] TCP segment data (237 bytes) [2 Reassembled TCP Segments (463 bytes): #4113(226), #4114(237)] [Frame: 4113, payload: 0-225 (226 bytes)] [Frame: 4114, payload: 226-462 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 463] Hypertext Transfer Protocol PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4158 2012-06-20 08:39:11.982307 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4158: 399 bytes on wire (3192 bits), 399 bytes captured (3192 bits) Arrival Time: Jun 20, 2012 08:39:11.982307000 GMT Daylight Time Epoch Time: 1340177951.982307000 seconds [Time delta from previous captured frame: 0.000009000 seconds] [Time delta from previous displayed frame: 0.584864000 seconds] [Time since reference or first frame: 43.960521000 seconds] Frame Number: 4158 Frame Length: 399 bytes (3192 bits) Capture Length: 399 bytes (3192 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 385 Identification: 0xfde0 (64992) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x4983 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vsiadmin (2539), Seq: 34946, Ack: 464, Len: 345 Source port: http (80) Destination port: vsiadmin (2539) [Stream index: 43] Sequence number: 34946 (relative sequence number) [Next sequence number: 35291 (relative sequence number)] Acknowledgement number: 464 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xd897 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 345] TCP segment data (345 bytes) [27 Reassembled TCP Segments (35290 bytes): #4117(1380), #4118(1380), #4120(1380), #4121(1380), #4123(1380), #4124(1380), #4126(445), #4128(1380), #4130(1380), #4131(1380), #4133(1380), #4134(1380), #4136(1380), #4137(1380), #4139(1380), #4] [Frame: 4117, payload: 0-1379 (1380 bytes)] [Frame: 4118, payload: 1380-2759 (1380 bytes)] [Frame: 4120, payload: 2760-4139 (1380 bytes)] [Frame: 4121, payload: 4140-5519 (1380 bytes)] [Frame: 4123, payload: 5520-6899 (1380 bytes)] [Frame: 4124, payload: 6900-8279 (1380 bytes)] [Frame: 4126, payload: 8280-8724 (445 bytes)] [Frame: 4128, payload: 8725-10104 (1380 bytes)] [Frame: 4130, payload: 10105-11484 (1380 bytes)] [Frame: 4131, payload: 11485-12864 (1380 bytes)] [Frame: 4133, payload: 12865-14244 (1380 bytes)] [Frame: 4134, payload: 14245-15624 (1380 bytes)] [Frame: 4136, payload: 15625-17004 (1380 bytes)] [Frame: 4137, payload: 17005-18384 (1380 bytes)] [Frame: 4139, payload: 18385-19764 (1380 bytes)] [Frame: 4140, payload: 19765-21144 (1380 bytes)] [Frame: 4142, payload: 21145-22524 (1380 bytes)] [Frame: 4143, payload: 22525-23904 (1380 bytes)] [Frame: 4145, payload: 23905-25284 (1380 bytes)] [Frame: 4147, payload: 25285-26664 (1380 bytes)] [Frame: 4149, payload: 26665-28044 (1380 bytes)] [Frame: 4150, payload: 28045-29424 (1380 bytes)] [Frame: 4152, payload: 29425-30804 (1380 bytes)] [Frame: 4153, payload: 30805-32184 (1380 bytes)] [Frame: 4155, payload: 32185-33564 (1380 bytes)] [Frame: 4156, payload: 33565-34944 (1380 bytes)] [Frame: 4158, payload: 34945-35289 (345 bytes)] [Segment count: 27] [Reassembled TCP length: 35290] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:52 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 34949\r\n [Content length: 34949] Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:52 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7221 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 238 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4160 2012-06-20 08:39:11.982772 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 4160: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:11.982772000 GMT Daylight Time Epoch Time: 1340177951.982772000 seconds [Time delta from previous captured frame: 0.000132000 seconds] [Time delta from previous displayed frame: 0.000465000 seconds] [Time since reference or first frame: 43.960986000 seconds] Frame Number: 4160 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x27b3 (10163) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd41c [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 664, Ack: 35291, Len: 237 Source port: vsiadmin (2539) Destination port: http (80) [Stream index: 43] Sequence number: 664 (relative sequence number) [Next sequence number: 901 (relative sequence number)] Acknowledgement number: 35291 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0x46d0 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #4159(200), #4160(237)] [Frame: 4159, payload: 0-199 (200 bytes)] [Frame: 4160, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4206 2012-06-20 08:39:12.401090 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4206: 1303 bytes on wire (10424 bits), 1303 bytes captured (10424 bits) Arrival Time: Jun 20, 2012 08:39:12.401090000 GMT Daylight Time Epoch Time: 1340177952.401090000 seconds [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.418318000 seconds] [Time since reference or first frame: 44.379304000 seconds] Frame Number: 4206 Frame Length: 1303 bytes (10424 bits) Capture Length: 1303 bytes (10424 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1289 Identification: 0xfdfe (65022) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x45dd [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vsiadmin (2539), Seq: 69332, Ack: 901, Len: 1249 Source port: http (80) Destination port: vsiadmin (2539) [Stream index: 43] Sequence number: 69332 (relative sequence number) [Next sequence number: 70581 (relative sequence number)] Acknowledgement number: 901 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xe1ad [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2629] TCP segment data (1249 bytes) [28 Reassembled TCP Segments (35290 bytes): #4166(1380), #4167(1380), #4169(1380), #4170(1380), #4172(1380), #4173(377), #4175(1380), #4176(1380), #4178(1380), #4179(1380), #4181(1380), #4182(340), #4184(1380), #4185(1380), #4187(1380), #41] [Frame: 4166, payload: 0-1379 (1380 bytes)] [Frame: 4167, payload: 1380-2759 (1380 bytes)] [Frame: 4169, payload: 2760-4139 (1380 bytes)] [Frame: 4170, payload: 4140-5519 (1380 bytes)] [Frame: 4172, payload: 5520-6899 (1380 bytes)] [Frame: 4173, payload: 6900-7276 (377 bytes)] [Frame: 4175, payload: 7277-8656 (1380 bytes)] [Frame: 4176, payload: 8657-10036 (1380 bytes)] [Frame: 4178, payload: 10037-11416 (1380 bytes)] [Frame: 4179, payload: 11417-12796 (1380 bytes)] [Frame: 4181, payload: 12797-14176 (1380 bytes)] [Frame: 4182, payload: 14177-14516 (340 bytes)] [Frame: 4184, payload: 14517-15896 (1380 bytes)] [Frame: 4185, payload: 15897-17276 (1380 bytes)] [Frame: 4187, payload: 17277-18656 (1380 bytes)] [Frame: 4188, payload: 18657-18860 (204 bytes)] [Frame: 4190, payload: 18861-20240 (1380 bytes)] [Frame: 4191, payload: 20241-21620 (1380 bytes)] [Frame: 4193, payload: 21621-23000 (1380 bytes)] [Frame: 4194, payload: 23001-24380 (1380 bytes)] [Frame: 4196, payload: 24381-25760 (1380 bytes)] [Frame: 4197, payload: 25761-27140 (1380 bytes)] [Frame: 4199, payload: 27141-28520 (1380 bytes)] [Frame: 4200, payload: 28521-29900 (1380 bytes)] [Frame: 4202, payload: 29901-31280 (1380 bytes)] [Frame: 4203, payload: 31281-32660 (1380 bytes)] [Frame: 4205, payload: 32661-34040 (1380 bytes)] [Frame: 4206, payload: 34041-35289 (1249 bytes)] [Segment count: 28] [Reassembled TCP length: 35290] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:53 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 34949\r\n [Content length: 34949] Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:53 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7221 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 238 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4209 2012-06-20 08:39:12.401515 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 4209: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:12.401515000 GMT Daylight Time Epoch Time: 1340177952.401515000 seconds [Time delta from previous captured frame: 0.000101000 seconds] [Time delta from previous displayed frame: 0.000425000 seconds] [Time since reference or first frame: 44.379729000 seconds] Frame Number: 4209 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x27c3 (10179) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd40c [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 1101, Ack: 70581, Len: 237 Source port: vsiadmin (2539) Destination port: http (80) [Stream index: 43] Sequence number: 1101 (relative sequence number) [Next sequence number: 1338 (relative sequence number)] Acknowledgement number: 70581 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xbb3f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #4208(200), #4209(237)] [Frame: 4208, payload: 0-199 (200 bytes)] [Frame: 4209, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4257 2012-06-20 08:39:12.844995 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4257: 1031 bytes on wire (8248 bits), 1031 bytes captured (8248 bits) Arrival Time: Jun 20, 2012 08:39:12.844995000 GMT Daylight Time Epoch Time: 1340177952.844995000 seconds [Time delta from previous captured frame: 0.000010000 seconds] [Time delta from previous displayed frame: 0.443480000 seconds] [Time since reference or first frame: 44.823209000 seconds] Frame Number: 4257 Frame Length: 1031 bytes (8248 bits) Capture Length: 1031 bytes (8248 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1017 Identification: 0xfe1c (65052) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x46cf [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vsiadmin (2539), Seq: 104894, Ack: 1338, Len: 977 Source port: http (80) Destination port: vsiadmin (2539) [Stream index: 43] Sequence number: 104894 (relative sequence number) [Next sequence number: 105871 (relative sequence number)] Acknowledgement number: 1338 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xbd37 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2357] TCP segment data (977 bytes) [28 Reassembled TCP Segments (35290 bytes): #4216(1380), #4217(1380), #4219(1380), #4220(1380), #4222(1380), #4223(377), #4225(1380), #4226(1380), #4228(1380), #4229(1380), #4231(1380), #4232(340), #4234(1380), #4235(1380), #4237(1380), #42] [Frame: 4216, payload: 0-1379 (1380 bytes)] [Frame: 4217, payload: 1380-2759 (1380 bytes)] [Frame: 4219, payload: 2760-4139 (1380 bytes)] [Frame: 4220, payload: 4140-5519 (1380 bytes)] [Frame: 4222, payload: 5520-6899 (1380 bytes)] [Frame: 4223, payload: 6900-7276 (377 bytes)] [Frame: 4225, payload: 7277-8656 (1380 bytes)] [Frame: 4226, payload: 8657-10036 (1380 bytes)] [Frame: 4228, payload: 10037-11416 (1380 bytes)] [Frame: 4229, payload: 11417-12796 (1380 bytes)] [Frame: 4231, payload: 12797-14176 (1380 bytes)] [Frame: 4232, payload: 14177-14516 (340 bytes)] [Frame: 4234, payload: 14517-15896 (1380 bytes)] [Frame: 4235, payload: 15897-17276 (1380 bytes)] [Frame: 4237, payload: 17277-18656 (1380 bytes)] [Frame: 4238, payload: 18657-20036 (1380 bytes)] [Frame: 4240, payload: 20037-21416 (1380 bytes)] [Frame: 4241, payload: 21417-22796 (1380 bytes)] [Frame: 4243, payload: 22797-24176 (1380 bytes)] [Frame: 4244, payload: 24177-24652 (476 bytes)] [Frame: 4247, payload: 24653-26032 (1380 bytes)] [Frame: 4248, payload: 26033-27412 (1380 bytes)] [Frame: 4250, payload: 27413-28792 (1380 bytes)] [Frame: 4251, payload: 28793-30172 (1380 bytes)] [Frame: 4253, payload: 30173-31552 (1380 bytes)] [Frame: 4254, payload: 31553-32932 (1380 bytes)] [Frame: 4256, payload: 32933-34312 (1380 bytes)] [Frame: 4257, payload: 34313-35289 (977 bytes)] [Segment count: 28] [Reassembled TCP length: 35290] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:53 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 34949\r\n [Content length: 34949] Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:53 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7221 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 238 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4259 2012-06-20 08:39:12.845275 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1 Frame 4259: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits) Arrival Time: Jun 20, 2012 08:39:12.845275000 GMT Daylight Time Epoch Time: 1340177952.845275000 seconds [Time delta from previous captured frame: 0.000252000 seconds] [Time delta from previous displayed frame: 0.000280000 seconds] [Time since reference or first frame: 44.823489000 seconds] Frame Number: 4259 Frame Length: 188 bytes (1504 bits) Capture Length: 188 bytes (1504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 174 Identification: 0x27d2 (10194) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd464 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 1338, Ack: 105871, Len: 134 Source port: vsiadmin (2539) Destination port: http (80) [Stream index: 43] Sequence number: 1338 (relative sequence number) [Next sequence number: 1472 (relative sequence number)] Acknowledgement number: 105871 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x78ad [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 134] Hypertext Transfer Protocol HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_00931.jpg?w=238&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400] No. Time Source Destination Protocol Info 4272 2012-06-20 08:39:13.113510 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 4272: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:13.113510000 GMT Daylight Time Epoch Time: 1340177953.113510000 seconds [Time delta from previous captured frame: 0.000101000 seconds] [Time delta from previous displayed frame: 0.268235000 seconds] [Time since reference or first frame: 45.091724000 seconds] Frame Number: 4272 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x27d8 (10200) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3f7 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237 Source port: lonworks (2540) Destination port: http (80) [Stream index: 44] Sequence number: 227 (relative sequence number) [Next sequence number: 464 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x6166 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 463] TCP segment data (237 bytes) [2 Reassembled TCP Segments (463 bytes): #4271(226), #4272(237)] [Frame: 4271, payload: 0-225 (226 bytes)] [Frame: 4272, payload: 226-462 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 463] Hypertext Transfer Protocol PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4311 2012-06-20 08:39:13.688346 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4311: 1288 bytes on wire (10304 bits), 1288 bytes captured (10304 bits) Arrival Time: Jun 20, 2012 08:39:13.688346000 GMT Daylight Time Epoch Time: 1340177953.688346000 seconds [Time delta from previous captured frame: 0.000134000 seconds] [Time delta from previous displayed frame: 0.574836000 seconds] [Time since reference or first frame: 45.666560000 seconds] Frame Number: 4311 Frame Length: 1288 bytes (10304 bits) Capture Length: 1288 bytes (10304 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1274 Identification: 0xfaf6 (64246) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x48f4 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks (2540), Seq: 26734, Ack: 464, Len: 1234 Source port: http (80) Destination port: lonworks (2540) [Stream index: 44] Sequence number: 26734 (relative sequence number) [Next sequence number: 27968 (relative sequence number)] Acknowledgement number: 464 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x6884 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2614] TCP segment data (1234 bytes) [22 Reassembled TCP Segments (27967 bytes): #4278(1380), #4279(1380), #4281(1380), #4282(241), #4284(1380), #4285(1380), #4287(1380), #4288(1380), #4290(272), #4292(1380), #4294(1380), #4295(1380), #4297(1380), #4298(1380), #4300(1380), #43] [Frame: 4278, payload: 0-1379 (1380 bytes)] [Frame: 4279, payload: 1380-2759 (1380 bytes)] [Frame: 4281, payload: 2760-4139 (1380 bytes)] [Frame: 4282, payload: 4140-4380 (241 bytes)] [Frame: 4284, payload: 4381-5760 (1380 bytes)] [Frame: 4285, payload: 5761-7140 (1380 bytes)] [Frame: 4287, payload: 7141-8520 (1380 bytes)] [Frame: 4288, payload: 8521-9900 (1380 bytes)] [Frame: 4290, payload: 9901-10172 (272 bytes)] [Frame: 4292, payload: 10173-11552 (1380 bytes)] [Frame: 4294, payload: 11553-12932 (1380 bytes)] [Frame: 4295, payload: 12933-14312 (1380 bytes)] [Frame: 4297, payload: 14313-15692 (1380 bytes)] [Frame: 4298, payload: 15693-17072 (1380 bytes)] [Frame: 4300, payload: 17073-18452 (1380 bytes)] [Frame: 4301, payload: 18453-19832 (1380 bytes)] [Frame: 4303, payload: 19833-21212 (1380 bytes)] [Frame: 4304, payload: 21213-22592 (1380 bytes)] [Frame: 4306, payload: 22593-23972 (1380 bytes)] [Frame: 4308, payload: 23973-25352 (1380 bytes)] [Frame: 4310, payload: 25353-26732 (1380 bytes)] [Frame: 4311, payload: 26733-27966 (1234 bytes)] [Segment count: 22] [Reassembled TCP length: 27967] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:54 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 27627\r\n [Content length: 27627] Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:54 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6304 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 237 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4314 2012-06-20 08:39:13.688793 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 4314: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:13.688793000 GMT Daylight Time Epoch Time: 1340177953.688793000 seconds [Time delta from previous captured frame: 0.000136000 seconds] [Time delta from previous displayed frame: 0.000447000 seconds] [Time since reference or first frame: 45.667007000 seconds] Frame Number: 4314 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x27e5 (10213) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3ea [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 664, Ack: 27968, Len: 237 Source port: lonworks (2540) Destination port: http (80) [Stream index: 44] Sequence number: 664 (relative sequence number) [Next sequence number: 901 (relative sequence number)] Acknowledgement number: 27968 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xf271 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #4313(200), #4314(237)] [Frame: 4313, payload: 0-199 (200 bytes)] [Frame: 4314, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4352 2012-06-20 08:39:14.116379 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4352: 1084 bytes on wire (8672 bits), 1084 bytes captured (8672 bits) Arrival Time: Jun 20, 2012 08:39:14.116379000 GMT Daylight Time Epoch Time: 1340177954.116379000 seconds [Time delta from previous captured frame: 0.000087000 seconds] [Time delta from previous displayed frame: 0.427586000 seconds] [Time since reference or first frame: 46.094593000 seconds] Frame Number: 4352 Frame Length: 1084 bytes (8672 bits) Capture Length: 1084 bytes (8672 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1070 Identification: 0xfb0f (64271) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x49a7 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks (2540), Seq: 54905, Ack: 901, Len: 1030 Source port: http (80) Destination port: lonworks (2540) [Stream index: 44] Sequence number: 54905 (relative sequence number) [Next sequence number: 55935 (relative sequence number)] Acknowledgement number: 901 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xd2ee [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1030] TCP segment data (1030 bytes) [23 Reassembled TCP Segments (27967 bytes): #4318(1380), #4319(105), #4321(1380), #4322(1380), #4324(1380), #4325(204), #4327(1380), #4328(1380), #4330(1380), #4331(1380), #4333(1380), #4334(1380), #4336(408), #4338(1380), #4340(1380), #434] [Frame: 4318, payload: 0-1379 (1380 bytes)] [Frame: 4319, payload: 1380-1484 (105 bytes)] [Frame: 4321, payload: 1485-2864 (1380 bytes)] [Frame: 4322, payload: 2865-4244 (1380 bytes)] [Frame: 4324, payload: 4245-5624 (1380 bytes)] [Frame: 4325, payload: 5625-5828 (204 bytes)] [Frame: 4327, payload: 5829-7208 (1380 bytes)] [Frame: 4328, payload: 7209-8588 (1380 bytes)] [Frame: 4330, payload: 8589-9968 (1380 bytes)] [Frame: 4331, payload: 9969-11348 (1380 bytes)] [Frame: 4333, payload: 11349-12728 (1380 bytes)] [Frame: 4334, payload: 12729-14108 (1380 bytes)] [Frame: 4336, payload: 14109-14516 (408 bytes)] [Frame: 4338, payload: 14517-15896 (1380 bytes)] [Frame: 4340, payload: 15897-17276 (1380 bytes)] [Frame: 4341, payload: 17277-18656 (1380 bytes)] [Frame: 4343, payload: 18657-20036 (1380 bytes)] [Frame: 4344, payload: 20037-21416 (1380 bytes)] [Frame: 4346, payload: 21417-22796 (1380 bytes)] [Frame: 4347, payload: 22797-24176 (1380 bytes)] [Frame: 4349, payload: 24177-25556 (1380 bytes)] [Frame: 4350, payload: 25557-26936 (1380 bytes)] [Frame: 4352, payload: 26937-27966 (1030 bytes)] [Segment count: 23] [Reassembled TCP length: 27967] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:54 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 27627\r\n [Content length: 27627] Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:54 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6304 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 237 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4354 2012-06-20 08:39:14.116838 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 4354: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:14.116838000 GMT Daylight Time Epoch Time: 1340177954.116838000 seconds [Time delta from previous captured frame: 0.000099000 seconds] [Time delta from previous displayed frame: 0.000459000 seconds] [Time since reference or first frame: 46.095052000 seconds] Frame Number: 4354 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x27f2 (10226) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3dd [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 1101, Ack: 55935, Len: 237 Source port: lonworks (2540) Destination port: http (80) [Stream index: 44] Sequence number: 1101 (relative sequence number) [Next sequence number: 1338 (relative sequence number)] Acknowledgement number: 55935 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 254 [Calculated window size: 65024] [Window size scaling factor: 256] Checksum: 0x8381 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #4353(200), #4354(237)] [Frame: 4353, payload: 0-199 (200 bytes)] [Frame: 4354, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4395 2012-06-20 08:39:14.513441 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4395: 948 bytes on wire (7584 bits), 948 bytes captured (7584 bits) Arrival Time: Jun 20, 2012 08:39:14.513441000 GMT Daylight Time Epoch Time: 1340177954.513441000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.396603000 seconds] [Time since reference or first frame: 46.491655000 seconds] Frame Number: 4395 Frame Length: 948 bytes (7584 bits) Capture Length: 948 bytes (7584 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 934 Identification: 0xfb28 (64296) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x4a16 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks (2540), Seq: 83008, Ack: 1338, Len: 894 Source port: http (80) Destination port: lonworks (2540) [Stream index: 44] Sequence number: 83008 (relative sequence number) [Next sequence number: 83902 (relative sequence number)] Acknowledgement number: 1338 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x691d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 894] TCP segment data (894 bytes) [23 Reassembled TCP Segments (27967 bytes): #4360(1380), #4361(1380), #4363(1380), #4364(241), #4366(1380), #4367(1380), #4369(1380), #4370(1380), #4372(272), #4373(1380), #4375(1380), #4376(1380), #4378(1380), #4379(1380), #4381(340), #438] [Frame: 4360, payload: 0-1379 (1380 bytes)] [Frame: 4361, payload: 1380-2759 (1380 bytes)] [Frame: 4363, payload: 2760-4139 (1380 bytes)] [Frame: 4364, payload: 4140-4380 (241 bytes)] [Frame: 4366, payload: 4381-5760 (1380 bytes)] [Frame: 4367, payload: 5761-7140 (1380 bytes)] [Frame: 4369, payload: 7141-8520 (1380 bytes)] [Frame: 4370, payload: 8521-9900 (1380 bytes)] [Frame: 4372, payload: 9901-10172 (272 bytes)] [Frame: 4373, payload: 10173-11552 (1380 bytes)] [Frame: 4375, payload: 11553-12932 (1380 bytes)] [Frame: 4376, payload: 12933-14312 (1380 bytes)] [Frame: 4378, payload: 14313-15692 (1380 bytes)] [Frame: 4379, payload: 15693-17072 (1380 bytes)] [Frame: 4381, payload: 17073-17412 (340 bytes)] [Frame: 4384, payload: 17413-18792 (1380 bytes)] [Frame: 4386, payload: 18793-20172 (1380 bytes)] [Frame: 4387, payload: 20173-21552 (1380 bytes)] [Frame: 4389, payload: 21553-22932 (1380 bytes)] [Frame: 4390, payload: 22933-24312 (1380 bytes)] [Frame: 4392, payload: 24313-25692 (1380 bytes)] [Frame: 4393, payload: 25693-27072 (1380 bytes)] [Frame: 4395, payload: 27073-27966 (894 bytes)] [Segment count: 23] [Reassembled TCP length: 27967] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:55 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 27627\r\n [Content length: 27627] Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:55 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6304 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 237 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4396 2012-06-20 08:39:14.513737 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1 Frame 4396: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits) Arrival Time: Jun 20, 2012 08:39:14.513737000 GMT Daylight Time Epoch Time: 1340177954.513737000 seconds [Time delta from previous captured frame: 0.000296000 seconds] [Time delta from previous displayed frame: 0.000296000 seconds] [Time since reference or first frame: 46.491951000 seconds] Frame Number: 4396 Frame Length: 188 bytes (1504 bits) Capture Length: 188 bytes (1504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 174 Identification: 0x27fe (10238) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd438 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 1338, Ack: 83902, Len: 134 Source port: lonworks (2540) Destination port: http (80) [Stream index: 44] Sequence number: 1338 (relative sequence number) [Next sequence number: 1472 (relative sequence number)] Acknowledgement number: 83902 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x5e8a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4395] [The RTT to ACK the segment was: 0.000296000 seconds] [Bytes in flight: 134] Hypertext Transfer Protocol HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_00921.jpg?w=237&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400] No. Time Source Destination Protocol Info 4407 2012-06-20 08:39:14.782502 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 4407: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:14.782502000 GMT Daylight Time Epoch Time: 1340177954.782502000 seconds [Time delta from previous captured frame: 0.000128000 seconds] [Time delta from previous displayed frame: 0.268765000 seconds] [Time since reference or first frame: 46.760716000 seconds] Frame Number: 4407 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2804 (10244) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3cb [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: lonworks2 (2541) Destination port: http (80) [Stream index: 46] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x3022 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #4406(225), #4407(237)] [Frame: 4406, payload: 0-224 (225 bytes)] [Frame: 4407, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4465 2012-06-20 08:39:15.329019 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4465: 817 bytes on wire (6536 bits), 817 bytes captured (6536 bits) Arrival Time: Jun 20, 2012 08:39:15.329019000 GMT Daylight Time Epoch Time: 1340177955.329019000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.546517000 seconds] [Time since reference or first frame: 47.307233000 seconds] Frame Number: 4465 Frame Length: 817 bytes (6536 bits) Capture Length: 817 bytes (6536 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 803 Identification: 0xab47 (43847) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x9a7a [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks2 (2541), Seq: 46122, Ack: 463, Len: 763 Source port: http (80) Destination port: lonworks2 (2541) [Stream index: 46] Sequence number: 46122 (relative sequence number) [Next sequence number: 46885 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x493e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 763] TCP segment data (763 bytes) [35 Reassembled TCP Segments (46884 bytes): #4412(1380), #4413(1380), #4415(1380), #4416(1380), #4418(1380), #4419(1380), #4421(1380), #4422(1380), #4424(581), #4425(1380), #4428(1380), #4429(1380), #4431(1380), #4432(1380), #4434(1380), #4] [Frame: 4412, payload: 0-1379 (1380 bytes)] [Frame: 4413, payload: 1380-2759 (1380 bytes)] [Frame: 4415, payload: 2760-4139 (1380 bytes)] [Frame: 4416, payload: 4140-5519 (1380 bytes)] [Frame: 4418, payload: 5520-6899 (1380 bytes)] [Frame: 4419, payload: 6900-8279 (1380 bytes)] [Frame: 4421, payload: 8280-9659 (1380 bytes)] [Frame: 4422, payload: 9660-11039 (1380 bytes)] [Frame: 4424, payload: 11040-11620 (581 bytes)] [Frame: 4425, payload: 11621-13000 (1380 bytes)] [Frame: 4428, payload: 13001-14380 (1380 bytes)] [Frame: 4429, payload: 14381-15760 (1380 bytes)] [Frame: 4431, payload: 15761-17140 (1380 bytes)] [Frame: 4432, payload: 17141-18520 (1380 bytes)] [Frame: 4434, payload: 18521-19900 (1380 bytes)] [Frame: 4435, payload: 19901-21280 (1380 bytes)] [Frame: 4437, payload: 21281-22660 (1380 bytes)] [Frame: 4438, payload: 22661-24040 (1380 bytes)] [Frame: 4440, payload: 24041-25420 (1380 bytes)] [Frame: 4441, payload: 25421-26800 (1380 bytes)] [Frame: 4443, payload: 26801-28180 (1380 bytes)] [Frame: 4444, payload: 28181-29560 (1380 bytes)] [Frame: 4446, payload: 29561-30940 (1380 bytes)] [Frame: 4447, payload: 30941-32320 (1380 bytes)] [Frame: 4449, payload: 32321-33700 (1380 bytes)] [Frame: 4451, payload: 33701-35080 (1380 bytes)] [Frame: 4453, payload: 35081-36460 (1380 bytes)] [Frame: 4454, payload: 36461-37840 (1380 bytes)] [Frame: 4456, payload: 37841-39220 (1380 bytes)] [Frame: 4457, payload: 39221-40600 (1380 bytes)] [Frame: 4459, payload: 40601-41980 (1380 bytes)] [Frame: 4460, payload: 41981-43360 (1380 bytes)] [Frame: 4462, payload: 43361-44740 (1380 bytes)] [Frame: 4463, payload: 44741-46120 (1380 bytes)] [Frame: 4465, payload: 46121-46883 (763 bytes)] [Segment count: 35] [Reassembled TCP length: 46884] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:56 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 46544\r\n [Content length: 46544] Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:56 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 80\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7881 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4467 2012-06-20 08:39:15.329484 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 4467: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:15.329484000 GMT Daylight Time Epoch Time: 1340177955.329484000 seconds [Time delta from previous captured frame: 0.000102000 seconds] [Time delta from previous displayed frame: 0.000465000 seconds] [Time since reference or first frame: 47.307698000 seconds] Frame Number: 4467 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2817 (10263) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3b8 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 662, Ack: 46885, Len: 237 Source port: lonworks2 (2541) Destination port: http (80) [Stream index: 46] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 46885 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x774c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #4466(199), #4467(237)] [Frame: 4466, payload: 0-198 (199 bytes)] [Frame: 4467, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4528 2012-06-20 08:39:15.740510 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4528: 409 bytes on wire (3272 bits), 409 bytes captured (3272 bits) Arrival Time: Jun 20, 2012 08:39:15.740510000 GMT Daylight Time Epoch Time: 1340177955.740510000 seconds [Time delta from previous captured frame: 0.000024000 seconds] [Time delta from previous displayed frame: 0.411026000 seconds] [Time since reference or first frame: 47.718724000 seconds] Frame Number: 4528 Frame Length: 409 bytes (3272 bits) Capture Length: 409 bytes (3272 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 395 Identification: 0xab6e (43886) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x9beb [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks2 (2541), Seq: 93414, Ack: 899, Len: 355 Source port: http (80) Destination port: lonworks2 (2541) [Stream index: 46] Sequence number: 93414 (relative sequence number) [Next sequence number: 93769 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x6d07 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 355] TCP segment data (355 bytes) [37 Reassembled TCP Segments (46884 bytes): #4474(1380), #4475(1380), #4477(1380), #4478(1380), #4480(309), #4481(1380), #4483(1380), #4484(1380), #4486(1380), #4487(1380), #4489(1380), #4490(408), #4492(1380), #4493(1380), #4495(1380), #44] [Frame: 4474, payload: 0-1379 (1380 bytes)] [Frame: 4475, payload: 1380-2759 (1380 bytes)] [Frame: 4477, payload: 2760-4139 (1380 bytes)] [Frame: 4478, payload: 4140-5519 (1380 bytes)] [Frame: 4480, payload: 5520-5828 (309 bytes)] [Frame: 4481, payload: 5829-7208 (1380 bytes)] [Frame: 4483, payload: 7209-8588 (1380 bytes)] [Frame: 4484, payload: 8589-9968 (1380 bytes)] [Frame: 4486, payload: 9969-11348 (1380 bytes)] [Frame: 4487, payload: 11349-12728 (1380 bytes)] [Frame: 4489, payload: 12729-14108 (1380 bytes)] [Frame: 4490, payload: 14109-14516 (408 bytes)] [Frame: 4492, payload: 14517-15896 (1380 bytes)] [Frame: 4493, payload: 15897-17276 (1380 bytes)] [Frame: 4495, payload: 17277-18656 (1380 bytes)] [Frame: 4496, payload: 18657-20036 (1380 bytes)] [Frame: 4498, payload: 20037-20308 (272 bytes)] [Frame: 4499, payload: 20309-21688 (1380 bytes)] [Frame: 4501, payload: 21689-23068 (1380 bytes)] [Frame: 4502, payload: 23069-24448 (1380 bytes)] [Frame: 4504, payload: 24449-25828 (1380 bytes)] [Frame: 4505, payload: 25829-27208 (1380 bytes)] [Frame: 4507, payload: 27209-28588 (1380 bytes)] [Frame: 4508, payload: 28589-29968 (1380 bytes)] [Frame: 4510, payload: 29969-31348 (1380 bytes)] [Frame: 4511, payload: 31349-32728 (1380 bytes)] [Frame: 4513, payload: 32729-34108 (1380 bytes)] [Frame: 4514, payload: 34109-35488 (1380 bytes)] [Frame: 4516, payload: 35489-36868 (1380 bytes)] [Frame: 4517, payload: 36869-38248 (1380 bytes)] [Frame: 4519, payload: 38249-39628 (1380 bytes)] [Frame: 4520, payload: 39629-41008 (1380 bytes)] [Frame: 4522, payload: 41009-42388 (1380 bytes)] [Frame: 4523, payload: 42389-43768 (1380 bytes)] [Frame: 4525, payload: 43769-45148 (1380 bytes)] [Frame: 4526, payload: 45149-46528 (1380 bytes)] [Frame: 4528, payload: 46529-46883 (355 bytes)] [Segment count: 37] [Reassembled TCP length: 46884] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:56 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 46544\r\n [Content length: 46544] Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:56 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 80\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7881 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4530 2012-06-20 08:39:15.740812 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 4530: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:15.740812000 GMT Daylight Time Epoch Time: 1340177955.740812000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000302000 seconds] [Time since reference or first frame: 47.719026000 seconds] Frame Number: 4530 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x282b (10283) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3a4 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 1098, Ack: 93769, Len: 237 Source port: lonworks2 (2541) Destination port: http (80) [Stream index: 46] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 93769 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0xbe71 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #4529(199), #4530(237)] [Frame: 4529, payload: 0-198 (199 bytes)] [Frame: 4530, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4587 2012-06-20 08:39:16.154182 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4587: 1041 bytes on wire (8328 bits), 1041 bytes captured (8328 bits) Arrival Time: Jun 20, 2012 08:39:16.154182000 GMT Daylight Time Epoch Time: 1340177956.154182000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.413370000 seconds] [Time since reference or first frame: 48.132396000 seconds] Frame Number: 4587 Frame Length: 1041 bytes (8328 bits) Capture Length: 1041 bytes (8328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1027 Identification: 0xab95 (43925) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x994c [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks2 (2541), Seq: 139666, Ack: 1335, Len: 987 Source port: http (80) Destination port: lonworks2 (2541) [Stream index: 46] Sequence number: 139666 (relative sequence number) [Next sequence number: 140653 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x02ab [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 987] TCP segment data (987 bytes) [37 Reassembled TCP Segments (46884 bytes): #4533(1380), #4534(1380), #4536(1380), #4537(1380), #4539(1380), #4540(1380), #4542(1380), #4543(513), #4545(1380), #4546(1380), #4548(1380), #4549(204), #4551(1380), #4552(1380), #4554(136), #455] [Frame: 4533, payload: 0-1379 (1380 bytes)] [Frame: 4534, payload: 1380-2759 (1380 bytes)] [Frame: 4536, payload: 2760-4139 (1380 bytes)] [Frame: 4537, payload: 4140-5519 (1380 bytes)] [Frame: 4539, payload: 5520-6899 (1380 bytes)] [Frame: 4540, payload: 6900-8279 (1380 bytes)] [Frame: 4542, payload: 8280-9659 (1380 bytes)] [Frame: 4543, payload: 9660-10172 (513 bytes)] [Frame: 4545, payload: 10173-11552 (1380 bytes)] [Frame: 4546, payload: 11553-12932 (1380 bytes)] [Frame: 4548, payload: 12933-14312 (1380 bytes)] [Frame: 4549, payload: 14313-14516 (204 bytes)] [Frame: 4551, payload: 14517-15896 (1380 bytes)] [Frame: 4552, payload: 15897-17276 (1380 bytes)] [Frame: 4554, payload: 17277-17412 (136 bytes)] [Frame: 4555, payload: 17413-18792 (1380 bytes)] [Frame: 4557, payload: 18793-20172 (1380 bytes)] [Frame: 4558, payload: 20173-21552 (1380 bytes)] [Frame: 4560, payload: 21553-22932 (1380 bytes)] [Frame: 4561, payload: 22933-24312 (1380 bytes)] [Frame: 4563, payload: 24313-25692 (1380 bytes)] [Frame: 4564, payload: 25693-27072 (1380 bytes)] [Frame: 4566, payload: 27073-28452 (1380 bytes)] [Frame: 4567, payload: 28453-29832 (1380 bytes)] [Frame: 4569, payload: 29833-31212 (1380 bytes)] [Frame: 4570, payload: 31213-32592 (1380 bytes)] [Frame: 4572, payload: 32593-33972 (1380 bytes)] [Frame: 4573, payload: 33973-35352 (1380 bytes)] [Frame: 4575, payload: 35353-36236 (884 bytes)] [Frame: 4576, payload: 36237-37616 (1380 bytes)] [Frame: 4578, payload: 37617-38996 (1380 bytes)] [Frame: 4579, payload: 38997-40376 (1380 bytes)] [Frame: 4581, payload: 40377-41756 (1380 bytes)] [Frame: 4582, payload: 41757-43136 (1380 bytes)] [Frame: 4584, payload: 43137-44516 (1380 bytes)] [Frame: 4585, payload: 44517-45896 (1380 bytes)] [Frame: 4587, payload: 45897-46883 (987 bytes)] [Segment count: 37] [Reassembled TCP length: 46884] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:57 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 46544\r\n [Content length: 46544] Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:57 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 80\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7881 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4588 2012-06-20 08:39:16.154521 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1 Frame 4588: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:16.154521000 GMT Daylight Time Epoch Time: 1340177956.154521000 seconds [Time delta from previous captured frame: 0.000339000 seconds] [Time delta from previous displayed frame: 0.000339000 seconds] [Time since reference or first frame: 48.132735000 seconds] Frame Number: 4588 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x283e (10302) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3f9 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 1335, Ack: 140653, Len: 133 Source port: lonworks2 (2541) Destination port: http (80) [Stream index: 46] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 140653 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 254 [Calculated window size: 65024] [Window size scaling factor: 256] Checksum: 0x33f3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4587] [The RTT to ACK the segment was: 0.000339000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0101.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400] No. Time Source Destination Protocol Info 4599 2012-06-20 08:39:16.424284 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 4599: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:16.424284000 GMT Daylight Time Epoch Time: 1340177956.424284000 seconds [Time delta from previous captured frame: 0.000130000 seconds] [Time delta from previous displayed frame: 0.269763000 seconds] [Time since reference or first frame: 48.402498000 seconds] Frame Number: 4599 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2844 (10308) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd38b [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: udrawgraph (2542) Destination port: http (80) [Stream index: 47] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xb43c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #4598(225), #4599(237)] [Frame: 4598, payload: 0-224 (225 bytes)] [Frame: 4599, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4650 2012-06-20 08:39:16.962154 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4650: 1013 bytes on wire (8104 bits), 1013 bytes captured (8104 bits) Arrival Time: Jun 20, 2012 08:39:16.962154000 GMT Daylight Time Epoch Time: 1340177956.962154000 seconds [Time delta from previous captured frame: 0.000014000 seconds] [Time delta from previous displayed frame: 0.537870000 seconds] [Time since reference or first frame: 48.940368000 seconds] Frame Number: 4650 Frame Length: 1013 bytes (8104 bits) Capture Length: 1013 bytes (8104 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 999 Identification: 0x0a92 (2706) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x3a6c [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: udrawgraph (2542), Seq: 34946, Ack: 463, Len: 959 Source port: http (80) Destination port: udrawgraph (2542) [Stream index: 47] Sequence number: 34946 (relative sequence number) [Next sequence number: 35905 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x3bd9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 959] TCP segment data (959 bytes) [27 Reassembled TCP Segments (35904 bytes): #4609(1380), #4610(1380), #4612(1380), #4613(1380), #4615(1380), #4616(1380), #4618(445), #4620(1380), #4622(1380), #4623(1380), #4625(1380), #4626(1380), #4628(1380), #4629(1380), #4631(1380), #4] [Frame: 4609, payload: 0-1379 (1380 bytes)] [Frame: 4610, payload: 1380-2759 (1380 bytes)] [Frame: 4612, payload: 2760-4139 (1380 bytes)] [Frame: 4613, payload: 4140-5519 (1380 bytes)] [Frame: 4615, payload: 5520-6899 (1380 bytes)] [Frame: 4616, payload: 6900-8279 (1380 bytes)] [Frame: 4618, payload: 8280-8724 (445 bytes)] [Frame: 4620, payload: 8725-10104 (1380 bytes)] [Frame: 4622, payload: 10105-11484 (1380 bytes)] [Frame: 4623, payload: 11485-12864 (1380 bytes)] [Frame: 4625, payload: 12865-14244 (1380 bytes)] [Frame: 4626, payload: 14245-15624 (1380 bytes)] [Frame: 4628, payload: 15625-17004 (1380 bytes)] [Frame: 4629, payload: 17005-18384 (1380 bytes)] [Frame: 4631, payload: 18385-19764 (1380 bytes)] [Frame: 4632, payload: 19765-21144 (1380 bytes)] [Frame: 4634, payload: 21145-22524 (1380 bytes)] [Frame: 4635, payload: 22525-23904 (1380 bytes)] [Frame: 4637, payload: 23905-25284 (1380 bytes)] [Frame: 4639, payload: 25285-26664 (1380 bytes)] [Frame: 4641, payload: 26665-28044 (1380 bytes)] [Frame: 4642, payload: 28045-29424 (1380 bytes)] [Frame: 4644, payload: 29425-30804 (1380 bytes)] [Frame: 4645, payload: 30805-32184 (1380 bytes)] [Frame: 4647, payload: 32185-33564 (1380 bytes)] [Frame: 4648, payload: 33565-34944 (1380 bytes)] [Frame: 4650, payload: 34945-35903 (959 bytes)] [Segment count: 27] [Reassembled TCP length: 35904] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:57 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 35564\r\n [Content length: 35564] Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:57 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7094 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4652 2012-06-20 08:39:16.962552 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 4652: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:16.962552000 GMT Daylight Time Epoch Time: 1340177956.962552000 seconds [Time delta from previous captured frame: 0.000102000 seconds] [Time delta from previous displayed frame: 0.000398000 seconds] [Time since reference or first frame: 48.940766000 seconds] Frame Number: 4652 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2853 (10323) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd37c [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 662, Ack: 35905, Len: 237 Source port: udrawgraph (2542) Destination port: http (80) [Stream index: 47] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 35905 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x264b [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #4651(199), #4652(237)] [Frame: 4651, payload: 0-198 (199 bytes)] [Frame: 4652, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4702 2012-06-20 08:39:17.434443 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4702: 741 bytes on wire (5928 bits), 741 bytes captured (5928 bits) Arrival Time: Jun 20, 2012 08:39:17.434443000 GMT Daylight Time Epoch Time: 1340177957.434443000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.471891000 seconds] [Time since reference or first frame: 49.412657000 seconds] Frame Number: 4702 Frame Length: 741 bytes (5928 bits) Capture Length: 741 bytes (5928 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 727 Identification: 0x0ab1 (2737) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x3b5d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: udrawgraph (2542), Seq: 71122, Ack: 899, Len: 687 Source port: http (80) Destination port: udrawgraph (2542) [Stream index: 47] Sequence number: 71122 (relative sequence number) [Next sequence number: 71809 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x202c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 687] TCP segment data (687 bytes) [29 Reassembled TCP Segments (35904 bytes): #4659(1380), #4660(1380), #4662(1380), #4663(1380), #4665(1380), #4666(377), #4668(1380), #4669(1380), #4671(1380), #4672(1380), #4674(272), #4675(1380), #4677(68), #4679(1380), #4681(1380), #4682] [Frame: 4659, payload: 0-1379 (1380 bytes)] [Frame: 4660, payload: 1380-2759 (1380 bytes)] [Frame: 4662, payload: 2760-4139 (1380 bytes)] [Frame: 4663, payload: 4140-5519 (1380 bytes)] [Frame: 4665, payload: 5520-6899 (1380 bytes)] [Frame: 4666, payload: 6900-7276 (377 bytes)] [Frame: 4668, payload: 7277-8656 (1380 bytes)] [Frame: 4669, payload: 8657-10036 (1380 bytes)] [Frame: 4671, payload: 10037-11416 (1380 bytes)] [Frame: 4672, payload: 11417-12796 (1380 bytes)] [Frame: 4674, payload: 12797-13068 (272 bytes)] [Frame: 4675, payload: 13069-14448 (1380 bytes)] [Frame: 4677, payload: 14449-14516 (68 bytes)] [Frame: 4679, payload: 14517-15896 (1380 bytes)] [Frame: 4681, payload: 15897-17276 (1380 bytes)] [Frame: 4682, payload: 17277-18656 (1380 bytes)] [Frame: 4684, payload: 18657-20036 (1380 bytes)] [Frame: 4685, payload: 20037-21416 (1380 bytes)] [Frame: 4687, payload: 21417-22796 (1380 bytes)] [Frame: 4688, payload: 22797-24176 (1380 bytes)] [Frame: 4690, payload: 24177-25556 (1380 bytes)] [Frame: 4691, payload: 25557-26936 (1380 bytes)] [Frame: 4693, payload: 26937-28316 (1380 bytes)] [Frame: 4694, payload: 28317-29696 (1380 bytes)] [Frame: 4696, payload: 29697-31076 (1380 bytes)] [Frame: 4697, payload: 31077-32456 (1380 bytes)] [Frame: 4699, payload: 32457-33836 (1380 bytes)] [Frame: 4700, payload: 33837-35216 (1380 bytes)] [Frame: 4702, payload: 35217-35903 (687 bytes)] [Segment count: 29] [Reassembled TCP length: 35904] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:58 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 35564\r\n [Content length: 35564] Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:58 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7094 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4704 2012-06-20 08:39:17.434788 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 4704: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:17.434788000 GMT Daylight Time Epoch Time: 1340177957.434788000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000345000 seconds] [Time since reference or first frame: 49.413002000 seconds] Frame Number: 4704 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2863 (10339) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd36c [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 1098, Ack: 71809, Len: 237 Source port: udrawgraph (2542) Destination port: http (80) [Stream index: 47] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 71809 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x9855 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #4703(199), #4704(237)] [Frame: 4703, payload: 0-198 (199 bytes)] [Frame: 4704, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4754 2012-06-20 08:39:17.845530 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4754: 1373 bytes on wire (10984 bits), 1373 bytes captured (10984 bits) Arrival Time: Jun 20, 2012 08:39:17.845530000 GMT Daylight Time Epoch Time: 1340177957.845530000 seconds [Time delta from previous captured frame: 0.000084000 seconds] [Time delta from previous displayed frame: 0.410742000 seconds] [Time since reference or first frame: 49.823744000 seconds] Frame Number: 4754 Frame Length: 1373 bytes (10984 bits) Capture Length: 1373 bytes (10984 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1359 Identification: 0x0ad0 (2768) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x38c6 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: udrawgraph (2542), Seq: 106394, Ack: 1335, Len: 1319 Source port: http (80) Destination port: udrawgraph (2542) [Stream index: 47] Sequence number: 106394 (relative sequence number) [Next sequence number: 107713 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x622c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1319] TCP segment data (1319 bytes) [29 Reassembled TCP Segments (35904 bytes): #4711(1380), #4712(1380), #4714(173), #4715(1380), #4717(1380), #4718(1380), #4720(1380), #4721(1380), #4723(1380), #4724(1380), #4726(476), #4727(1380), #4729(1380), #4730(136), #4732(1380), #473] [Frame: 4711, payload: 0-1379 (1380 bytes)] [Frame: 4712, payload: 1380-2759 (1380 bytes)] [Frame: 4714, payload: 2760-2932 (173 bytes)] [Frame: 4715, payload: 2933-4312 (1380 bytes)] [Frame: 4717, payload: 4313-5692 (1380 bytes)] [Frame: 4718, payload: 5693-7072 (1380 bytes)] [Frame: 4720, payload: 7073-8452 (1380 bytes)] [Frame: 4721, payload: 8453-9832 (1380 bytes)] [Frame: 4723, payload: 9833-11212 (1380 bytes)] [Frame: 4724, payload: 11213-12592 (1380 bytes)] [Frame: 4726, payload: 12593-13068 (476 bytes)] [Frame: 4727, payload: 13069-14448 (1380 bytes)] [Frame: 4729, payload: 14449-15828 (1380 bytes)] [Frame: 4730, payload: 15829-15964 (136 bytes)] [Frame: 4732, payload: 15965-17344 (1380 bytes)] [Frame: 4733, payload: 17345-18724 (1380 bytes)] [Frame: 4735, payload: 18725-20104 (1380 bytes)] [Frame: 4736, payload: 20105-21484 (1380 bytes)] [Frame: 4738, payload: 21485-22864 (1380 bytes)] [Frame: 4739, payload: 22865-24244 (1380 bytes)] [Frame: 4741, payload: 24245-25624 (1380 bytes)] [Frame: 4742, payload: 25625-27004 (1380 bytes)] [Frame: 4744, payload: 27005-28384 (1380 bytes)] [Frame: 4745, payload: 28385-29764 (1380 bytes)] [Frame: 4747, payload: 29765-30444 (680 bytes)] [Frame: 4749, payload: 30445-31824 (1380 bytes)] [Frame: 4751, payload: 31825-33204 (1380 bytes)] [Frame: 4752, payload: 33205-34584 (1380 bytes)] [Frame: 4754, payload: 34585-35903 (1319 bytes)] [Segment count: 29] [Reassembled TCP length: 35904] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:58 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 35564\r\n [Content length: 35564] Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:58 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7094 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 270 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4755 2012-06-20 08:39:17.845874 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1 Frame 4755: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:17.845874000 GMT Daylight Time Epoch Time: 1340177957.845874000 seconds [Time delta from previous captured frame: 0.000344000 seconds] [Time delta from previous displayed frame: 0.000344000 seconds] [Time since reference or first frame: 49.824088000 seconds] Frame Number: 4755 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2872 (10354) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd3c5 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 1335, Ack: 107713, Len: 133 Source port: udrawgraph (2542) Destination port: http (80) [Stream index: 47] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 107713 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0x38bc [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4754] [The RTT to ACK the segment was: 0.000344000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0100.jpg?w=270&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400] No. Time Source Destination Protocol Info 4771 2012-06-20 08:39:18.115729 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 4771: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:18.115729000 GMT Daylight Time Epoch Time: 1340177958.115729000 seconds [Time delta from previous captured frame: 0.000128000 seconds] [Time delta from previous displayed frame: 0.269855000 seconds] [Time since reference or first frame: 50.093943000 seconds] Frame Number: 4771 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x287a (10362) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd355 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: reftek (2543) Destination port: http (80) [Stream index: 48] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x646f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #4770(225), #4771(237)] [Frame: 4770, payload: 0-224 (225 bytes)] [Frame: 4771, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4840 2012-06-20 08:39:18.688221 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4840: 281 bytes on wire (2248 bits), 281 bytes captured (2248 bits) Arrival Time: Jun 20, 2012 08:39:18.688221000 GMT Daylight Time Epoch Time: 1340177958.688221000 seconds [Time delta from previous captured frame: 0.000062000 seconds] [Time delta from previous displayed frame: 0.572492000 seconds] [Time since reference or first frame: 50.666435000 seconds] Frame Number: 4840 Frame Length: 281 bytes (2248 bits) Capture Length: 281 bytes (2248 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 267 Identification: 0x7e5b (32347) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xc97e [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: reftek (2543), Seq: 52954, Ack: 463, Len: 227 Source port: http (80) Destination port: reftek (2543) [Stream index: 48] Sequence number: 52954 (relative sequence number) [Next sequence number: 53181 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xf412 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1607] TCP segment data (227 bytes) [40 Reassembled TCP Segments (53180 bytes): #4778(1380), #4779(1380), #4781(1380), #4782(1380), #4784(1380), #4785(1380), #4787(1380), #4788(513), #4790(1380), #4791(1380), #4796(1380), #4797(1380), #4799(1380), #4800(1380), #4802(1380), #4] [Frame: 4778, payload: 0-1379 (1380 bytes)] [Frame: 4779, payload: 1380-2759 (1380 bytes)] [Frame: 4781, payload: 2760-4139 (1380 bytes)] [Frame: 4782, payload: 4140-5519 (1380 bytes)] [Frame: 4784, payload: 5520-6899 (1380 bytes)] [Frame: 4785, payload: 6900-8279 (1380 bytes)] [Frame: 4787, payload: 8280-9659 (1380 bytes)] [Frame: 4788, payload: 9660-10172 (513 bytes)] [Frame: 4790, payload: 10173-11552 (1380 bytes)] [Frame: 4791, payload: 11553-12932 (1380 bytes)] [Frame: 4796, payload: 12933-14312 (1380 bytes)] [Frame: 4797, payload: 14313-15692 (1380 bytes)] [Frame: 4799, payload: 15693-17072 (1380 bytes)] [Frame: 4800, payload: 17073-18452 (1380 bytes)] [Frame: 4802, payload: 18453-19832 (1380 bytes)] [Frame: 4803, payload: 19833-21212 (1380 bytes)] [Frame: 4805, payload: 21213-22592 (1380 bytes)] [Frame: 4806, payload: 22593-23972 (1380 bytes)] [Frame: 4808, payload: 23973-25352 (1380 bytes)] [Frame: 4809, payload: 25353-26732 (1380 bytes)] [Frame: 4811, payload: 26733-28112 (1380 bytes)] [Frame: 4812, payload: 28113-29492 (1380 bytes)] [Frame: 4814, payload: 29493-30872 (1380 bytes)] [Frame: 4815, payload: 30873-32252 (1380 bytes)] [Frame: 4817, payload: 32253-33632 (1380 bytes)] [Frame: 4819, payload: 33633-35012 (1380 bytes)] [Frame: 4821, payload: 35013-36392 (1380 bytes)] [Frame: 4822, payload: 36393-37772 (1380 bytes)] [Frame: 4824, payload: 37773-39152 (1380 bytes)] [Frame: 4825, payload: 39153-40532 (1380 bytes)] [Frame: 4827, payload: 40533-41912 (1380 bytes)] [Frame: 4828, payload: 41913-43292 (1380 bytes)] [Frame: 4830, payload: 43293-44672 (1380 bytes)] [Frame: 4831, payload: 44673-46052 (1380 bytes)] [Frame: 4833, payload: 46053-47432 (1380 bytes)] [Frame: 4834, payload: 47433-48812 (1380 bytes)] [Frame: 4836, payload: 48813-50192 (1380 bytes)] [Frame: 4837, payload: 50193-51572 (1380 bytes)] [Frame: 4839, payload: 51573-52952 (1380 bytes)] [Frame: 4840, payload: 52953-53179 (227 bytes)] [Segment count: 40] [Reassembled TCP length: 53180] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:40:59 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 52840\r\n [Content length: 52840] Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n Expires: Thu, 20 Jun 2013 07:40:59 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 70\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10026 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 379 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4843 2012-06-20 08:39:18.688587 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 4843: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:18.688587000 GMT Daylight Time Epoch Time: 1340177958.688587000 seconds [Time delta from previous captured frame: 0.000103000 seconds] [Time delta from previous displayed frame: 0.000366000 seconds] [Time since reference or first frame: 50.666801000 seconds] Frame Number: 4843 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2890 (10384) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd33f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 662, Ack: 53181, Len: 237 Source port: reftek (2543) Destination port: http (80) [Stream index: 48] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 53181 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x92fe [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #4842(199), #4843(237)] [Frame: 4842, payload: 0-198 (199 bytes)] [Frame: 4843, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4906 2012-06-20 08:39:19.136230 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4906: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits) Arrival Time: Jun 20, 2012 08:39:19.136230000 GMT Daylight Time Epoch Time: 1340177959.136230000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.447643000 seconds] [Time since reference or first frame: 51.114444000 seconds] Frame Number: 4906 Frame Length: 777 bytes (6216 bits) Capture Length: 777 bytes (6216 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 763 Identification: 0x7e85 (32389) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xc764 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: reftek (2543), Seq: 105638, Ack: 899, Len: 723 Source port: http (80) Destination port: reftek (2543) [Stream index: 48] Sequence number: 105638 (relative sequence number) [Next sequence number: 106361 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x7416 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2103] TCP segment data (723 bytes) [40 Reassembled TCP Segments (53180 bytes): #4847(1380), #4848(1380), #4850(1380), #4851(1380), #4853(1380), #4854(1380), #4856(1380), #4857(1380), #4859(1380), #4860(1380), #4862(717), #4863(1380), #4865(1380), #4866(1380), #4868(1380), #4] [Frame: 4847, payload: 0-1379 (1380 bytes)] [Frame: 4848, payload: 1380-2759 (1380 bytes)] [Frame: 4850, payload: 2760-4139 (1380 bytes)] [Frame: 4851, payload: 4140-5519 (1380 bytes)] [Frame: 4853, payload: 5520-6899 (1380 bytes)] [Frame: 4854, payload: 6900-8279 (1380 bytes)] [Frame: 4856, payload: 8280-9659 (1380 bytes)] [Frame: 4857, payload: 9660-11039 (1380 bytes)] [Frame: 4859, payload: 11040-12419 (1380 bytes)] [Frame: 4860, payload: 12420-13799 (1380 bytes)] [Frame: 4862, payload: 13800-14516 (717 bytes)] [Frame: 4863, payload: 14517-15896 (1380 bytes)] [Frame: 4865, payload: 15897-17276 (1380 bytes)] [Frame: 4866, payload: 17277-18656 (1380 bytes)] [Frame: 4868, payload: 18657-20036 (1380 bytes)] [Frame: 4869, payload: 20037-21416 (1380 bytes)] [Frame: 4871, payload: 21417-22796 (1380 bytes)] [Frame: 4872, payload: 22797-24176 (1380 bytes)] [Frame: 4874, payload: 24177-25556 (1380 bytes)] [Frame: 4875, payload: 25557-26936 (1380 bytes)] [Frame: 4877, payload: 26937-28316 (1380 bytes)] [Frame: 4878, payload: 28317-28996 (680 bytes)] [Frame: 4881, payload: 28997-30376 (1380 bytes)] [Frame: 4882, payload: 30377-31756 (1380 bytes)] [Frame: 4884, payload: 31757-33136 (1380 bytes)] [Frame: 4885, payload: 33137-34516 (1380 bytes)] [Frame: 4887, payload: 34517-35896 (1380 bytes)] [Frame: 4888, payload: 35897-37276 (1380 bytes)] [Frame: 4890, payload: 37277-38656 (1380 bytes)] [Frame: 4891, payload: 38657-40036 (1380 bytes)] [Frame: 4893, payload: 40037-41416 (1380 bytes)] [Frame: 4894, payload: 41417-42796 (1380 bytes)] [Frame: 4896, payload: 42797-44176 (1380 bytes)] [Frame: 4897, payload: 44177-45556 (1380 bytes)] [Frame: 4899, payload: 45557-46936 (1380 bytes)] [Frame: 4900, payload: 46937-48316 (1380 bytes)] [Frame: 4902, payload: 48317-49696 (1380 bytes)] [Frame: 4903, payload: 49697-51076 (1380 bytes)] [Frame: 4905, payload: 51077-52456 (1380 bytes)] [Frame: 4906, payload: 52457-53179 (723 bytes)] [Segment count: 40] [Reassembled TCP length: 53180] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:00 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 52840\r\n [Content length: 52840] Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:00 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 70\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10026 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 379 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4909 2012-06-20 08:39:19.136533 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 4909: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:19.136533000 GMT Daylight Time Epoch Time: 1340177959.136533000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000303000 seconds] [Time since reference or first frame: 51.114747000 seconds] Frame Number: 4909 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x28a6 (10406) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd329 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 1098, Ack: 106361, Len: 237 Source port: reftek (2543) Destination port: http (80) [Stream index: 48] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 106361 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc18d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #4908(199), #4909(237)] [Frame: 4908, payload: 0-198 (199 bytes)] [Frame: 4909, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 4977 2012-06-20 08:39:19.558417 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 4977: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits) Arrival Time: Jun 20, 2012 08:39:19.558417000 GMT Daylight Time Epoch Time: 1340177959.558417000 seconds [Time delta from previous captured frame: 0.000020000 seconds] [Time delta from previous displayed frame: 0.421884000 seconds] [Time since reference or first frame: 51.536631000 seconds] Frame Number: 4977 Frame Length: 777 bytes (6216 bits) Capture Length: 777 bytes (6216 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 763 Identification: 0x7eb1 (32433) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xc738 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: reftek (2543), Seq: 158818, Ack: 1335, Len: 723 Source port: http (80) Destination port: reftek (2543) [Stream index: 48] Sequence number: 158818 (relative sequence number) [Next sequence number: 159541 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xa2a0 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2103] TCP segment data (723 bytes) [42 Reassembled TCP Segments (53180 bytes): #4915(1380), #4916(1380), #4918(1380), #4919(1380), #4921(1380), #4922(1380), #4924(445), #4925(1380), #4927(1380), #4928(1380), #4930(1380), #4931(272), #4933(1380), #4934(1380), #4936(1380), #49] [Frame: 4915, payload: 0-1379 (1380 bytes)] [Frame: 4916, payload: 1380-2759 (1380 bytes)] [Frame: 4918, payload: 2760-4139 (1380 bytes)] [Frame: 4919, payload: 4140-5519 (1380 bytes)] [Frame: 4921, payload: 5520-6899 (1380 bytes)] [Frame: 4922, payload: 6900-8279 (1380 bytes)] [Frame: 4924, payload: 8280-8724 (445 bytes)] [Frame: 4925, payload: 8725-10104 (1380 bytes)] [Frame: 4927, payload: 10105-11484 (1380 bytes)] [Frame: 4928, payload: 11485-12864 (1380 bytes)] [Frame: 4930, payload: 12865-14244 (1380 bytes)] [Frame: 4931, payload: 14245-14516 (272 bytes)] [Frame: 4933, payload: 14517-15896 (1380 bytes)] [Frame: 4934, payload: 15897-17276 (1380 bytes)] [Frame: 4936, payload: 17277-18656 (1380 bytes)] [Frame: 4937, payload: 18657-20036 (1380 bytes)] [Frame: 4939, payload: 20037-21416 (1380 bytes)] [Frame: 4940, payload: 21417-21756 (340 bytes)] [Frame: 4942, payload: 21757-23136 (1380 bytes)] [Frame: 4943, payload: 23137-24516 (1380 bytes)] [Frame: 4945, payload: 24517-25896 (1380 bytes)] [Frame: 4946, payload: 25897-27276 (1380 bytes)] [Frame: 4948, payload: 27277-28656 (1380 bytes)] [Frame: 4949, payload: 28657-28996 (340 bytes)] [Frame: 4952, payload: 28997-30376 (1380 bytes)] [Frame: 4953, payload: 30377-31756 (1380 bytes)] [Frame: 4955, payload: 31757-33136 (1380 bytes)] [Frame: 4956, payload: 33137-34516 (1380 bytes)] [Frame: 4958, payload: 34517-35896 (1380 bytes)] [Frame: 4959, payload: 35897-37276 (1380 bytes)] [Frame: 4961, payload: 37277-38656 (1380 bytes)] [Frame: 4962, payload: 38657-40036 (1380 bytes)] [Frame: 4964, payload: 40037-41416 (1380 bytes)] [Frame: 4965, payload: 41417-42796 (1380 bytes)] [Frame: 4967, payload: 42797-44176 (1380 bytes)] [Frame: 4968, payload: 44177-45556 (1380 bytes)] [Frame: 4970, payload: 45557-46936 (1380 bytes)] [Frame: 4971, payload: 46937-48316 (1380 bytes)] [Frame: 4973, payload: 48317-49696 (1380 bytes)] [Frame: 4974, payload: 49697-51076 (1380 bytes)] [Frame: 4976, payload: 51077-52456 (1380 bytes)] [Frame: 4977, payload: 52457-53179 (723 bytes)] [Segment count: 42] [Reassembled TCP length: 53180] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:00 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 52840\r\n [Content length: 52840] Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:00 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 70\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10026 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 379 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 4979 2012-06-20 08:39:19.558696 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1 Frame 4979: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:19.558696000 GMT Daylight Time Epoch Time: 1340177959.558696000 seconds [Time delta from previous captured frame: 0.000252000 seconds] [Time delta from previous displayed frame: 0.000279000 seconds] [Time since reference or first frame: 51.536910000 seconds] Frame Number: 4979 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x28bc (10428) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd37b [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 1335, Ack: 159541, Len: 133 Source port: reftek (2543) Destination port: http (80) [Stream index: 48] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 159541 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x1d69 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0112.jpg?w=379&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400] No. Time Source Destination Protocol Info 4992 2012-06-20 08:39:19.829004 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 4992: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:19.829004000 GMT Daylight Time Epoch Time: 1340177959.829004000 seconds [Time delta from previous captured frame: 0.000125000 seconds] [Time delta from previous displayed frame: 0.270308000 seconds] [Time since reference or first frame: 51.807218000 seconds] Frame Number: 4992 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x28c2 (10434) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd30d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: novell-zen (2544) Destination port: http (80) [Stream index: 49] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x48d0 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #4991(225), #4992(237)] [Frame: 4991, payload: 0-224 (225 bytes)] [Frame: 4992, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5089 2012-06-20 08:39:20.536813 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5089: 1295 bytes on wire (10360 bits), 1295 bytes captured (10360 bits) Arrival Time: Jun 20, 2012 08:39:20.536813000 GMT Daylight Time Epoch Time: 1340177960.536813000 seconds [Time delta from previous captured frame: 0.000038000 seconds] [Time delta from previous displayed frame: 0.707809000 seconds] [Time since reference or first frame: 52.515027000 seconds] Frame Number: 5089 Frame Length: 1295 bytes (10360 bits) Capture Length: 1295 bytes (10360 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1281 Identification: 0xec18 (60440) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x57cb [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: novell-zen (2544), Seq: 78970, Ack: 463, Len: 1241 Source port: http (80) Destination port: novell-zen (2544) [Stream index: 49] Sequence number: 78970 (relative sequence number) [Next sequence number: 80211 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xb217 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1241] TCP segment data (1241 bytes) [59 Reassembled TCP Segments (80210 bytes): #4998(1380), #4999(1380), #5001(1380), #5002(1380), #5004(309), #5005(1380), #5007(1380), #5008(1380), #5010(1380), #5011(1380), #5014(1380), #5015(1380), #5017(1380), #5018(1380), #5020(1380), #5] [Frame: 4998, payload: 0-1379 (1380 bytes)] [Frame: 4999, payload: 1380-2759 (1380 bytes)] [Frame: 5001, payload: 2760-4139 (1380 bytes)] [Frame: 5002, payload: 4140-5519 (1380 bytes)] [Frame: 5004, payload: 5520-5828 (309 bytes)] [Frame: 5005, payload: 5829-7208 (1380 bytes)] [Frame: 5007, payload: 7209-8588 (1380 bytes)] [Frame: 5008, payload: 8589-9968 (1380 bytes)] [Frame: 5010, payload: 9969-11348 (1380 bytes)] [Frame: 5011, payload: 11349-12728 (1380 bytes)] [Frame: 5014, payload: 12729-14108 (1380 bytes)] [Frame: 5015, payload: 14109-15488 (1380 bytes)] [Frame: 5017, payload: 15489-16868 (1380 bytes)] [Frame: 5018, payload: 16869-18248 (1380 bytes)] [Frame: 5020, payload: 18249-19628 (1380 bytes)] [Frame: 5021, payload: 19629-21008 (1380 bytes)] [Frame: 5023, payload: 21009-22388 (1380 bytes)] [Frame: 5024, payload: 22389-23768 (1380 bytes)] [Frame: 5026, payload: 23769-25148 (1380 bytes)] [Frame: 5027, payload: 25149-26528 (1380 bytes)] [Frame: 5029, payload: 26529-27908 (1380 bytes)] [Frame: 5030, payload: 27909-29288 (1380 bytes)] [Frame: 5033, payload: 29289-30668 (1380 bytes)] [Frame: 5034, payload: 30669-32048 (1380 bytes)] [Frame: 5036, payload: 32049-33428 (1380 bytes)] [Frame: 5037, payload: 33429-34808 (1380 bytes)] [Frame: 5039, payload: 34809-36188 (1380 bytes)] [Frame: 5040, payload: 36189-37568 (1380 bytes)] [Frame: 5042, payload: 37569-38948 (1380 bytes)] [Frame: 5043, payload: 38949-40328 (1380 bytes)] [Frame: 5045, payload: 40329-41708 (1380 bytes)] [Frame: 5046, payload: 41709-43088 (1380 bytes)] [Frame: 5048, payload: 43089-44468 (1380 bytes)] [Frame: 5049, payload: 44469-45848 (1380 bytes)] [Frame: 5051, payload: 45849-47228 (1380 bytes)] [Frame: 5052, payload: 47229-48608 (1380 bytes)] [Frame: 5054, payload: 48609-49988 (1380 bytes)] [Frame: 5055, payload: 49989-51368 (1380 bytes)] [Frame: 5057, payload: 51369-52748 (1380 bytes)] [Frame: 5058, payload: 52749-54128 (1380 bytes)] [Frame: 5062, payload: 54129-55508 (1380 bytes)] [Frame: 5063, payload: 55509-56888 (1380 bytes)] [Frame: 5065, payload: 56889-58268 (1380 bytes)] [Frame: 5066, payload: 58269-59648 (1380 bytes)] [Frame: 5068, payload: 59649-61028 (1380 bytes)] [Frame: 5069, payload: 61029-62408 (1380 bytes)] [Frame: 5071, payload: 62409-63788 (1380 bytes)] [Frame: 5072, payload: 63789-65168 (1380 bytes)] [Frame: 5074, payload: 65169-66548 (1380 bytes)] [Frame: 5075, payload: 66549-67928 (1380 bytes)] [Frame: 5077, payload: 67929-69308 (1380 bytes)] [Frame: 5078, payload: 69309-70688 (1380 bytes)] [Frame: 5080, payload: 70689-72068 (1380 bytes)] [Frame: 5081, payload: 72069-73448 (1380 bytes)] [Frame: 5083, payload: 73449-74828 (1380 bytes)] [Frame: 5084, payload: 74829-76208 (1380 bytes)] [Frame: 5086, payload: 76209-77588 (1380 bytes)] [Frame: 5087, payload: 77589-78968 (1380 bytes)] [Frame: 5089, payload: 78969-80209 (1241 bytes)] [Segment count: 59] [Reassembled TCP length: 80210] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:01 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 79869\r\n [Content length: 79869] Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:01 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6704 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5091 2012-06-20 08:39:20.537110 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 5091: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:20.537110000 GMT Daylight Time Epoch Time: 1340177960.537110000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.000297000 seconds] [Time since reference or first frame: 52.515324000 seconds] Frame Number: 5091 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x28e1 (10465) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd2ee [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 662, Ack: 80211, Len: 237 Source port: novell-zen (2544) Destination port: http (80) [Stream index: 49] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 80211 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0x0dce [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5090(199), #5091(237)] [Frame: 5090, payload: 0-198 (199 bytes)] [Frame: 5091, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5189 2012-06-20 08:39:21.023619 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5189: 207 bytes on wire (1656 bits), 207 bytes captured (1656 bits) Arrival Time: Jun 20, 2012 08:39:21.023619000 GMT Daylight Time Epoch Time: 1340177961.023619000 seconds [Time delta from previous captured frame: 0.000006000 seconds] [Time delta from previous displayed frame: 0.486509000 seconds] [Time since reference or first frame: 53.001833000 seconds] Frame Number: 5189 Frame Length: 207 bytes (1656 bits) Capture Length: 207 bytes (1656 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 193 Identification: 0xec57 (60503) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x5bcc [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: novell-zen (2544), Seq: 160268, Ack: 899, Len: 153 Source port: http (80) Destination port: novell-zen (2544) [Stream index: 49] Sequence number: 160268 (relative sequence number) [Next sequence number: 160421 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x2005 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 153] TCP segment data (153 bytes) [61 Reassembled TCP Segments (80210 bytes): #5098(1380), #5099(1380), #5101(1380), #5102(1380), #5104(1380), #5105(1380), #5107(1380), #5108(1380), #5110(1380), #5111(1380), #5113(717), #5114(1380), #5116(1380), #5117(1380), #5119(1380), #5] [Frame: 5098, payload: 0-1379 (1380 bytes)] [Frame: 5099, payload: 1380-2759 (1380 bytes)] [Frame: 5101, payload: 2760-4139 (1380 bytes)] [Frame: 5102, payload: 4140-5519 (1380 bytes)] [Frame: 5104, payload: 5520-6899 (1380 bytes)] [Frame: 5105, payload: 6900-8279 (1380 bytes)] [Frame: 5107, payload: 8280-9659 (1380 bytes)] [Frame: 5108, payload: 9660-11039 (1380 bytes)] [Frame: 5110, payload: 11040-12419 (1380 bytes)] [Frame: 5111, payload: 12420-13799 (1380 bytes)] [Frame: 5113, payload: 13800-14516 (717 bytes)] [Frame: 5114, payload: 14517-15896 (1380 bytes)] [Frame: 5116, payload: 15897-17276 (1380 bytes)] [Frame: 5117, payload: 17277-18656 (1380 bytes)] [Frame: 5119, payload: 18657-20036 (1380 bytes)] [Frame: 5120, payload: 20037-21416 (1380 bytes)] [Frame: 5122, payload: 21417-22796 (1380 bytes)] [Frame: 5123, payload: 22797-24176 (1380 bytes)] [Frame: 5125, payload: 24177-24652 (476 bytes)] [Frame: 5126, payload: 24653-26032 (1380 bytes)] [Frame: 5128, payload: 26033-27412 (1380 bytes)] [Frame: 5129, payload: 27413-28792 (1380 bytes)] [Frame: 5131, payload: 28793-28996 (204 bytes)] [Frame: 5132, payload: 28997-30376 (1380 bytes)] [Frame: 5134, payload: 30377-31756 (1380 bytes)] [Frame: 5135, payload: 31757-33136 (1380 bytes)] [Frame: 5137, payload: 33137-34516 (1380 bytes)] [Frame: 5138, payload: 34517-35896 (1380 bytes)] [Frame: 5140, payload: 35897-37276 (1380 bytes)] [Frame: 5141, payload: 37277-38656 (1380 bytes)] [Frame: 5144, payload: 38657-40036 (1380 bytes)] [Frame: 5145, payload: 40037-41416 (1380 bytes)] [Frame: 5147, payload: 41417-42796 (1380 bytes)] [Frame: 5148, payload: 42797-44176 (1380 bytes)] [Frame: 5150, payload: 44177-45556 (1380 bytes)] [Frame: 5151, payload: 45557-46936 (1380 bytes)] [Frame: 5153, payload: 46937-48316 (1380 bytes)] [Frame: 5154, payload: 48317-49696 (1380 bytes)] [Frame: 5156, payload: 49697-51076 (1380 bytes)] [Frame: 5157, payload: 51077-52456 (1380 bytes)] [Frame: 5159, payload: 52457-53836 (1380 bytes)] [Frame: 5160, payload: 53837-55216 (1380 bytes)] [Frame: 5162, payload: 55217-56596 (1380 bytes)] [Frame: 5163, payload: 56597-57976 (1380 bytes)] [Frame: 5165, payload: 57977-59356 (1380 bytes)] [Frame: 5166, payload: 59357-60736 (1380 bytes)] [Frame: 5168, payload: 60737-62116 (1380 bytes)] [Frame: 5169, payload: 62117-63496 (1380 bytes)] [Frame: 5171, payload: 63497-64876 (1380 bytes)] [Frame: 5172, payload: 64877-66256 (1380 bytes)] [Frame: 5174, payload: 66257-67636 (1380 bytes)] [Frame: 5175, payload: 67637-69016 (1380 bytes)] [Frame: 5177, payload: 69017-70396 (1380 bytes)] [Frame: 5178, payload: 70397-71776 (1380 bytes)] [Frame: 5180, payload: 71777-73156 (1380 bytes)] [Frame: 5181, payload: 73157-74536 (1380 bytes)] [Frame: 5183, payload: 74537-75916 (1380 bytes)] [Frame: 5184, payload: 75917-77296 (1380 bytes)] [Frame: 5186, payload: 77297-78676 (1380 bytes)] [Frame: 5187, payload: 78677-80056 (1380 bytes)] [Frame: 5189, payload: 80057-80209 (153 bytes)] [Segment count: 61] [Reassembled TCP length: 80210] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:01 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 79869\r\n [Content length: 79869] Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:01 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6704 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5191 2012-06-20 08:39:21.023926 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 5191: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:21.023926000 GMT Daylight Time Epoch Time: 1340177961.023926000 seconds [Time delta from previous captured frame: 0.000045000 seconds] [Time delta from previous displayed frame: 0.000307000 seconds] [Time since reference or first frame: 53.002140000 seconds] Frame Number: 5191 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2901 (10497) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd2ce [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 1098, Ack: 160421, Len: 237 Source port: novell-zen (2544) Destination port: http (80) [Stream index: 49] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 160421 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xd2c1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5190(199), #5191(237)] [Frame: 5190, payload: 0-198 (199 bytes)] [Frame: 5191, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5288 2012-06-20 08:39:21.469116 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5288: 1179 bytes on wire (9432 bits), 1179 bytes captured (9432 bits) Arrival Time: Jun 20, 2012 08:39:21.469116000 GMT Daylight Time Epoch Time: 1340177961.469116000 seconds [Time delta from previous captured frame: 0.000110000 seconds] [Time delta from previous displayed frame: 0.445190000 seconds] [Time since reference or first frame: 53.447330000 seconds] Frame Number: 5288 Frame Length: 1179 bytes (9432 bits) Capture Length: 1179 bytes (9432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1165 Identification: 0xec97 (60567) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x57c0 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: novell-zen (2544), Seq: 239506, Ack: 1335, Len: 1125 Source port: http (80) Destination port: novell-zen (2544) [Stream index: 49] Sequence number: 239506 (relative sequence number) [Next sequence number: 240631 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x215d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2505] TCP segment data (1125 bytes) [62 Reassembled TCP Segments (80210 bytes): #5197(1380), #5198(1380), #5200(1380), #5201(1380), #5203(1380), #5204(1380), #5206(1380), #5207(513), #5209(1380), #5210(1380), #5212(1380), #5213(204), #5215(1380), #5216(68), #5218(1380), #5219] [Frame: 5197, payload: 0-1379 (1380 bytes)] [Frame: 5198, payload: 1380-2759 (1380 bytes)] [Frame: 5200, payload: 2760-4139 (1380 bytes)] [Frame: 5201, payload: 4140-5519 (1380 bytes)] [Frame: 5203, payload: 5520-6899 (1380 bytes)] [Frame: 5204, payload: 6900-8279 (1380 bytes)] [Frame: 5206, payload: 8280-9659 (1380 bytes)] [Frame: 5207, payload: 9660-10172 (513 bytes)] [Frame: 5209, payload: 10173-11552 (1380 bytes)] [Frame: 5210, payload: 11553-12932 (1380 bytes)] [Frame: 5212, payload: 12933-14312 (1380 bytes)] [Frame: 5213, payload: 14313-14516 (204 bytes)] [Frame: 5215, payload: 14517-15896 (1380 bytes)] [Frame: 5216, payload: 15897-15964 (68 bytes)] [Frame: 5218, payload: 15965-17344 (1380 bytes)] [Frame: 5219, payload: 17345-18724 (1380 bytes)] [Frame: 5221, payload: 18725-20104 (1380 bytes)] [Frame: 5222, payload: 20105-21484 (1380 bytes)] [Frame: 5224, payload: 21485-22864 (1380 bytes)] [Frame: 5225, payload: 22865-24244 (1380 bytes)] [Frame: 5227, payload: 24245-25624 (1380 bytes)] [Frame: 5228, payload: 25625-27004 (1380 bytes)] [Frame: 5230, payload: 27005-28384 (1380 bytes)] [Frame: 5231, payload: 28385-28996 (612 bytes)] [Frame: 5233, payload: 28997-30376 (1380 bytes)] [Frame: 5234, payload: 30377-31756 (1380 bytes)] [Frame: 5236, payload: 31757-33136 (1380 bytes)] [Frame: 5237, payload: 33137-34516 (1380 bytes)] [Frame: 5239, payload: 34517-35896 (1380 bytes)] [Frame: 5240, payload: 35897-37276 (1380 bytes)] [Frame: 5242, payload: 37277-37684 (408 bytes)] [Frame: 5243, payload: 37685-39064 (1380 bytes)] [Frame: 5245, payload: 39065-40444 (1380 bytes)] [Frame: 5246, payload: 40445-41824 (1380 bytes)] [Frame: 5248, payload: 41825-43204 (1380 bytes)] [Frame: 5249, payload: 43205-44584 (1380 bytes)] [Frame: 5251, payload: 44585-45964 (1380 bytes)] [Frame: 5252, payload: 45965-47344 (1380 bytes)] [Frame: 5254, payload: 47345-48724 (1380 bytes)] [Frame: 5255, payload: 48725-50104 (1380 bytes)] [Frame: 5257, payload: 50105-51484 (1380 bytes)] [Frame: 5258, payload: 51485-52864 (1380 bytes)] [Frame: 5260, payload: 52865-54244 (1380 bytes)] [Frame: 5261, payload: 54245-55624 (1380 bytes)] [Frame: 5263, payload: 55625-57004 (1380 bytes)] [Frame: 5264, payload: 57005-58384 (1380 bytes)] [Frame: 5266, payload: 58385-59764 (1380 bytes)] [Frame: 5267, payload: 59765-61144 (1380 bytes)] [Frame: 5269, payload: 61145-62524 (1380 bytes)] [Frame: 5270, payload: 62525-63904 (1380 bytes)] [Frame: 5272, payload: 63905-65284 (1380 bytes)] [Frame: 5273, payload: 65285-66664 (1380 bytes)] [Frame: 5275, payload: 66665-68044 (1380 bytes)] [Frame: 5276, payload: 68045-69424 (1380 bytes)] [Frame: 5278, payload: 69425-70804 (1380 bytes)] [Frame: 5279, payload: 70805-72184 (1380 bytes)] [Frame: 5281, payload: 72185-73564 (1380 bytes)] [Frame: 5282, payload: 73565-74944 (1380 bytes)] [Frame: 5284, payload: 74945-76324 (1380 bytes)] [Frame: 5285, payload: 76325-77704 (1380 bytes)] [Frame: 5287, payload: 77705-79084 (1380 bytes)] [Frame: 5288, payload: 79085-80209 (1125 bytes)] [Segment count: 62] [Reassembled TCP length: 80210] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:02 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 79869\r\n [Content length: 79869] Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:02 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 239\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6704 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 26 Remaining segment data (24 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5290 2012-06-20 08:39:21.469474 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1 Frame 5290: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:21.469474000 GMT Daylight Time Epoch Time: 1340177961.469474000 seconds [Time delta from previous captured frame: 0.000294000 seconds] [Time delta from previous displayed frame: 0.000358000 seconds] [Time since reference or first frame: 53.447688000 seconds] Frame Number: 5290 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2921 (10529) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd316 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 1335, Ack: 240631, Len: 133 Source port: novell-zen (2544) Destination port: http (80) [Stream index: 49] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 240631 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc806 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0110.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400] No. Time Source Destination Protocol Info 5300 2012-06-20 08:39:21.739001 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 5300: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:21.739001000 GMT Daylight Time Epoch Time: 1340177961.739001000 seconds [Time delta from previous captured frame: 0.000125000 seconds] [Time delta from previous displayed frame: 0.269527000 seconds] [Time since reference or first frame: 53.717215000 seconds] Frame Number: 5300 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2926 (10534) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd2a9 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: sis-emt (2545) Destination port: http (80) [Stream index: 51] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xf5ec [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #5299(225), #5300(237)] [Frame: 5299, payload: 0-224 (225 bytes)] [Frame: 5300, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5369 2012-06-20 08:39:22.303679 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5369: 95 bytes on wire (760 bits), 95 bytes captured (760 bits) Arrival Time: Jun 20, 2012 08:39:22.303679000 GMT Daylight Time Epoch Time: 1340177962.303679000 seconds [Time delta from previous captured frame: 0.000009000 seconds] [Time delta from previous displayed frame: 0.564678000 seconds] [Time since reference or first frame: 54.281893000 seconds] Frame Number: 5369 Frame Length: 95 bytes (760 bits) Capture Length: 95 bytes (760 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 81 Identification: 0x0212 (530) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x4682 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: sis-emt (2545), Seq: 54130, Ack: 463, Len: 41 Source port: http (80) Destination port: sis-emt (2545) [Stream index: 51] Sequence number: 54130 (relative sequence number) [Next sequence number: 54171 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x67a9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 41] TCP segment data (41 bytes) [41 Reassembled TCP Segments (54170 bytes): #5307(1380), #5308(1380), #5310(1380), #5311(1380), #5313(309), #5314(1380), #5316(1380), #5317(1380), #5319(1380), #5320(1380), #5324(1380), #5325(1380), #5327(1380), #5328(1380), #5330(1380), #5] [Frame: 5307, payload: 0-1379 (1380 bytes)] [Frame: 5308, payload: 1380-2759 (1380 bytes)] [Frame: 5310, payload: 2760-4139 (1380 bytes)] [Frame: 5311, payload: 4140-5519 (1380 bytes)] [Frame: 5313, payload: 5520-5828 (309 bytes)] [Frame: 5314, payload: 5829-7208 (1380 bytes)] [Frame: 5316, payload: 7209-8588 (1380 bytes)] [Frame: 5317, payload: 8589-9968 (1380 bytes)] [Frame: 5319, payload: 9969-11348 (1380 bytes)] [Frame: 5320, payload: 11349-12728 (1380 bytes)] [Frame: 5324, payload: 12729-14108 (1380 bytes)] [Frame: 5325, payload: 14109-15488 (1380 bytes)] [Frame: 5327, payload: 15489-16868 (1380 bytes)] [Frame: 5328, payload: 16869-18248 (1380 bytes)] [Frame: 5330, payload: 18249-19628 (1380 bytes)] [Frame: 5331, payload: 19629-21008 (1380 bytes)] [Frame: 5333, payload: 21009-22388 (1380 bytes)] [Frame: 5334, payload: 22389-23768 (1380 bytes)] [Frame: 5336, payload: 23769-25148 (1380 bytes)] [Frame: 5337, payload: 25149-26528 (1380 bytes)] [Frame: 5339, payload: 26529-27908 (1380 bytes)] [Frame: 5340, payload: 27909-29288 (1380 bytes)] [Frame: 5342, payload: 29289-30668 (1380 bytes)] [Frame: 5343, payload: 30669-32048 (1380 bytes)] [Frame: 5345, payload: 32049-33428 (1380 bytes)] [Frame: 5346, payload: 33429-34808 (1380 bytes)] [Frame: 5348, payload: 34809-36188 (1380 bytes)] [Frame: 5349, payload: 36189-37568 (1380 bytes)] [Frame: 5351, payload: 37569-38948 (1380 bytes)] [Frame: 5352, payload: 38949-40328 (1380 bytes)] [Frame: 5354, payload: 40329-41708 (1380 bytes)] [Frame: 5355, payload: 41709-43088 (1380 bytes)] [Frame: 5357, payload: 43089-44468 (1380 bytes)] [Frame: 5358, payload: 44469-45848 (1380 bytes)] [Frame: 5360, payload: 45849-47228 (1380 bytes)] [Frame: 5361, payload: 47229-48608 (1380 bytes)] [Frame: 5363, payload: 48609-49988 (1380 bytes)] [Frame: 5364, payload: 49989-51368 (1380 bytes)] [Frame: 5366, payload: 51369-52748 (1380 bytes)] [Frame: 5367, payload: 52749-54128 (1380 bytes)] [Frame: 5369, payload: 54129-54169 (41 bytes)] [Segment count: 41] [Reassembled TCP length: 54170] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:03 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 53829\r\n [Content length: 53829] Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:03 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 237\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10024 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 400 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5371 2012-06-20 08:39:22.304016 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 5371: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:22.304016000 GMT Daylight Time Epoch Time: 1340177962.304016000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000337000 seconds] [Time since reference or first frame: 54.282230000 seconds] Frame Number: 5371 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x293d (10557) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd292 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 662, Ack: 54171, Len: 237 Source port: sis-emt (2545) Destination port: http (80) [Stream index: 51] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 54171 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x209e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5370(199), #5371(237)] [Frame: 5370, payload: 0-198 (199 bytes)] [Frame: 5371, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5435 2012-06-20 08:39:22.733578 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5435: 795 bytes on wire (6360 bits), 795 bytes captured (6360 bits) Arrival Time: Jun 20, 2012 08:39:22.733578000 GMT Daylight Time Epoch Time: 1340177962.733578000 seconds [Time delta from previous captured frame: 0.000040000 seconds] [Time delta from previous displayed frame: 0.429562000 seconds] [Time since reference or first frame: 54.711792000 seconds] Frame Number: 5435 Frame Length: 795 bytes (6360 bits) Capture Length: 795 bytes (6360 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 781 Identification: 0x023d (573) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x439b [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: sis-emt (2545), Seq: 107600, Ack: 899, Len: 741 Source port: http (80) Destination port: sis-emt (2545) [Stream index: 51] Sequence number: 107600 (relative sequence number) [Next sequence number: 108341 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x2bcd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 741] TCP segment data (741 bytes) [41 Reassembled TCP Segments (54170 bytes): #5375(1380), #5376(1380), #5378(1380), #5379(1380), #5381(1380), #5382(1380), #5384(1380), #5385(1380), #5387(1380), #5388(1380), #5390(717), #5391(1380), #5393(1380), #5394(1380), #5396(1380), #5] [Frame: 5375, payload: 0-1379 (1380 bytes)] [Frame: 5376, payload: 1380-2759 (1380 bytes)] [Frame: 5378, payload: 2760-4139 (1380 bytes)] [Frame: 5379, payload: 4140-5519 (1380 bytes)] [Frame: 5381, payload: 5520-6899 (1380 bytes)] [Frame: 5382, payload: 6900-8279 (1380 bytes)] [Frame: 5384, payload: 8280-9659 (1380 bytes)] [Frame: 5385, payload: 9660-11039 (1380 bytes)] [Frame: 5387, payload: 11040-12419 (1380 bytes)] [Frame: 5388, payload: 12420-13799 (1380 bytes)] [Frame: 5390, payload: 13800-14516 (717 bytes)] [Frame: 5391, payload: 14517-15896 (1380 bytes)] [Frame: 5393, payload: 15897-17276 (1380 bytes)] [Frame: 5394, payload: 17277-18656 (1380 bytes)] [Frame: 5396, payload: 18657-20036 (1380 bytes)] [Frame: 5397, payload: 20037-20308 (272 bytes)] [Frame: 5399, payload: 20309-21688 (1380 bytes)] [Frame: 5400, payload: 21689-23068 (1380 bytes)] [Frame: 5402, payload: 23069-24448 (1380 bytes)] [Frame: 5403, payload: 24449-25828 (1380 bytes)] [Frame: 5405, payload: 25829-27208 (1380 bytes)] [Frame: 5406, payload: 27209-28588 (1380 bytes)] [Frame: 5408, payload: 28589-29968 (1380 bytes)] [Frame: 5409, payload: 29969-31348 (1380 bytes)] [Frame: 5411, payload: 31349-32728 (1380 bytes)] [Frame: 5412, payload: 32729-34108 (1380 bytes)] [Frame: 5414, payload: 34109-35488 (1380 bytes)] [Frame: 5415, payload: 35489-36868 (1380 bytes)] [Frame: 5417, payload: 36869-38248 (1380 bytes)] [Frame: 5418, payload: 38249-39628 (1380 bytes)] [Frame: 5420, payload: 39629-41008 (1380 bytes)] [Frame: 5421, payload: 41009-42388 (1380 bytes)] [Frame: 5423, payload: 42389-43768 (1380 bytes)] [Frame: 5424, payload: 43769-45148 (1380 bytes)] [Frame: 5426, payload: 45149-46528 (1380 bytes)] [Frame: 5427, payload: 46529-47908 (1380 bytes)] [Frame: 5429, payload: 47909-49288 (1380 bytes)] [Frame: 5430, payload: 49289-50668 (1380 bytes)] [Frame: 5432, payload: 50669-52048 (1380 bytes)] [Frame: 5433, payload: 52049-53428 (1380 bytes)] [Frame: 5435, payload: 53429-54169 (741 bytes)] [Segment count: 41] [Reassembled TCP length: 54170] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:03 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 53829\r\n [Content length: 53829] Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:03 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 237\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10024 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 400 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5437 2012-06-20 08:39:22.733884 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 5437: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:22.733884000 GMT Daylight Time Epoch Time: 1340177962.733884000 seconds [Time delta from previous captured frame: 0.000047000 seconds] [Time delta from previous displayed frame: 0.000306000 seconds] [Time since reference or first frame: 54.712098000 seconds] Frame Number: 5437 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2953 (10579) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd27c [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 1098, Ack: 108341, Len: 237 Source port: sis-emt (2545) Destination port: http (80) [Stream index: 51] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 108341 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x4b52 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5436(199), #5437(237)] [Frame: 5436, payload: 0-198 (199 bytes)] [Frame: 5437, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5506 2012-06-20 08:39:23.190326 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5506: 115 bytes on wire (920 bits), 115 bytes captured (920 bits) Arrival Time: Jun 20, 2012 08:39:23.190326000 GMT Daylight Time Epoch Time: 1340177963.190326000 seconds [Time delta from previous captured frame: 0.000018000 seconds] [Time delta from previous displayed frame: 0.456442000 seconds] [Time since reference or first frame: 55.168540000 seconds] Frame Number: 5506 Frame Length: 115 bytes (920 bits) Capture Length: 115 bytes (920 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 101 Identification: 0x026a (618) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x4616 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: sis-emt (2545), Seq: 162450, Ack: 1335, Len: 61 Source port: http (80) Destination port: sis-emt (2545) [Stream index: 51] Sequence number: 162450 (relative sequence number) [Next sequence number: 162511 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xd9f2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 61] TCP segment data (61 bytes) [43 Reassembled TCP Segments (54170 bytes): #5441(1380), #5442(1380), #5444(1380), #5445(1380), #5447(1380), #5448(1380), #5450(445), #5451(1380), #5453(1380), #5454(1380), #5456(204), #5457(1380), #5459(1380), #5460(1380), #5462(1380), #54] [Frame: 5441, payload: 0-1379 (1380 bytes)] [Frame: 5442, payload: 1380-2759 (1380 bytes)] [Frame: 5444, payload: 2760-4139 (1380 bytes)] [Frame: 5445, payload: 4140-5519 (1380 bytes)] [Frame: 5447, payload: 5520-6899 (1380 bytes)] [Frame: 5448, payload: 6900-8279 (1380 bytes)] [Frame: 5450, payload: 8280-8724 (445 bytes)] [Frame: 5451, payload: 8725-10104 (1380 bytes)] [Frame: 5453, payload: 10105-11484 (1380 bytes)] [Frame: 5454, payload: 11485-12864 (1380 bytes)] [Frame: 5456, payload: 12865-13068 (204 bytes)] [Frame: 5457, payload: 13069-14448 (1380 bytes)] [Frame: 5459, payload: 14449-15828 (1380 bytes)] [Frame: 5460, payload: 15829-17208 (1380 bytes)] [Frame: 5462, payload: 17209-18588 (1380 bytes)] [Frame: 5463, payload: 18589-19968 (1380 bytes)] [Frame: 5465, payload: 19969-21348 (1380 bytes)] [Frame: 5466, payload: 21349-22728 (1380 bytes)] [Frame: 5468, payload: 22729-24108 (1380 bytes)] [Frame: 5469, payload: 24109-25488 (1380 bytes)] [Frame: 5471, payload: 25489-26868 (1380 bytes)] [Frame: 5472, payload: 26869-27548 (680 bytes)] [Frame: 5474, payload: 27549-28928 (1380 bytes)] [Frame: 5475, payload: 28929-30308 (1380 bytes)] [Frame: 5477, payload: 30309-31688 (1380 bytes)] [Frame: 5478, payload: 31689-33068 (1380 bytes)] [Frame: 5480, payload: 33069-34448 (1380 bytes)] [Frame: 5481, payload: 34449-34788 (340 bytes)] [Frame: 5485, payload: 34789-36168 (1380 bytes)] [Frame: 5486, payload: 36169-37548 (1380 bytes)] [Frame: 5488, payload: 37549-38928 (1380 bytes)] [Frame: 5489, payload: 38929-40308 (1380 bytes)] [Frame: 5491, payload: 40309-41688 (1380 bytes)] [Frame: 5492, payload: 41689-43068 (1380 bytes)] [Frame: 5494, payload: 43069-44448 (1380 bytes)] [Frame: 5495, payload: 44449-45828 (1380 bytes)] [Frame: 5497, payload: 45829-47208 (1380 bytes)] [Frame: 5498, payload: 47209-48588 (1380 bytes)] [Frame: 5500, payload: 48589-49968 (1380 bytes)] [Frame: 5501, payload: 49969-51348 (1380 bytes)] [Frame: 5503, payload: 51349-52728 (1380 bytes)] [Frame: 5504, payload: 52729-54108 (1380 bytes)] [Frame: 5506, payload: 54109-54169 (61 bytes)] [Segment count: 43] [Reassembled TCP length: 54170] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:04 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 53829\r\n [Content length: 53829] Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:04 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 237\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 10024 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 400 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5507 2012-06-20 08:39:23.190557 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1 Frame 5507: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:23.190557000 GMT Daylight Time Epoch Time: 1340177963.190557000 seconds [Time delta from previous captured frame: 0.000231000 seconds] [Time delta from previous displayed frame: 0.000231000 seconds] [Time since reference or first frame: 55.168771000 seconds] Frame Number: 5507 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2969 (10601) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd2ce [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 1335, Ack: 162511, Len: 133 Source port: sis-emt (2545) Destination port: http (80) [Stream index: 51] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 162511 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xa252 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 5506] [The RTT to ACK the segment was: 0.000231000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0095.jpg?w=400&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400] No. Time Source Destination Protocol Info 5523 2012-06-20 08:39:23.461501 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 5523: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:23.461501000 GMT Daylight Time Epoch Time: 1340177963.461501000 seconds [Time delta from previous captured frame: 0.000133000 seconds] [Time delta from previous displayed frame: 0.270944000 seconds] [Time since reference or first frame: 55.439715000 seconds] Frame Number: 5523 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2971 (10609) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd25e [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: vytalvaultbrtp (2546) Destination port: http (80) [Stream index: 54] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xa818 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #5522(225), #5523(237)] [Frame: 5522, payload: 0-224 (225 bytes)] [Frame: 5523, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5594 2012-06-20 08:39:24.164089 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5594: 1194 bytes on wire (9552 bits), 1194 bytes captured (9552 bits) Arrival Time: Jun 20, 2012 08:39:24.164089000 GMT Daylight Time Epoch Time: 1340177964.164089000 seconds [Time delta from previous captured frame: 0.000102000 seconds] [Time delta from previous displayed frame: 0.702588000 seconds] [Time since reference or first frame: 56.142303000 seconds] Frame Number: 5594 Frame Length: 1194 bytes (9552 bits) Capture Length: 1194 bytes (9552 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1180 Identification: 0x4e48 (20040) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xf600 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultbrtp (2546), Seq: 57162, Ack: 463, Len: 1140 Source port: http (80) Destination port: vytalvaultbrtp (2546) [Stream index: 54] Sequence number: 57162 (relative sequence number) [Next sequence number: 58302 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xd735 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2520] TCP segment data (1140 bytes) [44 Reassembled TCP Segments (58301 bytes): #5528(1380), #5529(1380), #5531(1380), #5532(241), #5534(1380), #5535(1380), #5537(1380), #5538(1380), #5540(1380), #5541(340), #5543(1380), #5544(1380), #5546(1380), #5547(1380), #5549(1380), #55] [Frame: 5528, payload: 0-1379 (1380 bytes)] [Frame: 5529, payload: 1380-2759 (1380 bytes)] [Frame: 5531, payload: 2760-4139 (1380 bytes)] [Frame: 5532, payload: 4140-4380 (241 bytes)] [Frame: 5534, payload: 4381-5760 (1380 bytes)] [Frame: 5535, payload: 5761-7140 (1380 bytes)] [Frame: 5537, payload: 7141-8520 (1380 bytes)] [Frame: 5538, payload: 8521-9900 (1380 bytes)] [Frame: 5540, payload: 9901-11280 (1380 bytes)] [Frame: 5541, payload: 11281-11620 (340 bytes)] [Frame: 5543, payload: 11621-13000 (1380 bytes)] [Frame: 5544, payload: 13001-14380 (1380 bytes)] [Frame: 5546, payload: 14381-15760 (1380 bytes)] [Frame: 5547, payload: 15761-17140 (1380 bytes)] [Frame: 5549, payload: 17141-18520 (1380 bytes)] [Frame: 5550, payload: 18521-19900 (1380 bytes)] [Frame: 5552, payload: 19901-21280 (1380 bytes)] [Frame: 5553, payload: 21281-22660 (1380 bytes)] [Frame: 5555, payload: 22661-24040 (1380 bytes)] [Frame: 5556, payload: 24041-25420 (1380 bytes)] [Frame: 5558, payload: 25421-26800 (1380 bytes)] [Frame: 5559, payload: 26801-28180 (1380 bytes)] [Frame: 5562, payload: 28181-29560 (1380 bytes)] [Frame: 5563, payload: 29561-30940 (1380 bytes)] [Frame: 5565, payload: 30941-32320 (1380 bytes)] [Frame: 5566, payload: 32321-33700 (1380 bytes)] [Frame: 5568, payload: 33701-35080 (1380 bytes)] [Frame: 5569, payload: 35081-36460 (1380 bytes)] [Frame: 5571, payload: 36461-37840 (1380 bytes)] [Frame: 5572, payload: 37841-39220 (1380 bytes)] [Frame: 5574, payload: 39221-40600 (1380 bytes)] [Frame: 5575, payload: 40601-41980 (1380 bytes)] [Frame: 5577, payload: 41981-43360 (1380 bytes)] [Frame: 5578, payload: 43361-44740 (1380 bytes)] [Frame: 5580, payload: 44741-46120 (1380 bytes)] [Frame: 5581, payload: 46121-47500 (1380 bytes)] [Frame: 5583, payload: 47501-48880 (1380 bytes)] [Frame: 5584, payload: 48881-50260 (1380 bytes)] [Frame: 5586, payload: 50261-51640 (1380 bytes)] [Frame: 5587, payload: 51641-53020 (1380 bytes)] [Frame: 5590, payload: 53021-54400 (1380 bytes)] [Frame: 5591, payload: 54401-55780 (1380 bytes)] [Frame: 5593, payload: 55781-57160 (1380 bytes)] [Frame: 5594, payload: 57161-58300 (1140 bytes)] [Segment count: 44] [Reassembled TCP length: 58301] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:04 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57961\r\n [Content length: 57961] Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:04 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6507 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5597 2012-06-20 08:39:24.164484 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 5597: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:24.164484000 GMT Daylight Time Epoch Time: 1340177964.164484000 seconds [Time delta from previous captured frame: 0.000134000 seconds] [Time delta from previous displayed frame: 0.000395000 seconds] [Time since reference or first frame: 56.142698000 seconds] Frame Number: 5597 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2989 (10633) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd246 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 662, Ack: 58302, Len: 237 Source port: vytalvaultbrtp (2546) Destination port: http (80) [Stream index: 54] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 58302 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xc2a6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5596(199), #5597(237)] [Frame: 5596, payload: 0-198 (199 bytes)] [Frame: 5597, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5676 2012-06-20 08:39:24.605775 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5676: 1126 bytes on wire (9008 bits), 1126 bytes captured (9008 bits) Arrival Time: Jun 20, 2012 08:39:24.605775000 GMT Daylight Time Epoch Time: 1340177964.605775000 seconds [Time delta from previous captured frame: 0.000080000 seconds] [Time delta from previous displayed frame: 0.441291000 seconds] [Time since reference or first frame: 56.583989000 seconds] Frame Number: 5676 Frame Length: 1126 bytes (9008 bits) Capture Length: 1126 bytes (9008 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1112 Identification: 0x4e78 (20088) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xf614 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultbrtp (2546), Seq: 115531, Ack: 899, Len: 1072 Source port: http (80) Destination port: vytalvaultbrtp (2546) [Stream index: 54] Sequence number: 115531 (relative sequence number) [Next sequence number: 116603 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0xea85 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2452] TCP segment data (1072 bytes) [46 Reassembled TCP Segments (58301 bytes): #5606(1380), #5607(1380), #5609(1380), #5610(241), #5612(1380), #5613(68), #5615(1380), #5616(1380), #5618(1380), #5619(1380), #5621(272), #5622(1380), #5624(68), #5625(1380), #5627(1380), #5628(1] [Frame: 5606, payload: 0-1379 (1380 bytes)] [Frame: 5607, payload: 1380-2759 (1380 bytes)] [Frame: 5609, payload: 2760-4139 (1380 bytes)] [Frame: 5610, payload: 4140-4380 (241 bytes)] [Frame: 5612, payload: 4381-5760 (1380 bytes)] [Frame: 5613, payload: 5761-5828 (68 bytes)] [Frame: 5615, payload: 5829-7208 (1380 bytes)] [Frame: 5616, payload: 7209-8588 (1380 bytes)] [Frame: 5618, payload: 8589-9968 (1380 bytes)] [Frame: 5619, payload: 9969-11348 (1380 bytes)] [Frame: 5621, payload: 11349-11620 (272 bytes)] [Frame: 5622, payload: 11621-13000 (1380 bytes)] [Frame: 5624, payload: 13001-13068 (68 bytes)] [Frame: 5625, payload: 13069-14448 (1380 bytes)] [Frame: 5627, payload: 14449-15828 (1380 bytes)] [Frame: 5628, payload: 15829-17208 (1380 bytes)] [Frame: 5630, payload: 17209-18588 (1380 bytes)] [Frame: 5631, payload: 18589-19968 (1380 bytes)] [Frame: 5633, payload: 19969-21348 (1380 bytes)] [Frame: 5634, payload: 21349-22728 (1380 bytes)] [Frame: 5636, payload: 22729-24108 (1380 bytes)] [Frame: 5637, payload: 24109-25488 (1380 bytes)] [Frame: 5639, payload: 25489-26868 (1380 bytes)] [Frame: 5640, payload: 26869-28248 (1380 bytes)] [Frame: 5645, payload: 28249-29628 (1380 bytes)] [Frame: 5646, payload: 29629-31008 (1380 bytes)] [Frame: 5648, payload: 31009-32388 (1380 bytes)] [Frame: 5649, payload: 32389-33768 (1380 bytes)] [Frame: 5651, payload: 33769-35148 (1380 bytes)] [Frame: 5652, payload: 35149-36528 (1380 bytes)] [Frame: 5654, payload: 36529-37908 (1380 bytes)] [Frame: 5655, payload: 37909-39288 (1380 bytes)] [Frame: 5657, payload: 39289-40668 (1380 bytes)] [Frame: 5658, payload: 40669-42048 (1380 bytes)] [Frame: 5660, payload: 42049-43428 (1380 bytes)] [Frame: 5661, payload: 43429-44808 (1380 bytes)] [Frame: 5663, payload: 44809-46188 (1380 bytes)] [Frame: 5664, payload: 46189-47568 (1380 bytes)] [Frame: 5666, payload: 47569-48948 (1380 bytes)] [Frame: 5667, payload: 48949-50328 (1380 bytes)] [Frame: 5669, payload: 50329-51708 (1380 bytes)] [Frame: 5670, payload: 51709-53088 (1380 bytes)] [Frame: 5672, payload: 53089-54468 (1380 bytes)] [Frame: 5673, payload: 54469-55848 (1380 bytes)] [Frame: 5675, payload: 55849-57228 (1380 bytes)] [Frame: 5676, payload: 57229-58300 (1072 bytes)] [Segment count: 46] [Reassembled TCP length: 58301] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:05 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57961\r\n [Content length: 57961] Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:05 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6507 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5679 2012-06-20 08:39:24.606093 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 5679: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:24.606093000 GMT Daylight Time Epoch Time: 1340177964.606093000 seconds [Time delta from previous captured frame: 0.000041000 seconds] [Time delta from previous displayed frame: 0.000318000 seconds] [Time since reference or first frame: 56.584307000 seconds] Frame Number: 5679 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x29a2 (10658) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd22d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 1098, Ack: 116603, Len: 237 Source port: vytalvaultbrtp (2546) Destination port: http (80) [Stream index: 54] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 116603 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xdd34 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5678(199), #5679(237)] [Frame: 5678, payload: 0-198 (199 bytes)] [Frame: 5679, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] eXtensible Markup Language No. Time Source Destination Protocol Info 5752 2012-06-20 08:39:25.051574 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5752: 1350 bytes on wire (10800 bits), 1350 bytes captured (10800 bits) Arrival Time: Jun 20, 2012 08:39:25.051574000 GMT Daylight Time Epoch Time: 1340177965.051574000 seconds [Time delta from previous captured frame: 0.000117000 seconds] [Time delta from previous displayed frame: 0.445481000 seconds] [Time since reference or first frame: 57.029788000 seconds] Frame Number: 5752 Frame Length: 1350 bytes (10800 bits) Capture Length: 1350 bytes (10800 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1336 Identification: 0x4ea8 (20136) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xf504 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultbrtp (2546), Seq: 173608, Ack: 1335, Len: 1296 Source port: http (80) Destination port: vytalvaultbrtp (2546) [Stream index: 54] Sequence number: 173608 (relative sequence number) [Next sequence number: 174904 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xc0c8 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2676] TCP segment data (1296 bytes) [46 Reassembled TCP Segments (58301 bytes): #5684(1380), #5685(1380), #5687(1380), #5688(241), #5690(1380), #5691(1380), #5693(1380), #5694(1380), #5696(272), #5697(1380), #5699(1380), #5700(1380), #5702(1380), #5703(1380), #5705(340), #570] [Frame: 5684, payload: 0-1379 (1380 bytes)] [Frame: 5685, payload: 1380-2759 (1380 bytes)] [Frame: 5687, payload: 2760-4139 (1380 bytes)] [Frame: 5688, payload: 4140-4380 (241 bytes)] [Frame: 5690, payload: 4381-5760 (1380 bytes)] [Frame: 5691, payload: 5761-7140 (1380 bytes)] [Frame: 5693, payload: 7141-8520 (1380 bytes)] [Frame: 5694, payload: 8521-9900 (1380 bytes)] [Frame: 5696, payload: 9901-10172 (272 bytes)] [Frame: 5697, payload: 10173-11552 (1380 bytes)] [Frame: 5699, payload: 11553-12932 (1380 bytes)] [Frame: 5700, payload: 12933-14312 (1380 bytes)] [Frame: 5702, payload: 14313-15692 (1380 bytes)] [Frame: 5703, payload: 15693-17072 (1380 bytes)] [Frame: 5705, payload: 17073-17412 (340 bytes)] [Frame: 5706, payload: 17413-18792 (1380 bytes)] [Frame: 5708, payload: 18793-20172 (1380 bytes)] [Frame: 5709, payload: 20173-21552 (1380 bytes)] [Frame: 5711, payload: 21553-22932 (1380 bytes)] [Frame: 5712, payload: 22933-24312 (1380 bytes)] [Frame: 5714, payload: 24313-25692 (1380 bytes)] [Frame: 5715, payload: 25693-26100 (408 bytes)] [Frame: 5717, payload: 26101-27480 (1380 bytes)] [Frame: 5718, payload: 27481-28860 (1380 bytes)] [Frame: 5720, payload: 28861-30240 (1380 bytes)] [Frame: 5721, payload: 30241-31620 (1380 bytes)] [Frame: 5723, payload: 31621-33000 (1380 bytes)] [Frame: 5724, payload: 33001-34380 (1380 bytes)] [Frame: 5726, payload: 34381-35760 (1380 bytes)] [Frame: 5727, payload: 35761-37140 (1380 bytes)] [Frame: 5729, payload: 37141-37684 (544 bytes)] [Frame: 5731, payload: 37685-39064 (1380 bytes)] [Frame: 5733, payload: 39065-40444 (1380 bytes)] [Frame: 5734, payload: 40445-41824 (1380 bytes)] [Frame: 5736, payload: 41825-43204 (1380 bytes)] [Frame: 5737, payload: 43205-44584 (1380 bytes)] [Frame: 5739, payload: 44585-45964 (1380 bytes)] [Frame: 5740, payload: 45965-47344 (1380 bytes)] [Frame: 5742, payload: 47345-48724 (1380 bytes)] [Frame: 5743, payload: 48725-50104 (1380 bytes)] [Frame: 5745, payload: 50105-51484 (1380 bytes)] [Frame: 5746, payload: 51485-52864 (1380 bytes)] [Frame: 5748, payload: 52865-54244 (1380 bytes)] [Frame: 5749, payload: 54245-55624 (1380 bytes)] [Frame: 5751, payload: 55625-57004 (1380 bytes)] [Frame: 5752, payload: 57005-58300 (1296 bytes)] [Segment count: 46] [Reassembled TCP length: 58301] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:05 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57961\r\n [Content length: 57961] Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:05 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 81\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 6507 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 400 Samples per line: 648 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 28 Remaining segment data (26 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5754 2012-06-20 08:39:25.051895 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1 Frame 5754: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:25.051895000 GMT Daylight Time Epoch Time: 1340177965.051895000 seconds [Time delta from previous captured frame: 0.000229000 seconds] [Time delta from previous displayed frame: 0.000321000 seconds] [Time since reference or first frame: 57.030109000 seconds] Frame Number: 5754 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x29ba (10682) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd27d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 1335, Ack: 174904, Len: 133 Source port: vytalvaultbrtp (2546) Destination port: http (80) [Stream index: 54] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 174904 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x2807 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0118.jpg?w=648&h=400 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400] No. Time Source Destination Protocol Info 5773 2012-06-20 08:39:25.321690 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 5773: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:25.321690000 GMT Daylight Time Epoch Time: 1340177965.321690000 seconds [Time delta from previous captured frame: 0.000132000 seconds] [Time delta from previous displayed frame: 0.269795000 seconds] [Time since reference or first frame: 57.299904000 seconds] Frame Number: 5773 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x29c0 (10688) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd20f [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: vytalvaultvsmp (2547) Destination port: http (80) [Stream index: 56] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x40ae [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #5772(225), #5773(237)] [Frame: 5772, payload: 0-224 (225 bytes)] [Frame: 5773, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 5843 2012-06-20 08:39:26.026962 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5843: 794 bytes on wire (6352 bits), 794 bytes captured (6352 bits) Arrival Time: Jun 20, 2012 08:39:26.026962000 GMT Daylight Time Epoch Time: 1340177966.026962000 seconds [Time delta from previous captured frame: 0.000107000 seconds] [Time delta from previous displayed frame: 0.705272000 seconds] [Time since reference or first frame: 58.005176000 seconds] Frame Number: 5843 Frame Length: 794 bytes (6352 bits) Capture Length: 794 bytes (6352 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 780 Identification: 0x3787 (14215) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0e52 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultvsmp (2547), Seq: 57026, Ack: 463, Len: 740 Source port: http (80) Destination port: vytalvaultvsmp (2547) [Stream index: 56] Sequence number: 57026 (relative sequence number) [Next sequence number: 57766 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x14dc [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2120] TCP segment data (740 bytes) [44 Reassembled TCP Segments (57765 bytes): #5778(1380), #5779(105), #5781(1380), #5782(1380), #5784(1380), #5785(1380), #5787(1380), #5788(340), #5790(1380), #5791(1380), #5794(1380), #5795(1380), #5797(1380), #5798(1380), #5800(1380), #58] [Frame: 5778, payload: 0-1379 (1380 bytes)] [Frame: 5779, payload: 1380-1484 (105 bytes)] [Frame: 5781, payload: 1485-2864 (1380 bytes)] [Frame: 5782, payload: 2865-4244 (1380 bytes)] [Frame: 5784, payload: 4245-5624 (1380 bytes)] [Frame: 5785, payload: 5625-7004 (1380 bytes)] [Frame: 5787, payload: 7005-8384 (1380 bytes)] [Frame: 5788, payload: 8385-8724 (340 bytes)] [Frame: 5790, payload: 8725-10104 (1380 bytes)] [Frame: 5791, payload: 10105-11484 (1380 bytes)] [Frame: 5794, payload: 11485-12864 (1380 bytes)] [Frame: 5795, payload: 12865-14244 (1380 bytes)] [Frame: 5797, payload: 14245-15624 (1380 bytes)] [Frame: 5798, payload: 15625-17004 (1380 bytes)] [Frame: 5800, payload: 17005-18384 (1380 bytes)] [Frame: 5801, payload: 18385-19764 (1380 bytes)] [Frame: 5803, payload: 19765-21144 (1380 bytes)] [Frame: 5804, payload: 21145-22524 (1380 bytes)] [Frame: 5806, payload: 22525-23904 (1380 bytes)] [Frame: 5807, payload: 23905-25284 (1380 bytes)] [Frame: 5809, payload: 25285-26664 (1380 bytes)] [Frame: 5810, payload: 26665-28044 (1380 bytes)] [Frame: 5812, payload: 28045-29424 (1380 bytes)] [Frame: 5813, payload: 29425-30804 (1380 bytes)] [Frame: 5815, payload: 30805-32184 (1380 bytes)] [Frame: 5816, payload: 32185-33564 (1380 bytes)] [Frame: 5818, payload: 33565-34944 (1380 bytes)] [Frame: 5819, payload: 34945-36324 (1380 bytes)] [Frame: 5821, payload: 36325-37704 (1380 bytes)] [Frame: 5822, payload: 37705-39084 (1380 bytes)] [Frame: 5824, payload: 39085-40464 (1380 bytes)] [Frame: 5825, payload: 40465-41844 (1380 bytes)] [Frame: 5827, payload: 41845-43224 (1380 bytes)] [Frame: 5828, payload: 43225-44604 (1380 bytes)] [Frame: 5830, payload: 44605-45984 (1380 bytes)] [Frame: 5831, payload: 45985-47364 (1380 bytes)] [Frame: 5833, payload: 47365-48744 (1380 bytes)] [Frame: 5834, payload: 48745-50124 (1380 bytes)] [Frame: 5836, payload: 50125-51504 (1380 bytes)] [Frame: 5837, payload: 51505-52884 (1380 bytes)] [Frame: 5839, payload: 52885-54264 (1380 bytes)] [Frame: 5840, payload: 54265-55644 (1380 bytes)] [Frame: 5842, payload: 55645-57024 (1380 bytes)] [Frame: 5843, payload: 57025-57764 (740 bytes)] [Segment count: 44] [Reassembled TCP length: 57765] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:06 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57425\r\n [Content length: 57425] Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:06 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 79\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5969 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 458 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5846 2012-06-20 08:39:26.027333 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 5846: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:26.027333000 GMT Daylight Time Epoch Time: 1340177966.027333000 seconds [Time delta from previous captured frame: 0.000104000 seconds] [Time delta from previous displayed frame: 0.000371000 seconds] [Time since reference or first frame: 58.005547000 seconds] Frame Number: 5846 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x29d8 (10712) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd1f7 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 662, Ack: 57766, Len: 237 Source port: vytalvaultvsmp (2547) Destination port: http (80) [Stream index: 56] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 57766 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x5d54 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5845(199), #5846(237)] [Frame: 5845, payload: 0-198 (199 bytes)] [Frame: 5846, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 5922 2012-06-20 08:39:26.665891 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5922: 794 bytes on wire (6352 bits), 794 bytes captured (6352 bits) Arrival Time: Jun 20, 2012 08:39:26.665891000 GMT Daylight Time Epoch Time: 1340177966.665891000 seconds [Time delta from previous captured frame: 0.000026000 seconds] [Time delta from previous displayed frame: 0.638558000 seconds] [Time since reference or first frame: 58.644105000 seconds] Frame Number: 5922 Frame Length: 794 bytes (6352 bits) Capture Length: 794 bytes (6352 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 780 Identification: 0x37b5 (14261) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0e24 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultvsmp (2547), Seq: 114791, Ack: 899, Len: 740 Source port: http (80) Destination port: vytalvaultvsmp (2547) [Stream index: 56] Sequence number: 114791 (relative sequence number) [Next sequence number: 115531 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x317e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2120] TCP segment data (740 bytes) [44 Reassembled TCP Segments (57765 bytes): #5856(1380), #5857(105), #5859(1380), #5860(1380), #5862(1380), #5863(1380), #5865(1380), #5866(340), #5868(1380), #5869(1380), #5871(1380), #5872(1380), #5874(1380), #5875(1380), #5877(1380), #58] [Frame: 5856, payload: 0-1379 (1380 bytes)] [Frame: 5857, payload: 1380-1484 (105 bytes)] [Frame: 5859, payload: 1485-2864 (1380 bytes)] [Frame: 5860, payload: 2865-4244 (1380 bytes)] [Frame: 5862, payload: 4245-5624 (1380 bytes)] [Frame: 5863, payload: 5625-7004 (1380 bytes)] [Frame: 5865, payload: 7005-8384 (1380 bytes)] [Frame: 5866, payload: 8385-8724 (340 bytes)] [Frame: 5868, payload: 8725-10104 (1380 bytes)] [Frame: 5869, payload: 10105-11484 (1380 bytes)] [Frame: 5871, payload: 11485-12864 (1380 bytes)] [Frame: 5872, payload: 12865-14244 (1380 bytes)] [Frame: 5874, payload: 14245-15624 (1380 bytes)] [Frame: 5875, payload: 15625-17004 (1380 bytes)] [Frame: 5877, payload: 17005-18384 (1380 bytes)] [Frame: 5878, payload: 18385-19764 (1380 bytes)] [Frame: 5880, payload: 19765-21144 (1380 bytes)] [Frame: 5881, payload: 21145-22524 (1380 bytes)] [Frame: 5883, payload: 22525-23904 (1380 bytes)] [Frame: 5884, payload: 23905-25284 (1380 bytes)] [Frame: 5886, payload: 25285-26664 (1380 bytes)] [Frame: 5887, payload: 26665-28044 (1380 bytes)] [Frame: 5889, payload: 28045-29424 (1380 bytes)] [Frame: 5890, payload: 29425-30804 (1380 bytes)] [Frame: 5892, payload: 30805-32184 (1380 bytes)] [Frame: 5893, payload: 32185-33564 (1380 bytes)] [Frame: 5895, payload: 33565-34944 (1380 bytes)] [Frame: 5896, payload: 34945-36324 (1380 bytes)] [Frame: 5898, payload: 36325-37704 (1380 bytes)] [Frame: 5899, payload: 37705-39084 (1380 bytes)] [Frame: 5903, payload: 39085-40464 (1380 bytes)] [Frame: 5904, payload: 40465-41844 (1380 bytes)] [Frame: 5906, payload: 41845-43224 (1380 bytes)] [Frame: 5907, payload: 43225-44604 (1380 bytes)] [Frame: 5909, payload: 44605-45984 (1380 bytes)] [Frame: 5910, payload: 45985-47364 (1380 bytes)] [Frame: 5912, payload: 47365-48744 (1380 bytes)] [Frame: 5913, payload: 48745-50124 (1380 bytes)] [Frame: 5915, payload: 50125-51504 (1380 bytes)] [Frame: 5916, payload: 51505-52884 (1380 bytes)] [Frame: 5918, payload: 52885-54264 (1380 bytes)] [Frame: 5919, payload: 54265-55644 (1380 bytes)] [Frame: 5921, payload: 55645-57024 (1380 bytes)] [Frame: 5922, payload: 57025-57764 (740 bytes)] [Segment count: 44] [Reassembled TCP length: 57765] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:07 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57425\r\n [Content length: 57425] Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:07 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 79\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5969 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 458 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5925 2012-06-20 08:39:26.666319 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 5925: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:26.666319000 GMT Daylight Time Epoch Time: 1340177966.666319000 seconds [Time delta from previous captured frame: 0.000103000 seconds] [Time delta from previous displayed frame: 0.000428000 seconds] [Time since reference or first frame: 58.644533000 seconds] Frame Number: 5925 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x29f0 (10736) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd1df [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 1098, Ack: 115531, Len: 237 Source port: vytalvaultvsmp (2547) Destination port: http (80) [Stream index: 56] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 115531 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x79fa [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #5924(199), #5925(237)] [Frame: 5924, payload: 0-198 (199 bytes)] [Frame: 5925, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 5995 2012-06-20 08:39:27.111509 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 5995: 1222 bytes on wire (9776 bits), 1222 bytes captured (9776 bits) Arrival Time: Jun 20, 2012 08:39:27.111509000 GMT Daylight Time Epoch Time: 1340177967.111509000 seconds [Time delta from previous captured frame: 0.000078000 seconds] [Time delta from previous displayed frame: 0.445190000 seconds] [Time since reference or first frame: 59.089723000 seconds] Frame Number: 5995 Frame Length: 1222 bytes (9776 bits) Capture Length: 1222 bytes (9776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1208 Identification: 0x37e4 (14308) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x0c49 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultvsmp (2547), Seq: 172128, Ack: 1335, Len: 1168 Source port: http (80) Destination port: vytalvaultvsmp (2547) [Stream index: 56] Sequence number: 172128 (relative sequence number) [Next sequence number: 173296 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x6e0c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1168] TCP segment data (1168 bytes) [45 Reassembled TCP Segments (57765 bytes): #5928(1380), #5929(105), #5931(1380), #5932(1380), #5934(1380), #5935(1380), #5937(1380), #5938(1380), #5940(1380), #5941(1380), #5943(1380), #5944(612), #5946(1380), #5947(1380), #5949(1380), #59] [Frame: 5928, payload: 0-1379 (1380 bytes)] [Frame: 5929, payload: 1380-1484 (105 bytes)] [Frame: 5931, payload: 1485-2864 (1380 bytes)] [Frame: 5932, payload: 2865-4244 (1380 bytes)] [Frame: 5934, payload: 4245-5624 (1380 bytes)] [Frame: 5935, payload: 5625-7004 (1380 bytes)] [Frame: 5937, payload: 7005-8384 (1380 bytes)] [Frame: 5938, payload: 8385-9764 (1380 bytes)] [Frame: 5940, payload: 9765-11144 (1380 bytes)] [Frame: 5941, payload: 11145-12524 (1380 bytes)] [Frame: 5943, payload: 12525-13904 (1380 bytes)] [Frame: 5944, payload: 13905-14516 (612 bytes)] [Frame: 5946, payload: 14517-15896 (1380 bytes)] [Frame: 5947, payload: 15897-17276 (1380 bytes)] [Frame: 5949, payload: 17277-18656 (1380 bytes)] [Frame: 5950, payload: 18657-18860 (204 bytes)] [Frame: 5952, payload: 18861-20240 (1380 bytes)] [Frame: 5953, payload: 20241-21620 (1380 bytes)] [Frame: 5955, payload: 21621-23000 (1380 bytes)] [Frame: 5956, payload: 23001-24380 (1380 bytes)] [Frame: 5958, payload: 24381-25760 (1380 bytes)] [Frame: 5959, payload: 25761-27140 (1380 bytes)] [Frame: 5961, payload: 27141-28520 (1380 bytes)] [Frame: 5962, payload: 28521-28996 (476 bytes)] [Frame: 5965, payload: 28997-30376 (1380 bytes)] [Frame: 5966, payload: 30377-31756 (1380 bytes)] [Frame: 5968, payload: 31757-33136 (1380 bytes)] [Frame: 5969, payload: 33137-34516 (1380 bytes)] [Frame: 5971, payload: 34517-35896 (1380 bytes)] [Frame: 5972, payload: 35897-37276 (1380 bytes)] [Frame: 5974, payload: 37277-38656 (1380 bytes)] [Frame: 5975, payload: 38657-40036 (1380 bytes)] [Frame: 5977, payload: 40037-41416 (1380 bytes)] [Frame: 5978, payload: 41417-42796 (1380 bytes)] [Frame: 5980, payload: 42797-44176 (1380 bytes)] [Frame: 5981, payload: 44177-45556 (1380 bytes)] [Frame: 5983, payload: 45557-46936 (1380 bytes)] [Frame: 5984, payload: 46937-48316 (1380 bytes)] [Frame: 5986, payload: 48317-49696 (1380 bytes)] [Frame: 5987, payload: 49697-51076 (1380 bytes)] [Frame: 5989, payload: 51077-52456 (1380 bytes)] [Frame: 5990, payload: 52457-53836 (1380 bytes)] [Frame: 5992, payload: 53837-55216 (1380 bytes)] [Frame: 5993, payload: 55217-56596 (1380 bytes)] [Frame: 5995, payload: 56597-57764 (1168 bytes)] [Segment count: 45] [Reassembled TCP length: 57765] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:07 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 57425\r\n [Content length: 57425] Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:07 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 79\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5969 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 458 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 5996 2012-06-20 08:39:27.111814 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1 Frame 5996: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:27.111814000 GMT Daylight Time Epoch Time: 1340177967.111814000 seconds [Time delta from previous captured frame: 0.000305000 seconds] [Time delta from previous displayed frame: 0.000305000 seconds] [Time since reference or first frame: 59.090028000 seconds] Frame Number: 5996 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2a07 (10759) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd230 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 1335, Ack: 173296, Len: 133 Source port: vytalvaultvsmp (2547) Destination port: http (80) [Stream index: 56] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 173296 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 254 [Calculated window size: 65024] [Window size scaling factor: 256] Checksum: 0xc0ec [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 5995] [The RTT to ACK the segment was: 0.000305000 seconds] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_0124.jpg?w=458&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640] No. Time Source Destination Protocol Info 6009 2012-06-20 08:39:27.382509 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 6009: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:27.382509000 GMT Daylight Time Epoch Time: 1340177967.382509000 seconds [Time delta from previous captured frame: 0.000129000 seconds] [Time delta from previous displayed frame: 0.270695000 seconds] [Time since reference or first frame: 59.360723000 seconds] Frame Number: 6009 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2a0d (10765) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd1c2 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237 Source port: vytalvaultpipe (2548) Destination port: http (80) [Stream index: 57] Sequence number: 226 (relative sequence number) [Next sequence number: 463 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x42aa [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 462] TCP segment data (237 bytes) [2 Reassembled TCP Segments (462 bytes): #6008(225), #6009(237)] [Frame: 6008, payload: 0-224 (225 bytes)] [Frame: 6009, payload: 225-461 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 462] Hypertext Transfer Protocol PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6088 2012-06-20 08:39:28.249294 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6088: 974 bytes on wire (7792 bits), 974 bytes captured (7792 bits) Arrival Time: Jun 20, 2012 08:39:28.249294000 GMT Daylight Time Epoch Time: 1340177968.249294000 seconds [Time delta from previous captured frame: 0.000013000 seconds] [Time delta from previous displayed frame: 0.866785000 seconds] [Time since reference or first frame: 60.227508000 seconds] Frame Number: 6088 Frame Length: 974 bytes (7792 bits) Capture Length: 974 bytes (7792 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 960 Identification: 0x6fcf (28623) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xd555 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultpipe (2548), Seq: 61098, Ack: 463, Len: 920 Source port: http (80) Destination port: vytalvaultpipe (2548) [Stream index: 57] Sequence number: 61098 (relative sequence number) [Next sequence number: 62018 (relative sequence number)] Acknowledgement number: 463 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0xbeba [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2300] TCP segment data (920 bytes) [46 Reassembled TCP Segments (62017 bytes): #6019(1380), #6020(1380), #6022(1380), #6023(1380), #6025(1380), #6026(377), #6028(1380), #6029(1380), #6031(1380), #6032(1380), #6035(1380), #6036(1380), #6038(1380), #6039(1380), #6041(1380), #6] [Frame: 6019, payload: 0-1379 (1380 bytes)] [Frame: 6020, payload: 1380-2759 (1380 bytes)] [Frame: 6022, payload: 2760-4139 (1380 bytes)] [Frame: 6023, payload: 4140-5519 (1380 bytes)] [Frame: 6025, payload: 5520-6899 (1380 bytes)] [Frame: 6026, payload: 6900-7276 (377 bytes)] [Frame: 6028, payload: 7277-8656 (1380 bytes)] [Frame: 6029, payload: 8657-10036 (1380 bytes)] [Frame: 6031, payload: 10037-11416 (1380 bytes)] [Frame: 6032, payload: 11417-12796 (1380 bytes)] [Frame: 6035, payload: 12797-14176 (1380 bytes)] [Frame: 6036, payload: 14177-15556 (1380 bytes)] [Frame: 6038, payload: 15557-16936 (1380 bytes)] [Frame: 6039, payload: 16937-18316 (1380 bytes)] [Frame: 6041, payload: 18317-19696 (1380 bytes)] [Frame: 6042, payload: 19697-21076 (1380 bytes)] [Frame: 6044, payload: 21077-22456 (1380 bytes)] [Frame: 6045, payload: 22457-23836 (1380 bytes)] [Frame: 6047, payload: 23837-25216 (1380 bytes)] [Frame: 6048, payload: 25217-26596 (1380 bytes)] [Frame: 6050, payload: 26597-27976 (1380 bytes)] [Frame: 6051, payload: 27977-29356 (1380 bytes)] [Frame: 6054, payload: 29357-30736 (1380 bytes)] [Frame: 6055, payload: 30737-32116 (1380 bytes)] [Frame: 6057, payload: 32117-33496 (1380 bytes)] [Frame: 6058, payload: 33497-34876 (1380 bytes)] [Frame: 6060, payload: 34877-36256 (1380 bytes)] [Frame: 6061, payload: 36257-37636 (1380 bytes)] [Frame: 6063, payload: 37637-39016 (1380 bytes)] [Frame: 6064, payload: 39017-40396 (1380 bytes)] [Frame: 6066, payload: 40397-41776 (1380 bytes)] [Frame: 6067, payload: 41777-43156 (1380 bytes)] [Frame: 6069, payload: 43157-44536 (1380 bytes)] [Frame: 6070, payload: 44537-45916 (1380 bytes)] [Frame: 6072, payload: 45917-47296 (1380 bytes)] [Frame: 6073, payload: 47297-48676 (1380 bytes)] [Frame: 6075, payload: 48677-50056 (1380 bytes)] [Frame: 6076, payload: 50057-51436 (1380 bytes)] [Frame: 6078, payload: 51437-52816 (1380 bytes)] [Frame: 6079, payload: 52817-54196 (1380 bytes)] [Frame: 6081, payload: 54197-55576 (1380 bytes)] [Frame: 6082, payload: 55577-56956 (1380 bytes)] [Frame: 6084, payload: 56957-58336 (1380 bytes)] [Frame: 6085, payload: 58337-59716 (1380 bytes)] [Frame: 6087, payload: 59717-61096 (1380 bytes)] [Frame: 6088, payload: 61097-62016 (920 bytes)] [Segment count: 46] [Reassembled TCP length: 62017] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:08 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 61677\r\n [Content length: 61677] Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:08 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7157 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 476 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6091 2012-06-20 08:39:28.249751 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 6091: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:28.249751000 GMT Daylight Time Epoch Time: 1340177968.249751000 seconds [Time delta from previous captured frame: 0.000103000 seconds] [Time delta from previous displayed frame: 0.000457000 seconds] [Time since reference or first frame: 60.227965000 seconds] Frame Number: 6091 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2a26 (10790) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd1a9 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 662, Ack: 62018, Len: 237 Source port: vytalvaultpipe (2548) Destination port: http (80) [Stream index: 57] Sequence number: 662 (relative sequence number) [Next sequence number: 899 (relative sequence number)] Acknowledgement number: 62018 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x4eb4 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #6090(199), #6091(237)] [Frame: 6090, payload: 0-198 (199 bytes)] [Frame: 6091, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6173 2012-06-20 08:39:28.716346 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6173: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) Arrival Time: Jun 20, 2012 08:39:28.716346000 GMT Daylight Time Epoch Time: 1340177968.716346000 seconds [Time delta from previous captured frame: 0.000019000 seconds] [Time delta from previous displayed frame: 0.466595000 seconds] [Time since reference or first frame: 60.694560000 seconds] Frame Number: 6173 Frame Length: 566 bytes (4528 bits) Capture Length: 566 bytes (4528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 552 Identification: 0x7003 (28675) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xd6b9 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultpipe (2548), Seq: 123523, Ack: 899, Len: 512 Source port: http (80) Destination port: vytalvaultpipe (2548) [Stream index: 57] Sequence number: 123523 (relative sequence number) [Next sequence number: 124035 (relative sequence number)] Acknowledgement number: 899 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x7f0e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1892] TCP segment data (512 bytes) [50 Reassembled TCP Segments (62017 bytes): #6099(1380), #6100(1380), #6102(1380), #6103(1380), #6105(1380), #6106(1380), #6108(445), #6109(1380), #6111(1380), #6112(136), #6114(1380), #6115(68), #6117(1380), #6118(68), #6120(1380), #6121(6] [Frame: 6099, payload: 0-1379 (1380 bytes)] [Frame: 6100, payload: 1380-2759 (1380 bytes)] [Frame: 6102, payload: 2760-4139 (1380 bytes)] [Frame: 6103, payload: 4140-5519 (1380 bytes)] [Frame: 6105, payload: 5520-6899 (1380 bytes)] [Frame: 6106, payload: 6900-8279 (1380 bytes)] [Frame: 6108, payload: 8280-8724 (445 bytes)] [Frame: 6109, payload: 8725-10104 (1380 bytes)] [Frame: 6111, payload: 10105-11484 (1380 bytes)] [Frame: 6112, payload: 11485-11620 (136 bytes)] [Frame: 6114, payload: 11621-13000 (1380 bytes)] [Frame: 6115, payload: 13001-13068 (68 bytes)] [Frame: 6117, payload: 13069-14448 (1380 bytes)] [Frame: 6118, payload: 14449-14516 (68 bytes)] [Frame: 6120, payload: 14517-15896 (1380 bytes)] [Frame: 6121, payload: 15897-15964 (68 bytes)] [Frame: 6123, payload: 15965-17344 (1380 bytes)] [Frame: 6124, payload: 17345-18724 (1380 bytes)] [Frame: 6126, payload: 18725-20104 (1380 bytes)] [Frame: 6127, payload: 20105-21484 (1380 bytes)] [Frame: 6129, payload: 21485-22864 (1380 bytes)] [Frame: 6130, payload: 22865-24244 (1380 bytes)] [Frame: 6132, payload: 24245-25624 (1380 bytes)] [Frame: 6133, payload: 25625-27004 (1380 bytes)] [Frame: 6135, payload: 27005-28384 (1380 bytes)] [Frame: 6137, payload: 28385-29764 (1380 bytes)] [Frame: 6139, payload: 29765-31144 (1380 bytes)] [Frame: 6140, payload: 31145-32524 (1380 bytes)] [Frame: 6142, payload: 32525-33904 (1380 bytes)] [Frame: 6143, payload: 33905-35284 (1380 bytes)] [Frame: 6145, payload: 35285-36664 (1380 bytes)] [Frame: 6146, payload: 36665-38044 (1380 bytes)] [Frame: 6148, payload: 38045-39424 (1380 bytes)] [Frame: 6149, payload: 39425-40804 (1380 bytes)] [Frame: 6151, payload: 40805-42184 (1380 bytes)] [Frame: 6152, payload: 42185-43564 (1380 bytes)] [Frame: 6154, payload: 43565-44944 (1380 bytes)] [Frame: 6155, payload: 44945-46324 (1380 bytes)] [Frame: 6157, payload: 46325-47704 (1380 bytes)] [Frame: 6158, payload: 47705-49084 (1380 bytes)] [Frame: 6160, payload: 49085-50464 (1380 bytes)] [Frame: 6161, payload: 50465-51844 (1380 bytes)] [Frame: 6163, payload: 51845-53224 (1380 bytes)] [Frame: 6164, payload: 53225-54604 (1380 bytes)] [Frame: 6166, payload: 54605-55984 (1380 bytes)] [Frame: 6167, payload: 55985-57364 (1380 bytes)] [Frame: 6169, payload: 57365-58744 (1380 bytes)] [Frame: 6170, payload: 58745-60124 (1380 bytes)] [Frame: 6172, payload: 60125-61504 (1380 bytes)] [Frame: 6173, payload: 61505-62016 (512 bytes)] [Segment count: 50] [Reassembled TCP length: 62017] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:09 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 61677\r\n [Content length: 61677] Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:09 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7157 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 476 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6176 2012-06-20 08:39:28.716684 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 6176: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:28.716684000 GMT Daylight Time Epoch Time: 1340177968.716684000 seconds [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000338000 seconds] [Time since reference or first frame: 60.694898000 seconds] Frame Number: 6176 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2a41 (10817) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd18e [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 1098, Ack: 124035, Len: 237 Source port: vytalvaultpipe (2548) Destination port: http (80) [Stream index: 57] Sequence number: 1098 (relative sequence number) [Next sequence number: 1335 (relative sequence number)] Acknowledgement number: 124035 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x5abe [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 436] TCP segment data (237 bytes) [2 Reassembled TCP Segments (436 bytes): #6175(199), #6176(237)] [Frame: 6175, payload: 0-198 (199 bytes)] [Frame: 6176, payload: 199-435 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 436] Hypertext Transfer Protocol PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6258 2012-06-20 08:39:29.205620 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6258: 1198 bytes on wire (9584 bits), 1198 bytes captured (9584 bits) Arrival Time: Jun 20, 2012 08:39:29.205620000 GMT Daylight Time Epoch Time: 1340177969.205620000 seconds [Time delta from previous captured frame: 0.000063000 seconds] [Time delta from previous displayed frame: 0.488936000 seconds] [Time since reference or first frame: 61.183834000 seconds] Frame Number: 6258 Frame Length: 1198 bytes (9584 bits) Capture Length: 1198 bytes (9584 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1184 Identification: 0x7037 (28727) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0xd40d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultpipe (2548), Seq: 184908, Ack: 1335, Len: 1144 Source port: http (80) Destination port: vytalvaultpipe (2548) [Stream index: 57] Sequence number: 184908 (relative sequence number) [Next sequence number: 186052 (relative sequence number)] Acknowledgement number: 1335 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0x6c4a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2524] TCP segment data (1144 bytes) [50 Reassembled TCP Segments (62017 bytes): #6183(1380), #6184(1380), #6186(173), #6187(1380), #6189(1380), #6190(1380), #6192(204), #6193(1380), #6195(1380), #6196(1380), #6198(1380), #6199(1380), #6201(340), #6202(1380), #6204(1380), #620] [Frame: 6183, payload: 0-1379 (1380 bytes)] [Frame: 6184, payload: 1380-2759 (1380 bytes)] [Frame: 6186, payload: 2760-2932 (173 bytes)] [Frame: 6187, payload: 2933-4312 (1380 bytes)] [Frame: 6189, payload: 4313-5692 (1380 bytes)] [Frame: 6190, payload: 5693-7072 (1380 bytes)] [Frame: 6192, payload: 7073-7276 (204 bytes)] [Frame: 6193, payload: 7277-8656 (1380 bytes)] [Frame: 6195, payload: 8657-10036 (1380 bytes)] [Frame: 6196, payload: 10037-11416 (1380 bytes)] [Frame: 6198, payload: 11417-12796 (1380 bytes)] [Frame: 6199, payload: 12797-14176 (1380 bytes)] [Frame: 6201, payload: 14177-14516 (340 bytes)] [Frame: 6202, payload: 14517-15896 (1380 bytes)] [Frame: 6204, payload: 15897-17276 (1380 bytes)] [Frame: 6205, payload: 17277-18656 (1380 bytes)] [Frame: 6207, payload: 18657-20036 (1380 bytes)] [Frame: 6208, payload: 20037-20308 (272 bytes)] [Frame: 6210, payload: 20309-21688 (1380 bytes)] [Frame: 6211, payload: 21689-23068 (1380 bytes)] [Frame: 6213, payload: 23069-24448 (1380 bytes)] [Frame: 6214, payload: 24449-25828 (1380 bytes)] [Frame: 6216, payload: 25829-27208 (1380 bytes)] [Frame: 6217, payload: 27209-28588 (1380 bytes)] [Frame: 6219, payload: 28589-28996 (408 bytes)] [Frame: 6220, payload: 28997-30376 (1380 bytes)] [Frame: 6222, payload: 30377-31756 (1380 bytes)] [Frame: 6223, payload: 31757-31892 (136 bytes)] [Frame: 6227, payload: 31893-33272 (1380 bytes)] [Frame: 6228, payload: 33273-34652 (1380 bytes)] [Frame: 6230, payload: 34653-36032 (1380 bytes)] [Frame: 6231, payload: 36033-37412 (1380 bytes)] [Frame: 6233, payload: 37413-38792 (1380 bytes)] [Frame: 6234, payload: 38793-40172 (1380 bytes)] [Frame: 6236, payload: 40173-41552 (1380 bytes)] [Frame: 6237, payload: 41553-42932 (1380 bytes)] [Frame: 6239, payload: 42933-44312 (1380 bytes)] [Frame: 6240, payload: 44313-45692 (1380 bytes)] [Frame: 6242, payload: 45693-47072 (1380 bytes)] [Frame: 6243, payload: 47073-48452 (1380 bytes)] [Frame: 6245, payload: 48453-49832 (1380 bytes)] [Frame: 6246, payload: 49833-51212 (1380 bytes)] [Frame: 6248, payload: 51213-52592 (1380 bytes)] [Frame: 6249, payload: 52593-53972 (1380 bytes)] [Frame: 6251, payload: 53973-55352 (1380 bytes)] [Frame: 6252, payload: 55353-56732 (1380 bytes)] [Frame: 6254, payload: 56733-58112 (1380 bytes)] [Frame: 6255, payload: 58113-59492 (1380 bytes)] [Frame: 6257, payload: 59493-60872 (1380 bytes)] [Frame: 6258, payload: 60873-62016 (1144 bytes)] [Segment count: 50] [Reassembled TCP length: 62017] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:10 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 61677\r\n [Content length: 61677] Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:10 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 83\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 7157 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 476 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6260 2012-06-20 08:39:29.205859 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1 Frame 6260: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) Arrival Time: Jun 20, 2012 08:39:29.205859000 GMT Daylight Time Epoch Time: 1340177969.205859000 seconds [Time delta from previous captured frame: 0.000216000 seconds] [Time delta from previous displayed frame: 0.000239000 seconds] [Time since reference or first frame: 61.184073000 seconds] Frame Number: 6260 Frame Length: 187 bytes (1496 bits) Capture Length: 187 bytes (1496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 173 Identification: 0x2a5b (10843) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd1dc [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 1335, Ack: 186052, Len: 133 Source port: vytalvaultpipe (2548) Destination port: http (80) [Stream index: 57] Sequence number: 1335 (relative sequence number) [Next sequence number: 1468 (relative sequence number)] Acknowledgement number: 186052 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x880f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 133] Hypertext Transfer Protocol HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_2375.jpg?w=476&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640] No. Time Source Destination Protocol Info 6283 2012-06-20 08:39:29.654298 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6283: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:29.654298000 GMT Daylight Time Epoch Time: 1340177969.654298000 seconds [Time delta from previous captured frame: 0.000109000 seconds] [Time delta from previous displayed frame: 0.448439000 seconds] [Time since reference or first frame: 61.632512000 seconds] Frame Number: 6283 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2a61 (10849) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd16e [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 227 (relative sequence number) [Next sequence number: 464 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x2f42 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 463] TCP segment data (237 bytes) [2 Reassembled TCP Segments (463 bytes): #6282(226), #6283(237)] [Frame: 6282, payload: 0-225 (226 bytes)] [Frame: 6283, payload: 226-462 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 463] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Keep-Alive: \r\n Connection: TE, Keep-Alive\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6346 2012-06-20 08:39:30.211163 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6346: 1419 bytes on wire (11352 bits), 1419 bytes captured (11352 bits) Arrival Time: Jun 20, 2012 08:39:30.211163000 GMT Daylight Time Epoch Time: 1340177970.211163000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.556865000 seconds] [Time since reference or first frame: 62.189377000 seconds] Frame Number: 6346 Frame Length: 1419 bytes (11352 bits) Capture Length: 1419 bytes (11352 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1405 Identification: 0xdd0b (56587) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x665c [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 49681, Ack: 464, Len: 1365 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 49681 (relative sequence number) [Next sequence number: 51046 (relative sequence number)] Acknowledgement number: 464 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 33 [Calculated window size: 16896] [Window size scaling factor: 512] Checksum: 0x5dbf [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1365] TCP segment data (1365 bytes) [37 Reassembled TCP Segments (51045 bytes): #6289(1380), #6290(1380), #6292(1380), #6293(1380), #6295(1380), #6296(1380), #6298(1380), #6299(1380), #6301(1380), #6302(1380), #6305(1380), #6306(1380), #6308(1380), #6309(1380), #6311(1380), #] [Frame: 6289, payload: 0-1379 (1380 bytes)] [Frame: 6290, payload: 1380-2759 (1380 bytes)] [Frame: 6292, payload: 2760-4139 (1380 bytes)] [Frame: 6293, payload: 4140-5519 (1380 bytes)] [Frame: 6295, payload: 5520-6899 (1380 bytes)] [Frame: 6296, payload: 6900-8279 (1380 bytes)] [Frame: 6298, payload: 8280-9659 (1380 bytes)] [Frame: 6299, payload: 9660-11039 (1380 bytes)] [Frame: 6301, payload: 11040-12419 (1380 bytes)] [Frame: 6302, payload: 12420-13799 (1380 bytes)] [Frame: 6305, payload: 13800-15179 (1380 bytes)] [Frame: 6306, payload: 15180-16559 (1380 bytes)] [Frame: 6308, payload: 16560-17939 (1380 bytes)] [Frame: 6309, payload: 17940-19319 (1380 bytes)] [Frame: 6311, payload: 19320-20699 (1380 bytes)] [Frame: 6312, payload: 20700-22079 (1380 bytes)] [Frame: 6314, payload: 22080-23459 (1380 bytes)] [Frame: 6315, payload: 23460-24839 (1380 bytes)] [Frame: 6317, payload: 24840-26219 (1380 bytes)] [Frame: 6318, payload: 26220-27599 (1380 bytes)] [Frame: 6320, payload: 27600-28979 (1380 bytes)] [Frame: 6321, payload: 28980-30359 (1380 bytes)] [Frame: 6324, payload: 30360-31739 (1380 bytes)] [Frame: 6325, payload: 31740-33119 (1380 bytes)] [Frame: 6327, payload: 33120-34499 (1380 bytes)] [Frame: 6329, payload: 34500-35879 (1380 bytes)] [Frame: 6331, payload: 35880-37259 (1380 bytes)] [Frame: 6332, payload: 37260-38639 (1380 bytes)] [Frame: 6334, payload: 38640-40019 (1380 bytes)] [Frame: 6335, payload: 40020-41399 (1380 bytes)] [Frame: 6337, payload: 41400-42779 (1380 bytes)] [Frame: 6338, payload: 42780-44159 (1380 bytes)] [Frame: 6340, payload: 44160-45539 (1380 bytes)] [Frame: 6341, payload: 45540-46919 (1380 bytes)] [Frame: 6343, payload: 46920-48299 (1380 bytes)] [Frame: 6344, payload: 48300-49679 (1380 bytes)] [Frame: 6346, payload: 49680-51044 (1365 bytes)] [Segment count: 37] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:10 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:10 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6348 2012-06-20 08:39:30.211464 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6348: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:30.211464000 GMT Daylight Time Epoch Time: 1340177970.211464000 seconds [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000301000 seconds] [Time since reference or first frame: 62.189678000 seconds] Frame Number: 6348 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2a75 (10869) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd15a [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 664, Ack: 51046, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 664 (relative sequence number) [Next sequence number: 901 (relative sequence number)] Acknowledgement number: 51046 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 253 [Calculated window size: 64768] [Window size scaling factor: 256] Checksum: 0x662c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6347(200), #6348(237)] [Frame: 6347, payload: 0-199 (200 bytes)] [Frame: 6348, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6410 2012-06-20 08:39:30.646481 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6410: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits) Arrival Time: Jun 20, 2012 08:39:30.646481000 GMT Daylight Time Epoch Time: 1340177970.646481000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.435017000 seconds] [Time since reference or first frame: 62.624695000 seconds] Frame Number: 6410 Frame Length: 362 bytes (2896 bits) Capture Length: 362 bytes (2896 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 348 Identification: 0xdd35 (56629) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6a53 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 101783, Ack: 901, Len: 308 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 101783 (relative sequence number) [Next sequence number: 102091 (relative sequence number)] Acknowledgement number: 901 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 37 [Calculated window size: 18944] [Window size scaling factor: 512] Checksum: 0x8c70 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1688] TCP segment data (308 bytes) [40 Reassembled TCP Segments (51045 bytes): #6351(1380), #6352(1380), #6354(1380), #6355(1380), #6357(1380), #6358(1380), #6360(1380), #6361(513), #6363(1380), #6364(1380), #6366(1380), #6367(204), #6369(1380), #6370(1380), #6372(1380), #63] [Frame: 6351, payload: 0-1379 (1380 bytes)] [Frame: 6352, payload: 1380-2759 (1380 bytes)] [Frame: 6354, payload: 2760-4139 (1380 bytes)] [Frame: 6355, payload: 4140-5519 (1380 bytes)] [Frame: 6357, payload: 5520-6899 (1380 bytes)] [Frame: 6358, payload: 6900-8279 (1380 bytes)] [Frame: 6360, payload: 8280-9659 (1380 bytes)] [Frame: 6361, payload: 9660-10172 (513 bytes)] [Frame: 6363, payload: 10173-11552 (1380 bytes)] [Frame: 6364, payload: 11553-12932 (1380 bytes)] [Frame: 6366, payload: 12933-14312 (1380 bytes)] [Frame: 6367, payload: 14313-14516 (204 bytes)] [Frame: 6369, payload: 14517-15896 (1380 bytes)] [Frame: 6370, payload: 15897-17276 (1380 bytes)] [Frame: 6372, payload: 17277-18656 (1380 bytes)] [Frame: 6373, payload: 18657-20036 (1380 bytes)] [Frame: 6375, payload: 20037-21416 (1380 bytes)] [Frame: 6376, payload: 21417-21756 (340 bytes)] [Frame: 6379, payload: 21757-23136 (1380 bytes)] [Frame: 6380, payload: 23137-24516 (1380 bytes)] [Frame: 6382, payload: 24517-25896 (1380 bytes)] [Frame: 6383, payload: 25897-27276 (1380 bytes)] [Frame: 6385, payload: 27277-28656 (1380 bytes)] [Frame: 6386, payload: 28657-30036 (1380 bytes)] [Frame: 6388, payload: 30037-31416 (1380 bytes)] [Frame: 6389, payload: 31417-32796 (1380 bytes)] [Frame: 6391, payload: 32797-34176 (1380 bytes)] [Frame: 6392, payload: 34177-35556 (1380 bytes)] [Frame: 6394, payload: 35557-36936 (1380 bytes)] [Frame: 6395, payload: 36937-38316 (1380 bytes)] [Frame: 6397, payload: 38317-39696 (1380 bytes)] [Frame: 6398, payload: 39697-41076 (1380 bytes)] [Frame: 6400, payload: 41077-42456 (1380 bytes)] [Frame: 6401, payload: 42457-43836 (1380 bytes)] [Frame: 6403, payload: 43837-45216 (1380 bytes)] [Frame: 6404, payload: 45217-46596 (1380 bytes)] [Frame: 6406, payload: 46597-47976 (1380 bytes)] [Frame: 6407, payload: 47977-49356 (1380 bytes)] [Frame: 6409, payload: 49357-50736 (1380 bytes)] [Frame: 6410, payload: 50737-51044 (308 bytes)] [Segment count: 40] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:11 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:11 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6413 2012-06-20 08:39:30.646806 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6413: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:30.646806000 GMT Daylight Time Epoch Time: 1340177970.646806000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000325000 seconds] [Time since reference or first frame: 62.625020000 seconds] Frame Number: 6413 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2a8b (10891) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd144 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 1101, Ack: 102091, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 1101 (relative sequence number) [Next sequence number: 1338 (relative sequence number)] Acknowledgement number: 102091 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x9d0c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6412(200), #6413(237)] [Frame: 6412, payload: 0-199 (200 bytes)] [Frame: 6413, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6481 2012-06-20 08:39:31.139632 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6481: 1062 bytes on wire (8496 bits), 1062 bytes captured (8496 bits) Arrival Time: Jun 20, 2012 08:39:31.139632000 GMT Daylight Time Epoch Time: 1340177971.139632000 seconds [Time delta from previous captured frame: 0.000075000 seconds] [Time delta from previous displayed frame: 0.492826000 seconds] [Time since reference or first frame: 63.117846000 seconds] Frame Number: 6481 Frame Length: 1062 bytes (8496 bits) Capture Length: 1062 bytes (8496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1048 Identification: 0xdd5f (56671) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x676d [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 152128, Ack: 1338, Len: 1008 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 152128 (relative sequence number) [Next sequence number: 153136 (relative sequence number)] Acknowledgement number: 1338 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 42 [Calculated window size: 21504] [Window size scaling factor: 512] Checksum: 0xc86a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2388] TCP segment data (1008 bytes) [40 Reassembled TCP Segments (51045 bytes): #6421(1380), #6422(1380), #6424(1380), #6425(1380), #6427(309), #6428(1380), #6430(1380), #6431(1380), #6433(1380), #6434(1380), #6436(1380), #6437(1380), #6439(1380), #6440(1380), #6442(612), #64] [Frame: 6421, payload: 0-1379 (1380 bytes)] [Frame: 6422, payload: 1380-2759 (1380 bytes)] [Frame: 6424, payload: 2760-4139 (1380 bytes)] [Frame: 6425, payload: 4140-5519 (1380 bytes)] [Frame: 6427, payload: 5520-5828 (309 bytes)] [Frame: 6428, payload: 5829-7208 (1380 bytes)] [Frame: 6430, payload: 7209-8588 (1380 bytes)] [Frame: 6431, payload: 8589-9968 (1380 bytes)] [Frame: 6433, payload: 9969-11348 (1380 bytes)] [Frame: 6434, payload: 11349-12728 (1380 bytes)] [Frame: 6436, payload: 12729-14108 (1380 bytes)] [Frame: 6437, payload: 14109-15488 (1380 bytes)] [Frame: 6439, payload: 15489-16868 (1380 bytes)] [Frame: 6440, payload: 16869-18248 (1380 bytes)] [Frame: 6442, payload: 18249-18860 (612 bytes)] [Frame: 6443, payload: 18861-20240 (1380 bytes)] [Frame: 6445, payload: 20241-21620 (1380 bytes)] [Frame: 6446, payload: 21621-21756 (136 bytes)] [Frame: 6448, payload: 21757-23136 (1380 bytes)] [Frame: 6449, payload: 23137-24516 (1380 bytes)] [Frame: 6451, payload: 24517-25896 (1380 bytes)] [Frame: 6452, payload: 25897-27276 (1380 bytes)] [Frame: 6454, payload: 27277-28656 (1380 bytes)] [Frame: 6455, payload: 28657-30036 (1380 bytes)] [Frame: 6457, payload: 30037-31416 (1380 bytes)] [Frame: 6458, payload: 31417-32796 (1380 bytes)] [Frame: 6460, payload: 32797-34176 (1380 bytes)] [Frame: 6461, payload: 34177-35556 (1380 bytes)] [Frame: 6463, payload: 35557-36236 (680 bytes)] [Frame: 6466, payload: 36237-37616 (1380 bytes)] [Frame: 6468, payload: 37617-38996 (1380 bytes)] [Frame: 6469, payload: 38997-40376 (1380 bytes)] [Frame: 6471, payload: 40377-41756 (1380 bytes)] [Frame: 6472, payload: 41757-43136 (1380 bytes)] [Frame: 6474, payload: 43137-44516 (1380 bytes)] [Frame: 6475, payload: 44517-45896 (1380 bytes)] [Frame: 6477, payload: 45897-47276 (1380 bytes)] [Frame: 6478, payload: 47277-48656 (1380 bytes)] [Frame: 6480, payload: 48657-50036 (1380 bytes)] [Frame: 6481, payload: 50037-51044 (1008 bytes)] [Segment count: 40] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:12 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:12 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6483 2012-06-20 08:39:31.139929 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6483: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits) Arrival Time: Jun 20, 2012 08:39:31.139929000 GMT Daylight Time Epoch Time: 1340177971.139929000 seconds [Time delta from previous captured frame: 0.000262000 seconds] [Time delta from previous displayed frame: 0.000297000 seconds] [Time since reference or first frame: 63.118143000 seconds] Frame Number: 6483 Frame Length: 188 bytes (1504 bits) Capture Length: 188 bytes (1504 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 174 Identification: 0x2aa0 (10912) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd196 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 1338, Ack: 153136, Len: 134 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 1338 (relative sequence number) [Next sequence number: 1472 (relative sequence number)] Acknowledgement number: 153136 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x26eb [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 134] Hypertext Transfer Protocol HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: HEAD Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] No. Time Source Destination Protocol Info 6488 2012-06-20 08:39:31.273729 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6488: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:31.273729000 GMT Daylight Time Epoch Time: 1340177971.273729000 seconds [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.133800000 seconds] [Time since reference or first frame: 63.251943000 seconds] Frame Number: 6488 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2aa2 (10914) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd12d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 1672, Ack: 153480, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 1672 (relative sequence number) [Next sequence number: 1909 (relative sequence number)] Acknowledgement number: 153480 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 257 [Calculated window size: 65792] [Window size scaling factor: 256] Checksum: 0xd214 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6487(200), #6488(237)] [Frame: 6487, payload: 0-199 (200 bytes)] [Frame: 6488, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6552 2012-06-20 08:39:31.714643 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (image/jpeg) Frame 6552: 1130 bytes on wire (9040 bits), 1130 bytes captured (9040 bits) Arrival Time: Jun 20, 2012 08:39:31.714643000 GMT Daylight Time Epoch Time: 1340177971.714643000 seconds [Time delta from previous captured frame: 0.000094000 seconds] [Time delta from previous displayed frame: 0.440914000 seconds] [Time since reference or first frame: 63.692857000 seconds] Frame Number: 6552 Frame Length: 1130 bytes (9040 bits) Capture Length: 1130 bytes (9040 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:media:http:data] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1116 Identification: 0xdd8a (56714) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x66fe [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 203449, Ack: 1909, Len: 1076 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 203449 (relative sequence number) [Next sequence number: 204525 (relative sequence number)] Acknowledgement number: 1909 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 48 [Calculated window size: 24576] [Window size scaling factor: 512] Checksum: 0x0b1e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2456] TCP segment data (736 bytes) [41 Reassembled TCP Segments (51049 bytes): #6486(344), #6494(1380), #6495(1380), #6497(173), #6498(1380), #6500(1380), #6501(1380), #6503(1380), #6504(1380), #6506(1380), #6507(1380), #6509(1380), #6510(544), #6512(1380), #6513(1380), #651] [Frame: 6486, payload: 0-343 (344 bytes)] [Frame: 6494, payload: 344-1723 (1380 bytes)] [Frame: 6495, payload: 1724-3103 (1380 bytes)] [Frame: 6497, payload: 3104-3276 (173 bytes)] [Frame: 6498, payload: 3277-4656 (1380 bytes)] [Frame: 6500, payload: 4657-6036 (1380 bytes)] [Frame: 6501, payload: 6037-7416 (1380 bytes)] [Frame: 6503, payload: 7417-8796 (1380 bytes)] [Frame: 6504, payload: 8797-10176 (1380 bytes)] [Frame: 6506, payload: 10177-11556 (1380 bytes)] [Frame: 6507, payload: 11557-12936 (1380 bytes)] [Frame: 6509, payload: 12937-14316 (1380 bytes)] [Frame: 6510, payload: 14317-14860 (544 bytes)] [Frame: 6512, payload: 14861-16240 (1380 bytes)] [Frame: 6513, payload: 16241-17620 (1380 bytes)] [Frame: 6515, payload: 17621-17756 (136 bytes)] [Frame: 6516, payload: 17757-19136 (1380 bytes)] [Frame: 6518, payload: 19137-20516 (1380 bytes)] [Frame: 6519, payload: 20517-21896 (1380 bytes)] [Frame: 6521, payload: 21897-23276 (1380 bytes)] [Frame: 6522, payload: 23277-24656 (1380 bytes)] [Frame: 6524, payload: 24657-26036 (1380 bytes)] [Frame: 6525, payload: 26037-27416 (1380 bytes)] [Frame: 6527, payload: 27417-28796 (1380 bytes)] [Frame: 6528, payload: 28797-30176 (1380 bytes)] [Frame: 6530, payload: 30177-31556 (1380 bytes)] [Frame: 6531, payload: 31557-32936 (1380 bytes)] [Frame: 6533, payload: 32937-34316 (1380 bytes)] [Frame: 6534, payload: 34317-35132 (816 bytes)] [Frame: 6536, payload: 35133-36512 (1380 bytes)] [Frame: 6537, payload: 36513-37892 (1380 bytes)] [Frame: 6539, payload: 37893-39272 (1380 bytes)] [Frame: 6540, payload: 39273-40652 (1380 bytes)] [Frame: 6542, payload: 40653-42032 (1380 bytes)] [Frame: 6543, payload: 42033-43412 (1380 bytes)] [Frame: 6545, payload: 43413-44792 (1380 bytes)] [Frame: 6546, payload: 44793-46172 (1380 bytes)] [Frame: 6548, payload: 46173-47552 (1380 bytes)] [Frame: 6549, payload: 47553-48932 (1380 bytes)] [Frame: 6551, payload: 48933-50312 (1380 bytes)] [Frame: 6552, payload: 50313-51048 (736 bytes)] [Segment count: 41] [Reassembled TCP length: 51049] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:12 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:12 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n X-nc: HIT sat 86\r\n Accept-Ranges: bytes\r\n Cache-Control: max-age=31536000\r\n \r\n [Expert Info (Note/Malformed): HTTP body subdissector failed, trying heuristic subdissector] [Message: HTTP body subdissector failed, trying heuristic subdissector] [Severity level: Note] [Group: Malformed] Media Type Media Type: image/jpeg (50705 bytes) Hypertext Transfer Protocol \r Data (339 bytes) 0000 74 8a 94 1f 08 9d 8a bc ae 66 70 12 f9 81 41 01 t........fp...A. 0010 f4 91 10 00 a4 27 49 c5 0f 98 09 a3 ca fb 8e f4 .....'I......... 0020 2f ef 60 70 0f 68 56 42 d5 7c ca 6d 53 4a f1 2e /.`p.hVB.|.mSJ.. 0030 15 48 70 d7 52 83 42 b8 82 d0 59 be a1 2c 5f 98 .Hp.R.B...Y..,_. 0040 cd 0a 7b 62 07 4e db 06 58 b5 c4 2c 20 de 7d 40 ..{b.N..X.., .}@ 0050 a1 69 b6 4a 63 1b e4 7b 80 b5 5b f3 97 d1 0f 34 .i.Jc..{..[....4 0060 b9 81 0a 5a 55 12 df 1f 94 e4 47 1d 41 b0 e8 5f ...ZU.....G.A.._ 0070 b8 00 72 7b 97 55 16 75 50 bb 50 0e 7c ca e2 16 ..r{.U.uP.P.|... 0080 b9 b2 c0 7a 2d d9 b3 42 1a 0d 67 b6 30 1b 50 38 ...z-..B..g.0.P8 0090 ae 66 46 f8 fa 40 69 ce b8 ea 5c 81 58 1e 00 e6 .fF..@i...\.X... 00a0 ee 00 34 2a 88 81 5d 95 e6 5d 0d c9 90 8c 49 5b ..4*..]..]....I[ 00b0 4c c4 50 2d 73 0d 6c 31 64 30 b9 47 15 2a cb 18 L.P-s.l1d0.G.*.. 00c0 51 ee 14 ac 2d 2b 3a 80 4e ab 3d cb c8 80 36 1e Q...-+:.N.=...6. 00d0 21 60 fb d8 36 ab 01 80 e8 bf 3e 22 6d 15 1b ae !`..6.....>"m... 00e0 a2 aa d2 d9 f1 10 e1 a6 91 2b c8 9b 1b b0 55 e1 .........+....U. 00f0 dc b1 22 d5 cb 38 99 82 24 05 05 1e ba 96 b0 a1 .."..8..$....... 0100 c5 bd 46 88 58 0e e0 06 9d 78 ea 2a 62 9e 12 51 ..F.X....x.*b..Q 0110 65 fd cc 5a fb 12 d4 7b 29 b8 38 20 0e c4 2a 8e e..Z...{).8 ..*. 0120 3a 42 e6 81 af 7f a8 1d 58 5f 67 70 16 36 be 65 :B......X_gp.6.e 0130 1b 65 1d 7d 4c 81 74 7c f5 12 a9 f0 e2 00 2f 78 .e.}L.t|....../x 0140 0c 37 9d 8b e3 92 0a 03 c9 e2 54 33 4e c9 f3 fe .7........T3N... 0150 27 ff d9 '.. Data: 748a941f089d8abcae667012f9814101f4911000a42749c5... [Length: 339] No. Time Source Destination Protocol Info 6555 2012-06-20 08:39:31.714979 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6555: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:31.714979000 GMT Daylight Time Epoch Time: 1340177971.714979000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000336000 seconds] [Time since reference or first frame: 63.693193000 seconds] Frame Number: 6555 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2ab8 (10936) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd117 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 2109, Ack: 204525, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 2109 (relative sequence number) [Next sequence number: 2346 (relative sequence number)] Acknowledgement number: 204525 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x08f9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6554(200), #6555(237)] [Frame: 6554, payload: 0-199 (200 bytes)] [Frame: 6555, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6616 2012-06-20 08:39:32.035861 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6616: 1062 bytes on wire (8496 bits), 1062 bytes captured (8496 bits) Arrival Time: Jun 20, 2012 08:39:32.035861000 GMT Daylight Time Epoch Time: 1340177972.035861000 seconds [Time delta from previous captured frame: 0.000070000 seconds] [Time delta from previous displayed frame: 0.320882000 seconds] [Time since reference or first frame: 64.014075000 seconds] Frame Number: 6616 Frame Length: 1062 bytes (8496 bits) Capture Length: 1062 bytes (8496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1048 Identification: 0xddb3 (56755) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6719 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 254562, Ack: 2346, Len: 1008 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 254562 (relative sequence number) [Next sequence number: 255570 (relative sequence number)] Acknowledgement number: 2346 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 52 [Calculated window size: 26624] [Window size scaling factor: 512] Checksum: 0x344d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2388] TCP segment data (1008 bytes) [40 Reassembled TCP Segments (51045 bytes): #6558(1380), #6559(1380), #6561(1380), #6562(241), #6564(1380), #6565(1380), #6567(1380), #6568(1380), #6570(1380), #6571(1380), #6573(1380), #6574(1380), #6576(544), #6577(1380), #6579(1380), #65] [Frame: 6558, payload: 0-1379 (1380 bytes)] [Frame: 6559, payload: 1380-2759 (1380 bytes)] [Frame: 6561, payload: 2760-4139 (1380 bytes)] [Frame: 6562, payload: 4140-4380 (241 bytes)] [Frame: 6564, payload: 4381-5760 (1380 bytes)] [Frame: 6565, payload: 5761-7140 (1380 bytes)] [Frame: 6567, payload: 7141-8520 (1380 bytes)] [Frame: 6568, payload: 8521-9900 (1380 bytes)] [Frame: 6570, payload: 9901-11280 (1380 bytes)] [Frame: 6571, payload: 11281-12660 (1380 bytes)] [Frame: 6573, payload: 12661-14040 (1380 bytes)] [Frame: 6574, payload: 14041-15420 (1380 bytes)] [Frame: 6576, payload: 15421-15964 (544 bytes)] [Frame: 6577, payload: 15965-17344 (1380 bytes)] [Frame: 6579, payload: 17345-18724 (1380 bytes)] [Frame: 6580, payload: 18725-20104 (1380 bytes)] [Frame: 6582, payload: 20105-21484 (1380 bytes)] [Frame: 6583, payload: 21485-22864 (1380 bytes)] [Frame: 6585, payload: 22865-24244 (1380 bytes)] [Frame: 6586, payload: 24245-25624 (1380 bytes)] [Frame: 6588, payload: 25625-27004 (1380 bytes)] [Frame: 6589, payload: 27005-28384 (1380 bytes)] [Frame: 6591, payload: 28385-28996 (612 bytes)] [Frame: 6592, payload: 28997-30376 (1380 bytes)] [Frame: 6594, payload: 30377-31756 (1380 bytes)] [Frame: 6595, payload: 31757-33136 (1380 bytes)] [Frame: 6597, payload: 33137-34516 (1380 bytes)] [Frame: 6598, payload: 34517-35896 (1380 bytes)] [Frame: 6600, payload: 35897-36236 (340 bytes)] [Frame: 6601, payload: 36237-37616 (1380 bytes)] [Frame: 6603, payload: 37617-38996 (1380 bytes)] [Frame: 6604, payload: 38997-40376 (1380 bytes)] [Frame: 6606, payload: 40377-41756 (1380 bytes)] [Frame: 6607, payload: 41757-43136 (1380 bytes)] [Frame: 6609, payload: 43137-44516 (1380 bytes)] [Frame: 6610, payload: 44517-45896 (1380 bytes)] [Frame: 6612, payload: 45897-47276 (1380 bytes)] [Frame: 6613, payload: 47277-48656 (1380 bytes)] [Frame: 6615, payload: 48657-50036 (1380 bytes)] [Frame: 6616, payload: 50037-51044 (1008 bytes)] [Segment count: 40] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6619 2012-06-20 08:39:32.036173 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6619: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:32.036173000 GMT Daylight Time Epoch Time: 1340177972.036173000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000312000 seconds] [Time since reference or first frame: 64.014387000 seconds] Frame Number: 6619 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2ace (10958) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd101 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 2546, Ack: 255570, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 2546 (relative sequence number) [Next sequence number: 2783 (relative sequence number)] Acknowledgement number: 255570 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0x3fde [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6618(200), #6619(237)] [Frame: 6618, payload: 0-199 (200 bytes)] [Frame: 6619, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6683 2012-06-20 08:39:32.336154 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6683: 1198 bytes on wire (9584 bits), 1198 bytes captured (9584 bits) Arrival Time: Jun 20, 2012 08:39:32.336154000 GMT Daylight Time Epoch Time: 1340177972.336154000 seconds [Time delta from previous captured frame: 0.000091000 seconds] [Time delta from previous displayed frame: 0.299981000 seconds] [Time since reference or first frame: 64.314368000 seconds] Frame Number: 6683 Frame Length: 1198 bytes (9584 bits) Capture Length: 1198 bytes (9584 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1184 Identification: 0xdddc (56796) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6668 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 305471, Ack: 2783, Len: 1144 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 305471 (relative sequence number) [Next sequence number: 306615 (relative sequence number)] Acknowledgement number: 2783 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 56 [Calculated window size: 28672] [Window size scaling factor: 512] Checksum: 0xb170 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 2524] TCP segment data (1144 bytes) [40 Reassembled TCP Segments (51045 bytes): #6625(1380), #6626(1380), #6628(1380), #6629(1380), #6631(1380), #6632(1380), #6634(1380), #6635(1380), #6637(1380), #6638(1380), #6640(717), #6641(1380), #6643(68), #6644(1380), #6646(1380), #664] [Frame: 6625, payload: 0-1379 (1380 bytes)] [Frame: 6626, payload: 1380-2759 (1380 bytes)] [Frame: 6628, payload: 2760-4139 (1380 bytes)] [Frame: 6629, payload: 4140-5519 (1380 bytes)] [Frame: 6631, payload: 5520-6899 (1380 bytes)] [Frame: 6632, payload: 6900-8279 (1380 bytes)] [Frame: 6634, payload: 8280-9659 (1380 bytes)] [Frame: 6635, payload: 9660-11039 (1380 bytes)] [Frame: 6637, payload: 11040-12419 (1380 bytes)] [Frame: 6638, payload: 12420-13799 (1380 bytes)] [Frame: 6640, payload: 13800-14516 (717 bytes)] [Frame: 6641, payload: 14517-15896 (1380 bytes)] [Frame: 6643, payload: 15897-15964 (68 bytes)] [Frame: 6644, payload: 15965-17344 (1380 bytes)] [Frame: 6646, payload: 17345-18724 (1380 bytes)] [Frame: 6647, payload: 18725-20104 (1380 bytes)] [Frame: 6649, payload: 20105-21484 (1380 bytes)] [Frame: 6650, payload: 21485-22864 (1380 bytes)] [Frame: 6652, payload: 22865-24244 (1380 bytes)] [Frame: 6653, payload: 24245-25624 (1380 bytes)] [Frame: 6655, payload: 25625-27004 (1380 bytes)] [Frame: 6656, payload: 27005-28384 (1380 bytes)] [Frame: 6658, payload: 28385-28996 (612 bytes)] [Frame: 6659, payload: 28997-30376 (1380 bytes)] [Frame: 6661, payload: 30377-31756 (1380 bytes)] [Frame: 6662, payload: 31757-33136 (1380 bytes)] [Frame: 6664, payload: 33137-33340 (204 bytes)] [Frame: 6665, payload: 33341-34720 (1380 bytes)] [Frame: 6667, payload: 34721-36100 (1380 bytes)] [Frame: 6668, payload: 36101-37480 (1380 bytes)] [Frame: 6670, payload: 37481-38860 (1380 bytes)] [Frame: 6671, payload: 38861-40240 (1380 bytes)] [Frame: 6673, payload: 40241-41620 (1380 bytes)] [Frame: 6674, payload: 41621-43000 (1380 bytes)] [Frame: 6676, payload: 43001-44380 (1380 bytes)] [Frame: 6677, payload: 44381-45760 (1380 bytes)] [Frame: 6679, payload: 45761-47140 (1380 bytes)] [Frame: 6680, payload: 47141-48520 (1380 bytes)] [Frame: 6682, payload: 48521-49900 (1380 bytes)] [Frame: 6683, payload: 49901-51044 (1144 bytes)] [Segment count: 40] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6685 2012-06-20 08:39:32.336515 172.28.13.6 76.74.248.166 HTTP GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6685: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits) Arrival Time: Jun 20, 2012 08:39:32.336515000 GMT Daylight Time Epoch Time: 1340177972.336515000 seconds [Time delta from previous captured frame: 0.000339000 seconds] [Time delta from previous displayed frame: 0.000361000 seconds] [Time since reference or first frame: 64.314729000 seconds] Frame Number: 6685 Frame Length: 210 bytes (1680 bits) Capture Length: 210 bytes (1680 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 196 Identification: 0x2ae3 (10979) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd13d [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 2783, Ack: 306615, Len: 156 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 2783 (relative sequence number) [Next sequence number: 2939 (relative sequence number)] Acknowledgement number: 306615 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 258 [Calculated window size: 66048] [Window size scaling factor: 256] Checksum: 0xdeec [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 156] Hypertext Transfer Protocol GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: GET Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Accept-Encoding: gzip\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] No. Time Source Destination Protocol Info 6748 2012-06-20 08:39:32.607851 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6748: 147 bytes on wire (1176 bits), 147 bytes captured (1176 bits) Arrival Time: Jun 20, 2012 08:39:32.607851000 GMT Daylight Time Epoch Time: 1340177972.607851000 seconds [Time delta from previous captured frame: 0.000055000 seconds] [Time delta from previous displayed frame: 0.271336000 seconds] [Time since reference or first frame: 64.586065000 seconds] Frame Number: 6748 Frame Length: 147 bytes (1176 bits) Capture Length: 147 bytes (1176 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 133 Identification: 0xde06 (56838) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x6a59 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 357571, Ack: 2939, Len: 93 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 357571 (relative sequence number) [Next sequence number: 357664 (relative sequence number)] Acknowledgement number: 2939 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 58 [Calculated window size: 29696] [Window size scaling factor: 512] Checksum: 0x35ef [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1473] TCP segment data (93 bytes) [42 Reassembled TCP Segments (51049 bytes): #6686(1380), #6687(1380), #6689(1380), #6690(1380), #6692(1380), #6693(684), #6695(1380), #6696(1380), #6698(1380), #6699(1380), #6701(1380), #6702(1380), #6704(408), #6705(1380), #6707(1380), #67] [Frame: 6686, payload: 0-1379 (1380 bytes)] [Frame: 6687, payload: 1380-2759 (1380 bytes)] [Frame: 6689, payload: 2760-4139 (1380 bytes)] [Frame: 6690, payload: 4140-5519 (1380 bytes)] [Frame: 6692, payload: 5520-6899 (1380 bytes)] [Frame: 6693, payload: 6900-7583 (684 bytes)] [Frame: 6695, payload: 7584-8963 (1380 bytes)] [Frame: 6696, payload: 8964-10343 (1380 bytes)] [Frame: 6698, payload: 10344-11723 (1380 bytes)] [Frame: 6699, payload: 11724-13103 (1380 bytes)] [Frame: 6701, payload: 13104-14483 (1380 bytes)] [Frame: 6702, payload: 14484-15863 (1380 bytes)] [Frame: 6704, payload: 15864-16271 (408 bytes)] [Frame: 6705, payload: 16272-17651 (1380 bytes)] [Frame: 6707, payload: 17652-19031 (1380 bytes)] [Frame: 6708, payload: 19032-20411 (1380 bytes)] [Frame: 6710, payload: 20412-20615 (204 bytes)] [Frame: 6711, payload: 20616-21995 (1380 bytes)] [Frame: 6713, payload: 21996-23375 (1380 bytes)] [Frame: 6714, payload: 23376-24755 (1380 bytes)] [Frame: 6716, payload: 24756-26135 (1380 bytes)] [Frame: 6717, payload: 26136-27515 (1380 bytes)] [Frame: 6719, payload: 27516-28895 (1380 bytes)] [Frame: 6720, payload: 28896-30275 (1380 bytes)] [Frame: 6722, payload: 30276-31655 (1380 bytes)] [Frame: 6723, payload: 31656-33035 (1380 bytes)] [Frame: 6725, payload: 33036-33647 (612 bytes)] [Frame: 6726, payload: 33648-35027 (1380 bytes)] [Frame: 6728, payload: 35028-35095 (68 bytes)] [Frame: 6729, payload: 35096-36475 (1380 bytes)] [Frame: 6731, payload: 36476-37855 (1380 bytes)] [Frame: 6732, payload: 37856-39235 (1380 bytes)] [Frame: 6734, payload: 39236-40615 (1380 bytes)] [Frame: 6735, payload: 40616-41995 (1380 bytes)] [Frame: 6737, payload: 41996-43375 (1380 bytes)] [Frame: 6738, payload: 43376-44755 (1380 bytes)] [Frame: 6740, payload: 44756-46135 (1380 bytes)] [Frame: 6741, payload: 46136-47515 (1380 bytes)] [Frame: 6743, payload: 47516-48895 (1380 bytes)] [Frame: 6744, payload: 48896-49575 (680 bytes)] [Frame: 6747, payload: 49576-50955 (1380 bytes)] [Frame: 6748, payload: 50956-51048 (93 bytes)] [Segment count: 42] [Reassembled TCP length: 51049] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n X-nc: HIT sat 86\r\n Accept-Ranges: bytes\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6751 2012-06-20 08:39:32.608301 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6751: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:32.608301000 GMT Daylight Time Epoch Time: 1340177972.608301000 seconds [Time delta from previous captured frame: 0.000064000 seconds] [Time delta from previous displayed frame: 0.000450000 seconds] [Time since reference or first frame: 64.586515000 seconds] Frame Number: 6751 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2afa (11002) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd0d5 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 3139, Ack: 357664, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 3139 (relative sequence number) [Next sequence number: 3376 (relative sequence number)] Acknowledgement number: 357664 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 11999 [Calculated window size: 3071744] [Window size scaling factor: 256] Checksum: 0x80e0 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6750(200), #6751(237)] [Frame: 6750, payload: 0-199 (200 bytes)] [Frame: 6751, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6813 2012-06-20 08:39:32.916509 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6813: 1062 bytes on wire (8496 bits), 1062 bytes captured (8496 bits) Arrival Time: Jun 20, 2012 08:39:32.916509000 GMT Daylight Time Epoch Time: 1340177972.916509000 seconds [Time delta from previous captured frame: 0.000098000 seconds] [Time delta from previous displayed frame: 0.308208000 seconds] [Time since reference or first frame: 64.894723000 seconds] Frame Number: 6813 Frame Length: 1062 bytes (8496 bits) Capture Length: 1062 bytes (8496 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 1048 Identification: 0xde30 (56880) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x669c [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 407701, Ack: 3376, Len: 1008 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 407701 (relative sequence number) [Next sequence number: 408709 (relative sequence number)] Acknowledgement number: 3376 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63 [Calculated window size: 32256] [Window size scaling factor: 512] Checksum: 0xda06 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1008] TCP segment data (1008 bytes) [41 Reassembled TCP Segments (51045 bytes): #6753(1380), #6754(1380), #6756(1380), #6757(1380), #6759(1380), #6760(1380), #6762(445), #6763(1380), #6765(1380), #6766(1380), #6768(1380), #6769(272), #6771(1380), #6772(1380), #6774(1380), #67] [Frame: 6753, payload: 0-1379 (1380 bytes)] [Frame: 6754, payload: 1380-2759 (1380 bytes)] [Frame: 6756, payload: 2760-4139 (1380 bytes)] [Frame: 6757, payload: 4140-5519 (1380 bytes)] [Frame: 6759, payload: 5520-6899 (1380 bytes)] [Frame: 6760, payload: 6900-8279 (1380 bytes)] [Frame: 6762, payload: 8280-8724 (445 bytes)] [Frame: 6763, payload: 8725-10104 (1380 bytes)] [Frame: 6765, payload: 10105-11484 (1380 bytes)] [Frame: 6766, payload: 11485-12864 (1380 bytes)] [Frame: 6768, payload: 12865-14244 (1380 bytes)] [Frame: 6769, payload: 14245-14516 (272 bytes)] [Frame: 6771, payload: 14517-15896 (1380 bytes)] [Frame: 6772, payload: 15897-17276 (1380 bytes)] [Frame: 6774, payload: 17277-18656 (1380 bytes)] [Frame: 6775, payload: 18657-20036 (1380 bytes)] [Frame: 6777, payload: 20037-21416 (1380 bytes)] [Frame: 6778, payload: 21417-21756 (340 bytes)] [Frame: 6780, payload: 21757-23136 (1380 bytes)] [Frame: 6781, payload: 23137-24516 (1380 bytes)] [Frame: 6783, payload: 24517-25896 (1380 bytes)] [Frame: 6784, payload: 25897-27276 (1380 bytes)] [Frame: 6786, payload: 27277-28656 (1380 bytes)] [Frame: 6787, payload: 28657-28996 (340 bytes)] [Frame: 6789, payload: 28997-30376 (1380 bytes)] [Frame: 6790, payload: 30377-31756 (1380 bytes)] [Frame: 6792, payload: 31757-33136 (1380 bytes)] [Frame: 6793, payload: 33137-34516 (1380 bytes)] [Frame: 6795, payload: 34517-35896 (1380 bytes)] [Frame: 6796, payload: 35897-36236 (340 bytes)] [Frame: 6798, payload: 36237-37616 (1380 bytes)] [Frame: 6799, payload: 37617-38996 (1380 bytes)] [Frame: 6801, payload: 38997-40376 (1380 bytes)] [Frame: 6802, payload: 40377-41756 (1380 bytes)] [Frame: 6804, payload: 41757-43136 (1380 bytes)] [Frame: 6805, payload: 43137-44516 (1380 bytes)] [Frame: 6807, payload: 44517-45896 (1380 bytes)] [Frame: 6808, payload: 45897-47276 (1380 bytes)] [Frame: 6810, payload: 47277-48656 (1380 bytes)] [Frame: 6811, payload: 48657-50036 (1380 bytes)] [Frame: 6813, payload: 50037-51044 (1008 bytes)] [Segment count: 41] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6815 2012-06-20 08:39:32.916817 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6815: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:32.916817000 GMT Daylight Time Epoch Time: 1340177972.916817000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000308000 seconds] [Time since reference or first frame: 64.895031000 seconds] Frame Number: 6815 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2b10 (11024) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd0bf [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 3576, Ack: 408709, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 3576 (relative sequence number) [Next sequence number: 3813 (relative sequence number)] Acknowledgement number: 408709 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 11995 [Calculated window size: 3070720] [Window size scaling factor: 256] Checksum: 0xb7c9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6814(200), #6815(237)] [Frame: 6814, payload: 0-199 (200 bytes)] [Frame: 6815, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6885 2012-06-20 08:39:33.391399 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6885: 450 bytes on wire (3600 bits), 450 bytes captured (3600 bits) Arrival Time: Jun 20, 2012 08:39:33.391399000 GMT Daylight Time Epoch Time: 1340177973.391399000 seconds [Time delta from previous captured frame: 0.000050000 seconds] [Time delta from previous displayed frame: 0.474582000 seconds] [Time since reference or first frame: 65.369613000 seconds] Frame Number: 6885 Frame Length: 450 bytes (3600 bits) Capture Length: 450 bytes (3600 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 436 Identification: 0xde5b (56923) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x68d5 [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 459358, Ack: 3813, Len: 396 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 459358 (relative sequence number) [Next sequence number: 459754 (relative sequence number)] Acknowledgement number: 3813 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 67 [Calculated window size: 34304] [Window size scaling factor: 512] Checksum: 0x0643 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 1776] TCP segment data (396 bytes) [42 Reassembled TCP Segments (51045 bytes): #6821(1380), #6822(1380), #6825(1380), #6826(1380), #6828(1380), #6829(377), #6831(1380), #6832(1380), #6834(1380), #6835(1380), #6837(1380), #6838(340), #6840(1380), #6841(1380), #6843(1380), #68] [Frame: 6821, payload: 0-1379 (1380 bytes)] [Frame: 6822, payload: 1380-2759 (1380 bytes)] [Frame: 6825, payload: 2760-4139 (1380 bytes)] [Frame: 6826, payload: 4140-5519 (1380 bytes)] [Frame: 6828, payload: 5520-6899 (1380 bytes)] [Frame: 6829, payload: 6900-7276 (377 bytes)] [Frame: 6831, payload: 7277-8656 (1380 bytes)] [Frame: 6832, payload: 8657-10036 (1380 bytes)] [Frame: 6834, payload: 10037-11416 (1380 bytes)] [Frame: 6835, payload: 11417-12796 (1380 bytes)] [Frame: 6837, payload: 12797-14176 (1380 bytes)] [Frame: 6838, payload: 14177-14516 (340 bytes)] [Frame: 6840, payload: 14517-15896 (1380 bytes)] [Frame: 6841, payload: 15897-17276 (1380 bytes)] [Frame: 6843, payload: 17277-18656 (1380 bytes)] [Frame: 6844, payload: 18657-20036 (1380 bytes)] [Frame: 6846, payload: 20037-21416 (1380 bytes)] [Frame: 6847, payload: 21417-22796 (1380 bytes)] [Frame: 6849, payload: 22797-24176 (1380 bytes)] [Frame: 6850, payload: 24177-25556 (1380 bytes)] [Frame: 6852, payload: 25557-26100 (544 bytes)] [Frame: 6853, payload: 26101-27480 (1380 bytes)] [Frame: 6855, payload: 27481-28860 (1380 bytes)] [Frame: 6856, payload: 28861-30240 (1380 bytes)] [Frame: 6858, payload: 30241-31620 (1380 bytes)] [Frame: 6859, payload: 31621-33000 (1380 bytes)] [Frame: 6861, payload: 33001-34380 (1380 bytes)] [Frame: 6862, payload: 34381-35760 (1380 bytes)] [Frame: 6864, payload: 35761-37140 (1380 bytes)] [Frame: 6865, payload: 37141-38520 (1380 bytes)] [Frame: 6867, payload: 38521-39900 (1380 bytes)] [Frame: 6868, payload: 39901-40580 (680 bytes)] [Frame: 6870, payload: 40581-41960 (1380 bytes)] [Frame: 6871, payload: 41961-43340 (1380 bytes)] [Frame: 6873, payload: 43341-43476 (136 bytes)] [Frame: 6874, payload: 43477-44856 (1380 bytes)] [Frame: 6876, payload: 44857-46236 (1380 bytes)] [Frame: 6877, payload: 46237-47616 (1380 bytes)] [Frame: 6879, payload: 47617-48996 (1380 bytes)] [Frame: 6880, payload: 48997-49268 (272 bytes)] [Frame: 6884, payload: 49269-50648 (1380 bytes)] [Frame: 6885, payload: 50649-51044 (396 bytes)] [Segment count: 42] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:14 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:14 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented) No. Time Source Destination Protocol Info 6888 2012-06-20 08:39:33.391740 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1 Frame 6888: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits) Arrival Time: Jun 20, 2012 08:39:33.391740000 GMT Daylight Time Epoch Time: 1340177973.391740000 seconds [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000341000 seconds] [Time since reference or first frame: 65.369954000 seconds] Frame Number: 6888 Frame Length: 291 bytes (2328 bits) Capture Length: 291 bytes (2328 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 277 Identification: 0x2b27 (11047) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xd0a8 [correct] [Good: True] [Bad: False] Source: 172.28.13.6 (172.28.13.6) Destination: 76.74.248.166 (76.74.248.166) Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 4013, Ack: 459754, Len: 237 Source port: ipass (2549) Destination port: http (80) [Stream index: 59] Sequence number: 4013 (relative sequence number) [Next sequence number: 4250 (relative sequence number)] Acknowledgement number: 459754 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 23821 [Calculated window size: 6098176] [Window size scaling factor: 256] Checksum: 0xc07c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 437] TCP segment data (237 bytes) [2 Reassembled TCP Segments (437 bytes): #6887(200), #6888(237)] [Frame: 6887, payload: 0-199 (200 bytes)] [Frame: 6888, payload: 200-436 (237 bytes)] [Segment count: 2] [Reassembled TCP length: 437] Hypertext Transfer Protocol PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n [Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: PROPFIND Request URI: /2009/11/img_01211.jpg?w=441&h=640 Request Version: HTTP/1.1 Connection: TE\r\n TE: trailers\r\n Host: yaytay.files.wordpress.com\r\n Depth: 0\r\n Content-Length: 237\r\n [Content length: 237] Content-Type: application/xml\r\n Pragma: no-cache\r\n \r\n [Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640] eXtensible Markup Language No. Time Source Destination Protocol Info 6952 2012-06-20 08:39:33.720160 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image) Frame 6952: 722 bytes on wire (5776 bits), 722 bytes captured (5776 bits) Arrival Time: Jun 20, 2012 08:39:33.720160000 GMT Daylight Time Epoch Time: 1340177973.720160000 seconds [Time delta from previous captured frame: 0.000034000 seconds] [Time delta from previous displayed frame: 0.328420000 seconds] [Time since reference or first frame: 65.698374000 seconds] Frame Number: 6952 Frame Length: 722 bytes (5776 bits) Capture Length: 722 bytes (5776 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:image-jfif] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0) Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0) Address: Dell_02:80:b0 (a4:ba:db:02:80:b0) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 708 Identification: 0xde85 (56965) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 52 Protocol: TCP (6) Header checksum: 0x679b [correct] [Good: True] [Bad: False] Source: 76.74.248.166 (76.74.248.166) Destination: 172.28.13.6 (172.28.13.6) Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 510131, Ack: 4250, Len: 668 Source port: http (80) Destination port: ipass (2549) [Stream index: 59] Sequence number: 510131 (relative sequence number) [Next sequence number: 510799 (relative sequence number)] Acknowledgement number: 4250 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 71 [Calculated window size: 36352] [Window size scaling factor: 512] Checksum: 0xa8eb [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 668] TCP segment data (668 bytes) [41 Reassembled TCP Segments (51045 bytes): #6891(1380), #6892(1380), #6894(1380), #6895(1380), #6897(309), #6898(1380), #6900(1380), #6901(1380), #6903(1380), #6904(1380), #6906(1380), #6907(408), #6910(1380), #6911(1380), #6913(136), #691] [Frame: 6891, payload: 0-1379 (1380 bytes)] [Frame: 6892, payload: 1380-2759 (1380 bytes)] [Frame: 6894, payload: 2760-4139 (1380 bytes)] [Frame: 6895, payload: 4140-5519 (1380 bytes)] [Frame: 6897, payload: 5520-5828 (309 bytes)] [Frame: 6898, payload: 5829-7208 (1380 bytes)] [Frame: 6900, payload: 7209-8588 (1380 bytes)] [Frame: 6901, payload: 8589-9968 (1380 bytes)] [Frame: 6903, payload: 9969-11348 (1380 bytes)] [Frame: 6904, payload: 11349-12728 (1380 bytes)] [Frame: 6906, payload: 12729-14108 (1380 bytes)] [Frame: 6907, payload: 14109-14516 (408 bytes)] [Frame: 6910, payload: 14517-15896 (1380 bytes)] [Frame: 6911, payload: 15897-17276 (1380 bytes)] [Frame: 6913, payload: 17277-17412 (136 bytes)] [Frame: 6914, payload: 17413-18792 (1380 bytes)] [Frame: 6916, payload: 18793-20172 (1380 bytes)] [Frame: 6917, payload: 20173-21552 (1380 bytes)] [Frame: 6919, payload: 21553-22932 (1380 bytes)] [Frame: 6920, payload: 22933-24312 (1380 bytes)] [Frame: 6922, payload: 24313-25692 (1380 bytes)] [Frame: 6923, payload: 25693-27072 (1380 bytes)] [Frame: 6925, payload: 27073-28452 (1380 bytes)] [Frame: 6926, payload: 28453-28996 (544 bytes)] [Frame: 6928, payload: 28997-30376 (1380 bytes)] [Frame: 6929, payload: 30377-31756 (1380 bytes)] [Frame: 6931, payload: 31757-33136 (1380 bytes)] [Frame: 6932, payload: 33137-34516 (1380 bytes)] [Frame: 6934, payload: 34517-35896 (1380 bytes)] [Frame: 6935, payload: 35897-37276 (1380 bytes)] [Frame: 6937, payload: 37277-38656 (1380 bytes)] [Frame: 6938, payload: 38657-40036 (1380 bytes)] [Frame: 6940, payload: 40037-41416 (1380 bytes)] [Frame: 6941, payload: 41417-42796 (1380 bytes)] [Frame: 6943, payload: 42797-43476 (680 bytes)] [Frame: 6944, payload: 43477-44856 (1380 bytes)] [Frame: 6946, payload: 44857-46236 (1380 bytes)] [Frame: 6947, payload: 46237-47616 (1380 bytes)] [Frame: 6949, payload: 47617-48996 (1380 bytes)] [Frame: 6950, payload: 48997-50376 (1380 bytes)] [Frame: 6952, payload: 50377-51044 (668 bytes)] [Segment count: 41] [Reassembled TCP length: 51045] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Status Code: 200 Response Phrase: OK Server: nginx\r\n Date: Wed, 20 Jun 2012 07:41:14 GMT\r\n Content-Type: image/jpeg\r\n Connection: keep-alive\r\n Content-Length: 50705\r\n [Content length: 50705] Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n Expires: Thu, 20 Jun 2013 07:41:14 GMT\r\n X-hawt: very\r\n X-Orig-Src: 0_imageresize\r\n Accept-Ranges: bytes\r\n X-nc: sat 86\r\n Cache-Control: max-age=31536000\r\n \r\n JPEG File Interchange Format Marker: Start of Image (0xffd8) Marker segment: Reserved for application segments - 0 (0xFFE0) Marker: Reserved for application segments - 0 (0xffe0) Length: 16 Identifier: JFIF Version: 1.2 Major Version: 1 Minor Version: 2 Units: Dots per inch (1) Xdensity: 180 Ydensity: 180 Xthumbnail: 0 Ythumbnail: 0 Marker segment: Reserved for application segments - 1 (0xFFE1) Marker: Reserved for application segments - 1 (0xffe1) Length: 5727 Identifier: Exif Endianness: little endian Start offset of IFD starting from the TIFF header start: 8 bytes Number of fields in this IFD: 10 Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134 Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140 Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178 Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1 Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242 Offset to next IFD from start of TIFF header: 1076 bytes Number of fields in this IFD: 7 Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6 Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166 Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174 Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182 Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515 Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2 Offset to next IFD from start of TIFF header: 0 bytes Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Marker segment: Define quantization table(s) (0xFFDB) Marker: Define quantization table(s) (0xffdb) Length: 67 Remaining segment data (65 bytes) Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2) Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2) Length: 17 Sample Precision (bits): 8 Lines: 640 Samples per line: 441 Number of image components in frame: 3 Component identifier: 1 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 0 Component identifier: 2 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Component identifier: 3 0001 .... = Horizontal sampling factor: 1 .... 0001 = Vertical sampling factor: 1 Quantization table destination selector: 1 Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 27 Remaining segment data (25 bytes) Marker segment: Define Huffman table(s) (0xFFC4) Marker: Define Huffman table(s) (0xffc4) Length: 25 Remaining segment data (23 bytes) Start of Segment header: Start of Scan (0xFFDA) Marker: Start of Scan (0xffda) Length: 12 Number of image components in scan: 3 Scan component selector: 1 0000 .... = DC entropy coding table destination selector: 0 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 2 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Scan component selector: 3 0001 .... = DC entropy coding table destination selector: 1 .... 0000 = AC entropy coding table destination selector: 0 Start of spectral or predictor selection: 0 End of spectral selection: 0 0000 .... = Successive approximation bit position high: 0 .... 0001 = Successive approximation bit position low or point transform: 1 JFIF dissection stops here (dissection of a scan is not yet implemented)