No. Time Source Destination Protocol Info
143 2012-06-20 08:38:35.745457 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 143: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:35.745457000 GMT Daylight Time
Epoch Time: 1340177915.745457000 seconds
[Time delta from previous captured frame: 0.000131000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 7.723671000 seconds]
Frame Number: 143
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2297 (8855)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd938 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237
Source port: call-sig-trans (2517)
Destination port: http (80)
[Stream index: 8]
Sequence number: 227 (relative sequence number)
[Next sequence number: 464 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x5972 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 463]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (463 bytes): #142(226), #143(237)]
[Frame: 142, payload: 0-225 (226 bytes)]
[Frame: 143, payload: 226-462 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 463]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
203 2012-06-20 08:38:36.322966 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 203: 838 bytes on wire (6704 bits), 838 bytes captured (6704 bits)
Arrival Time: Jun 20, 2012 08:38:36.322966000 GMT Daylight Time
Epoch Time: 1340177916.322966000 seconds
[Time delta from previous captured frame: 0.000027000 seconds]
[Time delta from previous displayed frame: 0.577509000 seconds]
[Time since reference or first frame: 8.301180000 seconds]
Frame Number: 203
Frame Length: 838 bytes (6704 bits)
Capture Length: 838 bytes (6704 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 824
Identification: 0x0a27 (2599)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x3b86 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: call-sig-trans (2517), Seq: 50262, Ack: 464, Len: 784
Source port: http (80)
Destination port: call-sig-trans (2517)
[Stream index: 8]
Sequence number: 50262 (relative sequence number)
[Next sequence number: 51046 (relative sequence number)]
Acknowledgement number: 464 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xec07 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2164]
TCP segment data (784 bytes)
[38 Reassembled TCP Segments (51045 bytes): #147(1380), #148(1380), #150(1380), #151(1380), #153(1380), #154(1380), #156(1380), #157(1380), #159(581), #160(1380), #162(1380), #163(1380), #165(1380), #166(1380), #168(1380), #169(1380), #171(]
[Frame: 147, payload: 0-1379 (1380 bytes)]
[Frame: 148, payload: 1380-2759 (1380 bytes)]
[Frame: 150, payload: 2760-4139 (1380 bytes)]
[Frame: 151, payload: 4140-5519 (1380 bytes)]
[Frame: 153, payload: 5520-6899 (1380 bytes)]
[Frame: 154, payload: 6900-8279 (1380 bytes)]
[Frame: 156, payload: 8280-9659 (1380 bytes)]
[Frame: 157, payload: 9660-11039 (1380 bytes)]
[Frame: 159, payload: 11040-11620 (581 bytes)]
[Frame: 160, payload: 11621-13000 (1380 bytes)]
[Frame: 162, payload: 13001-14380 (1380 bytes)]
[Frame: 163, payload: 14381-15760 (1380 bytes)]
[Frame: 165, payload: 15761-17140 (1380 bytes)]
[Frame: 166, payload: 17141-18520 (1380 bytes)]
[Frame: 168, payload: 18521-19900 (1380 bytes)]
[Frame: 169, payload: 19901-21280 (1380 bytes)]
[Frame: 171, payload: 21281-22660 (1380 bytes)]
[Frame: 172, payload: 22661-24040 (1380 bytes)]
[Frame: 174, payload: 24041-25420 (1380 bytes)]
[Frame: 175, payload: 25421-26800 (1380 bytes)]
[Frame: 177, payload: 26801-28180 (1380 bytes)]
[Frame: 178, payload: 28181-29560 (1380 bytes)]
[Frame: 180, payload: 29561-30940 (1380 bytes)]
[Frame: 181, payload: 30941-32320 (1380 bytes)]
[Frame: 183, payload: 32321-33700 (1380 bytes)]
[Frame: 185, payload: 33701-35080 (1380 bytes)]
[Frame: 187, payload: 35081-36460 (1380 bytes)]
[Frame: 188, payload: 36461-37840 (1380 bytes)]
[Frame: 190, payload: 37841-39220 (1380 bytes)]
[Frame: 191, payload: 39221-40600 (1380 bytes)]
[Frame: 193, payload: 40601-41980 (1380 bytes)]
[Frame: 194, payload: 41981-43360 (1380 bytes)]
[Frame: 196, payload: 43361-44740 (1380 bytes)]
[Frame: 197, payload: 44741-46120 (1380 bytes)]
[Frame: 199, payload: 46121-47500 (1380 bytes)]
[Frame: 200, payload: 47501-48880 (1380 bytes)]
[Frame: 202, payload: 48881-50260 (1380 bytes)]
[Frame: 203, payload: 50261-51044 (784 bytes)]
[Segment count: 38]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:17 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:17 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
206 2012-06-20 08:38:36.323359 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 206: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:36.323359000 GMT Daylight Time
Epoch Time: 1340177916.323359000 seconds
[Time delta from previous captured frame: 0.000101000 seconds]
[Time delta from previous displayed frame: 0.000393000 seconds]
[Time since reference or first frame: 8.301573000 seconds]
Frame Number: 206
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x22ac (8876)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd923 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 664, Ack: 51046, Len: 237
Source port: call-sig-trans (2517)
Destination port: http (80)
[Stream index: 8]
Sequence number: 664 (relative sequence number)
[Next sequence number: 901 (relative sequence number)]
Acknowledgement number: 51046 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x9057 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #205(200), #206(237)]
[Frame: 205, payload: 0-199 (200 bytes)]
[Frame: 206, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
267 2012-06-20 08:38:36.755897 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 267: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits)
Arrival Time: Jun 20, 2012 08:38:36.755897000 GMT Daylight Time
Epoch Time: 1340177916.755897000 seconds
[Time delta from previous captured frame: 0.000005000 seconds]
[Time delta from previous displayed frame: 0.432538000 seconds]
[Time since reference or first frame: 8.734111000 seconds]
Frame Number: 267
Frame Length: 566 bytes (4528 bits)
Capture Length: 566 bytes (4528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 552
Identification: 0x0a51 (2641)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x3c6c [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: call-sig-trans (2517), Seq: 101579, Ack: 901, Len: 512
Source port: http (80)
Destination port: call-sig-trans (2517)
[Stream index: 8]
Sequence number: 101579 (relative sequence number)
[Next sequence number: 102091 (relative sequence number)]
Acknowledgement number: 901 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x9696 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1892]
TCP segment data (512 bytes)
[40 Reassembled TCP Segments (51045 bytes): #209(1380), #210(1380), #212(1380), #213(1380), #215(1380), #216(1380), #218(445), #219(1380), #221(1380), #222(1380), #224(1380), #225(272), #227(1380), #228(1380), #230(136), #231(1380), #233(13]
[Frame: 209, payload: 0-1379 (1380 bytes)]
[Frame: 210, payload: 1380-2759 (1380 bytes)]
[Frame: 212, payload: 2760-4139 (1380 bytes)]
[Frame: 213, payload: 4140-5519 (1380 bytes)]
[Frame: 215, payload: 5520-6899 (1380 bytes)]
[Frame: 216, payload: 6900-8279 (1380 bytes)]
[Frame: 218, payload: 8280-8724 (445 bytes)]
[Frame: 219, payload: 8725-10104 (1380 bytes)]
[Frame: 221, payload: 10105-11484 (1380 bytes)]
[Frame: 222, payload: 11485-12864 (1380 bytes)]
[Frame: 224, payload: 12865-14244 (1380 bytes)]
[Frame: 225, payload: 14245-14516 (272 bytes)]
[Frame: 227, payload: 14517-15896 (1380 bytes)]
[Frame: 228, payload: 15897-17276 (1380 bytes)]
[Frame: 230, payload: 17277-17412 (136 bytes)]
[Frame: 231, payload: 17413-18792 (1380 bytes)]
[Frame: 233, payload: 18793-20172 (1380 bytes)]
[Frame: 234, payload: 20173-21552 (1380 bytes)]
[Frame: 236, payload: 21553-22932 (1380 bytes)]
[Frame: 237, payload: 22933-24312 (1380 bytes)]
[Frame: 239, payload: 24313-25692 (1380 bytes)]
[Frame: 240, payload: 25693-27072 (1380 bytes)]
[Frame: 242, payload: 27073-28452 (1380 bytes)]
[Frame: 243, payload: 28453-29832 (1380 bytes)]
[Frame: 245, payload: 29833-31212 (1380 bytes)]
[Frame: 246, payload: 31213-32592 (1380 bytes)]
[Frame: 248, payload: 32593-33972 (1380 bytes)]
[Frame: 249, payload: 33973-35352 (1380 bytes)]
[Frame: 251, payload: 35353-36732 (1380 bytes)]
[Frame: 252, payload: 36733-38112 (1380 bytes)]
[Frame: 254, payload: 38113-39492 (1380 bytes)]
[Frame: 255, payload: 39493-40872 (1380 bytes)]
[Frame: 257, payload: 40873-42252 (1380 bytes)]
[Frame: 258, payload: 42253-43632 (1380 bytes)]
[Frame: 260, payload: 43633-45012 (1380 bytes)]
[Frame: 261, payload: 45013-46392 (1380 bytes)]
[Frame: 263, payload: 46393-47772 (1380 bytes)]
[Frame: 264, payload: 47773-49152 (1380 bytes)]
[Frame: 266, payload: 49153-50532 (1380 bytes)]
[Frame: 267, payload: 50533-51044 (512 bytes)]
[Segment count: 40]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:17 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:17 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
270 2012-06-20 08:38:36.756239 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 270: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:36.756239000 GMT Daylight Time
Epoch Time: 1340177916.756239000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.000342000 seconds]
[Time since reference or first frame: 8.734453000 seconds]
Frame Number: 270
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x22c2 (8898)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd90d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 1101, Ack: 102091, Len: 237
Source port: call-sig-trans (2517)
Destination port: http (80)
[Stream index: 8]
Sequence number: 1101 (relative sequence number)
[Next sequence number: 1338 (relative sequence number)]
Acknowledgement number: 102091 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc73c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #269(200), #270(237)]
[Frame: 269, payload: 0-199 (200 bytes)]
[Frame: 270, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
339 2012-06-20 08:38:37.190108 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 339: 1402 bytes on wire (11216 bits), 1402 bytes captured (11216 bits)
Arrival Time: Jun 20, 2012 08:38:37.190108000 GMT Daylight Time
Epoch Time: 1340177917.190108000 seconds
[Time delta from previous captured frame: 0.000107000 seconds]
[Time delta from previous displayed frame: 0.433869000 seconds]
[Time since reference or first frame: 9.168322000 seconds]
Frame Number: 339
Frame Length: 1402 bytes (11216 bits)
Capture Length: 1402 bytes (11216 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1388
Identification: 0x0a7c (2684)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x38fd [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: call-sig-trans (2517), Seq: 151788, Ack: 1338, Len: 1348
Source port: http (80)
Destination port: call-sig-trans (2517)
[Stream index: 8]
Sequence number: 151788 (relative sequence number)
[Next sequence number: 153136 (relative sequence number)]
Acknowledgement number: 1338 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x65a1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1348]
TCP segment data (1348 bytes)
[41 Reassembled TCP Segments (51045 bytes): #274(1380), #275(105), #277(1380), #278(68), #280(1380), #281(1380), #283(1380), #284(204), #286(1380), #287(1380), #289(1380), #290(1380), #292(1380), #293(340), #295(1380), #296(1380), #298(1380]
[Frame: 274, payload: 0-1379 (1380 bytes)]
[Frame: 275, payload: 1380-1484 (105 bytes)]
[Frame: 277, payload: 1485-2864 (1380 bytes)]
[Frame: 278, payload: 2865-2932 (68 bytes)]
[Frame: 280, payload: 2933-4312 (1380 bytes)]
[Frame: 281, payload: 4313-5692 (1380 bytes)]
[Frame: 283, payload: 5693-7072 (1380 bytes)]
[Frame: 284, payload: 7073-7276 (204 bytes)]
[Frame: 286, payload: 7277-8656 (1380 bytes)]
[Frame: 287, payload: 8657-10036 (1380 bytes)]
[Frame: 289, payload: 10037-11416 (1380 bytes)]
[Frame: 290, payload: 11417-12796 (1380 bytes)]
[Frame: 292, payload: 12797-14176 (1380 bytes)]
[Frame: 293, payload: 14177-14516 (340 bytes)]
[Frame: 295, payload: 14517-15896 (1380 bytes)]
[Frame: 296, payload: 15897-17276 (1380 bytes)]
[Frame: 298, payload: 17277-18656 (1380 bytes)]
[Frame: 299, payload: 18657-20036 (1380 bytes)]
[Frame: 301, payload: 20037-21416 (1380 bytes)]
[Frame: 302, payload: 21417-22796 (1380 bytes)]
[Frame: 304, payload: 22797-24176 (1380 bytes)]
[Frame: 305, payload: 24177-25556 (1380 bytes)]
[Frame: 307, payload: 25557-26936 (1380 bytes)]
[Frame: 308, payload: 26937-28316 (1380 bytes)]
[Frame: 310, payload: 28317-28996 (680 bytes)]
[Frame: 316, payload: 28997-30376 (1380 bytes)]
[Frame: 318, payload: 30377-31756 (1380 bytes)]
[Frame: 319, payload: 31757-33136 (1380 bytes)]
[Frame: 321, payload: 33137-34516 (1380 bytes)]
[Frame: 322, payload: 34517-35896 (1380 bytes)]
[Frame: 324, payload: 35897-37276 (1380 bytes)]
[Frame: 325, payload: 37277-38656 (1380 bytes)]
[Frame: 327, payload: 38657-40036 (1380 bytes)]
[Frame: 328, payload: 40037-41416 (1380 bytes)]
[Frame: 330, payload: 41417-42796 (1380 bytes)]
[Frame: 331, payload: 42797-44176 (1380 bytes)]
[Frame: 333, payload: 44177-45556 (1380 bytes)]
[Frame: 334, payload: 45557-46936 (1380 bytes)]
[Frame: 336, payload: 46937-48316 (1380 bytes)]
[Frame: 337, payload: 48317-49696 (1380 bytes)]
[Frame: 339, payload: 49697-51044 (1348 bytes)]
[Segment count: 41]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:18 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:18 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
340 2012-06-20 08:38:37.190417 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 340: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Arrival Time: Jun 20, 2012 08:38:37.190417000 GMT Daylight Time
Epoch Time: 1340177917.190417000 seconds
[Time delta from previous captured frame: 0.000309000 seconds]
[Time delta from previous displayed frame: 0.000309000 seconds]
[Time since reference or first frame: 9.168631000 seconds]
Frame Number: 340
Frame Length: 188 bytes (1504 bits)
Capture Length: 188 bytes (1504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 174
Identification: 0x22d7 (8919)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd95f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: call-sig-trans (2517), Dst Port: http (80), Seq: 1338, Ack: 153136, Len: 134
Source port: call-sig-trans (2517)
Destination port: http (80)
[Stream index: 8]
Sequence number: 1338 (relative sequence number)
[Next sequence number: 1472 (relative sequence number)]
Acknowledgement number: 153136 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0x5120 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 339]
[The RTT to ACK the segment was: 0.000309000 seconds]
[Bytes in flight: 134]
Hypertext Transfer Protocol
HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
No. Time Source Destination Protocol Info
359 2012-06-20 08:38:37.468853 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 359: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:37.468853000 GMT Daylight Time
Epoch Time: 1340177917.468853000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.278436000 seconds]
[Time since reference or first frame: 9.447067000 seconds]
Frame Number: 359
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x22dd (8925)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd8f2 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: willy (2518)
Destination port: http (80)
[Stream index: 9]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xe881 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #358(225), #359(237)]
[Frame: 358, payload: 0-224 (225 bytes)]
[Frame: 359, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
423 2012-06-20 08:38:38.061220 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 423: 536 bytes on wire (4288 bits), 536 bytes captured (4288 bits)
Arrival Time: Jun 20, 2012 08:38:38.061220000 GMT Daylight Time
Epoch Time: 1340177918.061220000 seconds
[Time delta from previous captured frame: 0.000024000 seconds]
[Time delta from previous displayed frame: 0.592367000 seconds]
[Time since reference or first frame: 10.039434000 seconds]
Frame Number: 423
Frame Length: 536 bytes (4288 bits)
Capture Length: 536 bytes (4288 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 522
Identification: 0xb883 (47235)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x8e57 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: willy (2518), Seq: 49922, Ack: 463, Len: 482
Source port: http (80)
Destination port: willy (2518)
[Stream index: 9]
Sequence number: 49922 (relative sequence number)
[Next sequence number: 50404 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x4b62 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1862]
TCP segment data (482 bytes)
[38 Reassembled TCP Segments (50403 bytes): #365(1380), #366(1380), #368(1380), #369(241), #371(1380), #372(1380), #374(1380), #375(1380), #377(1380), #378(1380), #383(1380), #384(1380), #386(1380), #387(1380), #389(1380), #390(1380), #392(]
[Frame: 365, payload: 0-1379 (1380 bytes)]
[Frame: 366, payload: 1380-2759 (1380 bytes)]
[Frame: 368, payload: 2760-4139 (1380 bytes)]
[Frame: 369, payload: 4140-4380 (241 bytes)]
[Frame: 371, payload: 4381-5760 (1380 bytes)]
[Frame: 372, payload: 5761-7140 (1380 bytes)]
[Frame: 374, payload: 7141-8520 (1380 bytes)]
[Frame: 375, payload: 8521-9900 (1380 bytes)]
[Frame: 377, payload: 9901-11280 (1380 bytes)]
[Frame: 378, payload: 11281-12660 (1380 bytes)]
[Frame: 383, payload: 12661-14040 (1380 bytes)]
[Frame: 384, payload: 14041-15420 (1380 bytes)]
[Frame: 386, payload: 15421-16800 (1380 bytes)]
[Frame: 387, payload: 16801-18180 (1380 bytes)]
[Frame: 389, payload: 18181-19560 (1380 bytes)]
[Frame: 390, payload: 19561-20940 (1380 bytes)]
[Frame: 392, payload: 20941-22320 (1380 bytes)]
[Frame: 393, payload: 22321-23700 (1380 bytes)]
[Frame: 395, payload: 23701-25080 (1380 bytes)]
[Frame: 396, payload: 25081-26460 (1380 bytes)]
[Frame: 398, payload: 26461-27840 (1380 bytes)]
[Frame: 399, payload: 27841-29220 (1380 bytes)]
[Frame: 401, payload: 29221-30600 (1380 bytes)]
[Frame: 402, payload: 30601-31980 (1380 bytes)]
[Frame: 404, payload: 31981-33360 (1380 bytes)]
[Frame: 405, payload: 33361-34740 (1380 bytes)]
[Frame: 407, payload: 34741-36120 (1380 bytes)]
[Frame: 408, payload: 36121-37500 (1380 bytes)]
[Frame: 410, payload: 37501-38880 (1380 bytes)]
[Frame: 411, payload: 38881-40260 (1380 bytes)]
[Frame: 413, payload: 40261-41640 (1380 bytes)]
[Frame: 414, payload: 41641-43020 (1380 bytes)]
[Frame: 416, payload: 43021-44400 (1380 bytes)]
[Frame: 417, payload: 44401-45780 (1380 bytes)]
[Frame: 419, payload: 45781-47160 (1380 bytes)]
[Frame: 420, payload: 47161-48540 (1380 bytes)]
[Frame: 422, payload: 48541-49920 (1380 bytes)]
[Frame: 423, payload: 49921-50402 (482 bytes)]
[Segment count: 38]
[Reassembled TCP length: 50403]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:18 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50063\r\n
[Content length: 50063]
Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:18 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 87\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5629
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 424
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 24
Remaining segment data (22 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
426 2012-06-20 08:38:38.061524 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 426: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:38.061524000 GMT Daylight Time
Epoch Time: 1340177918.061524000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.000304000 seconds]
[Time since reference or first frame: 10.039738000 seconds]
Frame Number: 426
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x22f2 (8946)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd8dd [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 662, Ack: 50404, Len: 237
Source port: willy (2518)
Destination port: http (80)
[Stream index: 9]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 50404 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x21ea [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #425(199), #426(237)]
[Frame: 425, payload: 0-198 (199 bytes)]
[Frame: 426, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
488 2012-06-20 08:38:38.502166 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 488: 1100 bytes on wire (8800 bits), 1100 bytes captured (8800 bits)
Arrival Time: Jun 20, 2012 08:38:38.502166000 GMT Daylight Time
Epoch Time: 1340177918.502166000 seconds
[Time delta from previous captured frame: 0.000080000 seconds]
[Time delta from previous displayed frame: 0.440642000 seconds]
[Time since reference or first frame: 10.480380000 seconds]
Frame Number: 488
Frame Length: 1100 bytes (8800 bits)
Capture Length: 1100 bytes (8800 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1086
Identification: 0xb8ab (47275)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x8bfb [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: willy (2518), Seq: 99761, Ack: 899, Len: 1046
Source port: http (80)
Destination port: willy (2518)
[Stream index: 9]
Sequence number: 99761 (relative sequence number)
[Next sequence number: 100807 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x6905 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2426]
TCP segment data (1046 bytes)
[38 Reassembled TCP Segments (50403 bytes): #430(1380), #431(1380), #433(1380), #434(1380), #436(309), #437(1380), #439(1380), #440(1380), #442(1380), #443(1380), #445(1380), #446(1380), #448(1380), #449(1380), #451(1380), #452(1380), #454(]
[Frame: 430, payload: 0-1379 (1380 bytes)]
[Frame: 431, payload: 1380-2759 (1380 bytes)]
[Frame: 433, payload: 2760-4139 (1380 bytes)]
[Frame: 434, payload: 4140-5519 (1380 bytes)]
[Frame: 436, payload: 5520-5828 (309 bytes)]
[Frame: 437, payload: 5829-7208 (1380 bytes)]
[Frame: 439, payload: 7209-8588 (1380 bytes)]
[Frame: 440, payload: 8589-9968 (1380 bytes)]
[Frame: 442, payload: 9969-11348 (1380 bytes)]
[Frame: 443, payload: 11349-12728 (1380 bytes)]
[Frame: 445, payload: 12729-14108 (1380 bytes)]
[Frame: 446, payload: 14109-15488 (1380 bytes)]
[Frame: 448, payload: 15489-16868 (1380 bytes)]
[Frame: 449, payload: 16869-18248 (1380 bytes)]
[Frame: 451, payload: 18249-19628 (1380 bytes)]
[Frame: 452, payload: 19629-21008 (1380 bytes)]
[Frame: 454, payload: 21009-21756 (748 bytes)]
[Frame: 458, payload: 21757-23136 (1380 bytes)]
[Frame: 460, payload: 23137-24516 (1380 bytes)]
[Frame: 461, payload: 24517-25896 (1380 bytes)]
[Frame: 463, payload: 25897-27276 (1380 bytes)]
[Frame: 464, payload: 27277-28656 (1380 bytes)]
[Frame: 466, payload: 28657-30036 (1380 bytes)]
[Frame: 467, payload: 30037-31416 (1380 bytes)]
[Frame: 469, payload: 31417-32796 (1380 bytes)]
[Frame: 470, payload: 32797-34176 (1380 bytes)]
[Frame: 472, payload: 34177-35556 (1380 bytes)]
[Frame: 473, payload: 35557-36936 (1380 bytes)]
[Frame: 475, payload: 36937-38316 (1380 bytes)]
[Frame: 476, payload: 38317-39696 (1380 bytes)]
[Frame: 478, payload: 39697-41076 (1380 bytes)]
[Frame: 479, payload: 41077-42456 (1380 bytes)]
[Frame: 481, payload: 42457-43836 (1380 bytes)]
[Frame: 482, payload: 43837-45216 (1380 bytes)]
[Frame: 484, payload: 45217-46596 (1380 bytes)]
[Frame: 485, payload: 46597-47976 (1380 bytes)]
[Frame: 487, payload: 47977-49356 (1380 bytes)]
[Frame: 488, payload: 49357-50402 (1046 bytes)]
[Segment count: 38]
[Reassembled TCP length: 50403]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:19 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50063\r\n
[Content length: 50063]
Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:19 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 87\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5629
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 424
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 24
Remaining segment data (22 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
491 2012-06-20 08:38:38.502468 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 491: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:38.502468000 GMT Daylight Time
Epoch Time: 1340177918.502468000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.000302000 seconds]
[Time since reference or first frame: 10.480682000 seconds]
Frame Number: 491
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2308 (8968)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd8c7 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 1098, Ack: 100807, Len: 237
Source port: willy (2518)
Destination port: http (80)
[Stream index: 9]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 100807 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x5b52 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #490(199), #491(237)]
[Frame: 490, payload: 0-198 (199 bytes)]
[Frame: 491, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
558 2012-06-20 08:38:38.921462 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 558: 760 bytes on wire (6080 bits), 760 bytes captured (6080 bits)
Arrival Time: Jun 20, 2012 08:38:38.921462000 GMT Daylight Time
Epoch Time: 1340177918.921462000 seconds
[Time delta from previous captured frame: 0.000030000 seconds]
[Time delta from previous displayed frame: 0.418994000 seconds]
[Time since reference or first frame: 10.899676000 seconds]
Frame Number: 558
Frame Length: 760 bytes (6080 bits)
Capture Length: 760 bytes (6080 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 746
Identification: 0xb8d4 (47316)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x8d26 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: willy (2518), Seq: 150504, Ack: 1335, Len: 706
Source port: http (80)
Destination port: willy (2518)
[Stream index: 9]
Sequence number: 150504 (relative sequence number)
[Next sequence number: 151210 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x9765 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 706]
TCP segment data (706 bytes)
[39 Reassembled TCP Segments (50403 bytes): #498(1380), #499(1380), #501(1380), #502(1380), #504(1380), #505(1380), #507(1380), #508(1380), #510(1380), #511(649), #513(1380), #514(68), #516(1380), #517(1380), #519(1380), #520(1380), #522(13]
[Frame: 498, payload: 0-1379 (1380 bytes)]
[Frame: 499, payload: 1380-2759 (1380 bytes)]
[Frame: 501, payload: 2760-4139 (1380 bytes)]
[Frame: 502, payload: 4140-5519 (1380 bytes)]
[Frame: 504, payload: 5520-6899 (1380 bytes)]
[Frame: 505, payload: 6900-8279 (1380 bytes)]
[Frame: 507, payload: 8280-9659 (1380 bytes)]
[Frame: 508, payload: 9660-11039 (1380 bytes)]
[Frame: 510, payload: 11040-12419 (1380 bytes)]
[Frame: 511, payload: 12420-13068 (649 bytes)]
[Frame: 513, payload: 13069-14448 (1380 bytes)]
[Frame: 514, payload: 14449-14516 (68 bytes)]
[Frame: 516, payload: 14517-15896 (1380 bytes)]
[Frame: 517, payload: 15897-17276 (1380 bytes)]
[Frame: 519, payload: 17277-18656 (1380 bytes)]
[Frame: 520, payload: 18657-20036 (1380 bytes)]
[Frame: 522, payload: 20037-21416 (1380 bytes)]
[Frame: 523, payload: 21417-22796 (1380 bytes)]
[Frame: 525, payload: 22797-24176 (1380 bytes)]
[Frame: 526, payload: 24177-25556 (1380 bytes)]
[Frame: 528, payload: 25557-26936 (1380 bytes)]
[Frame: 529, payload: 26937-28316 (1380 bytes)]
[Frame: 531, payload: 28317-28996 (680 bytes)]
[Frame: 535, payload: 28997-30376 (1380 bytes)]
[Frame: 537, payload: 30377-31756 (1380 bytes)]
[Frame: 538, payload: 31757-33136 (1380 bytes)]
[Frame: 540, payload: 33137-34516 (1380 bytes)]
[Frame: 541, payload: 34517-35896 (1380 bytes)]
[Frame: 543, payload: 35897-37276 (1380 bytes)]
[Frame: 544, payload: 37277-38656 (1380 bytes)]
[Frame: 546, payload: 38657-40036 (1380 bytes)]
[Frame: 547, payload: 40037-41416 (1380 bytes)]
[Frame: 549, payload: 41417-42796 (1380 bytes)]
[Frame: 550, payload: 42797-44176 (1380 bytes)]
[Frame: 552, payload: 44177-45556 (1380 bytes)]
[Frame: 553, payload: 45557-46936 (1380 bytes)]
[Frame: 555, payload: 46937-48316 (1380 bytes)]
[Frame: 556, payload: 48317-49696 (1380 bytes)]
[Frame: 558, payload: 49697-50402 (706 bytes)]
[Segment count: 39]
[Reassembled TCP length: 50403]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:19 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50063\r\n
[Content length: 50063]
Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:19 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 87\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5629
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 424
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 24
Remaining segment data (22 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
559 2012-06-20 08:38:38.921720 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 559: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:38.921720000 GMT Daylight Time
Epoch Time: 1340177918.921720000 seconds
[Time delta from previous captured frame: 0.000258000 seconds]
[Time delta from previous displayed frame: 0.000258000 seconds]
[Time since reference or first frame: 10.899934000 seconds]
Frame Number: 559
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x231c (8988)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd91b [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: willy (2518), Dst Port: http (80), Seq: 1335, Ack: 151210, Len: 133
Source port: willy (2518)
Destination port: http (80)
[Stream index: 9]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 151210 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0xc40d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 558]
[The RTT to ACK the segment was: 0.000258000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
No. Time Source Destination Protocol Info
570 2012-06-20 08:38:39.196809 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 570: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:39.196809000 GMT Daylight Time
Epoch Time: 1340177919.196809000 seconds
[Time delta from previous captured frame: 0.000040000 seconds]
[Time delta from previous displayed frame: 0.275089000 seconds]
[Time since reference or first frame: 11.175023000 seconds]
Frame Number: 570
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2322 (8994)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd8ad [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: globmsgsvc (2519)
Destination port: http (80)
[Stream index: 11]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xdd04 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #569(225), #570(237)]
[Frame: 569, payload: 0-224 (225 bytes)]
[Frame: 570, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
632 2012-06-20 08:38:39.751882 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 632: 1250 bytes on wire (10000 bits), 1250 bytes captured (10000 bits)
Arrival Time: Jun 20, 2012 08:38:39.751882000 GMT Daylight Time
Epoch Time: 1340177919.751882000 seconds
[Time delta from previous captured frame: 0.000129000 seconds]
[Time delta from previous displayed frame: 0.555073000 seconds]
[Time since reference or first frame: 11.730096000 seconds]
Frame Number: 632
Frame Length: 1250 bytes (10000 bits)
Capture Length: 1250 bytes (10000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1236
Identification: 0xe1ca (57802)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6246 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: globmsgsvc (2519), Seq: 47366, Ack: 463, Len: 1196
Source port: http (80)
Destination port: globmsgsvc (2519)
[Stream index: 11]
Sequence number: 47366 (relative sequence number)
[Next sequence number: 48562 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x25f2 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2576]
TCP segment data (1196 bytes)
[36 Reassembled TCP Segments (48561 bytes): #578(1380), #579(1380), #581(1380), #582(1380), #584(1380), #585(1380), #587(445), #588(1380), #590(1380), #591(1380), #593(1380), #594(1380), #596(1380), #597(1380), #599(1380), #600(1380), #602(]
[Frame: 578, payload: 0-1379 (1380 bytes)]
[Frame: 579, payload: 1380-2759 (1380 bytes)]
[Frame: 581, payload: 2760-4139 (1380 bytes)]
[Frame: 582, payload: 4140-5519 (1380 bytes)]
[Frame: 584, payload: 5520-6899 (1380 bytes)]
[Frame: 585, payload: 6900-8279 (1380 bytes)]
[Frame: 587, payload: 8280-8724 (445 bytes)]
[Frame: 588, payload: 8725-10104 (1380 bytes)]
[Frame: 590, payload: 10105-11484 (1380 bytes)]
[Frame: 591, payload: 11485-12864 (1380 bytes)]
[Frame: 593, payload: 12865-14244 (1380 bytes)]
[Frame: 594, payload: 14245-15624 (1380 bytes)]
[Frame: 596, payload: 15625-17004 (1380 bytes)]
[Frame: 597, payload: 17005-18384 (1380 bytes)]
[Frame: 599, payload: 18385-19764 (1380 bytes)]
[Frame: 600, payload: 19765-21144 (1380 bytes)]
[Frame: 602, payload: 21145-22524 (1380 bytes)]
[Frame: 603, payload: 22525-23904 (1380 bytes)]
[Frame: 605, payload: 23905-25284 (1380 bytes)]
[Frame: 606, payload: 25285-26664 (1380 bytes)]
[Frame: 608, payload: 26665-28044 (1380 bytes)]
[Frame: 609, payload: 28045-29424 (1380 bytes)]
[Frame: 611, payload: 29425-30804 (1380 bytes)]
[Frame: 612, payload: 30805-32184 (1380 bytes)]
[Frame: 614, payload: 32185-33564 (1380 bytes)]
[Frame: 617, payload: 33565-34944 (1380 bytes)]
[Frame: 619, payload: 34945-36324 (1380 bytes)]
[Frame: 620, payload: 36325-37704 (1380 bytes)]
[Frame: 622, payload: 37705-39084 (1380 bytes)]
[Frame: 623, payload: 39085-40464 (1380 bytes)]
[Frame: 625, payload: 40465-41844 (1380 bytes)]
[Frame: 626, payload: 41845-43224 (1380 bytes)]
[Frame: 628, payload: 43225-44604 (1380 bytes)]
[Frame: 629, payload: 44605-45984 (1380 bytes)]
[Frame: 631, payload: 45985-47364 (1380 bytes)]
[Frame: 632, payload: 47365-48560 (1196 bytes)]
[Segment count: 36]
[Reassembled TCP length: 48561]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:20 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48221\r\n
[Content length: 48221]
Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:20 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5828
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 429
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 23
Remaining segment data (21 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
635 2012-06-20 08:38:39.752232 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 635: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:39.752232000 GMT Daylight Time
Epoch Time: 1340177919.752232000 seconds
[Time delta from previous captured frame: 0.000049000 seconds]
[Time delta from previous displayed frame: 0.000350000 seconds]
[Time since reference or first frame: 11.730446000 seconds]
Frame Number: 635
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2336 (9014)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd899 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 662, Ack: 48562, Len: 237
Source port: globmsgsvc (2519)
Destination port: http (80)
[Stream index: 11]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 48562 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x1d9f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #634(199), #635(237)]
[Frame: 634, payload: 0-198 (199 bytes)]
[Frame: 635, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
706 2012-06-20 08:38:40.248507 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 706: 638 bytes on wire (5104 bits), 638 bytes captured (5104 bits)
Arrival Time: Jun 20, 2012 08:38:40.248507000 GMT Daylight Time
Epoch Time: 1340177920.248507000 seconds
[Time delta from previous captured frame: 0.000010000 seconds]
[Time delta from previous displayed frame: 0.496275000 seconds]
[Time since reference or first frame: 12.226721000 seconds]
Frame Number: 706
Frame Length: 638 bytes (5104 bits)
Capture Length: 638 bytes (5104 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 624
Identification: 0xe1f1 (57841)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6483 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: globmsgsvc (2519), Seq: 96539, Ack: 899, Len: 584
Source port: http (80)
Destination port: globmsgsvc (2519)
[Stream index: 11]
Sequence number: 96539 (relative sequence number)
[Next sequence number: 97123 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x6e03 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 584]
TCP segment data (584 bytes)
[37 Reassembled TCP Segments (48561 bytes): #649(1380), #650(1380), #652(1380), #653(1380), #655(309), #656(1380), #658(1380), #659(1380), #661(1380), #662(1380), #664(1380), #665(1380), #667(1380), #668(1380), #670(1380), #671(1380), #673(]
[Frame: 649, payload: 0-1379 (1380 bytes)]
[Frame: 650, payload: 1380-2759 (1380 bytes)]
[Frame: 652, payload: 2760-4139 (1380 bytes)]
[Frame: 653, payload: 4140-5519 (1380 bytes)]
[Frame: 655, payload: 5520-5828 (309 bytes)]
[Frame: 656, payload: 5829-7208 (1380 bytes)]
[Frame: 658, payload: 7209-8588 (1380 bytes)]
[Frame: 659, payload: 8589-9968 (1380 bytes)]
[Frame: 661, payload: 9969-11348 (1380 bytes)]
[Frame: 662, payload: 11349-12728 (1380 bytes)]
[Frame: 664, payload: 12729-14108 (1380 bytes)]
[Frame: 665, payload: 14109-15488 (1380 bytes)]
[Frame: 667, payload: 15489-16868 (1380 bytes)]
[Frame: 668, payload: 16869-18248 (1380 bytes)]
[Frame: 670, payload: 18249-19628 (1380 bytes)]
[Frame: 671, payload: 19629-21008 (1380 bytes)]
[Frame: 673, payload: 21009-21756 (748 bytes)]
[Frame: 677, payload: 21757-23136 (1380 bytes)]
[Frame: 679, payload: 23137-24516 (1380 bytes)]
[Frame: 680, payload: 24517-25896 (1380 bytes)]
[Frame: 682, payload: 25897-27276 (1380 bytes)]
[Frame: 683, payload: 27277-28656 (1380 bytes)]
[Frame: 685, payload: 28657-30036 (1380 bytes)]
[Frame: 686, payload: 30037-31416 (1380 bytes)]
[Frame: 688, payload: 31417-32796 (1380 bytes)]
[Frame: 689, payload: 32797-34176 (1380 bytes)]
[Frame: 691, payload: 34177-35556 (1380 bytes)]
[Frame: 692, payload: 35557-36936 (1380 bytes)]
[Frame: 694, payload: 36937-38316 (1380 bytes)]
[Frame: 695, payload: 38317-39696 (1380 bytes)]
[Frame: 697, payload: 39697-41076 (1380 bytes)]
[Frame: 698, payload: 41077-42456 (1380 bytes)]
[Frame: 700, payload: 42457-43836 (1380 bytes)]
[Frame: 701, payload: 43837-45216 (1380 bytes)]
[Frame: 703, payload: 45217-46596 (1380 bytes)]
[Frame: 704, payload: 46597-47976 (1380 bytes)]
[Frame: 706, payload: 47977-48560 (584 bytes)]
[Segment count: 37]
[Reassembled TCP length: 48561]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:21 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48221\r\n
[Content length: 48221]
Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:21 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5828
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 429
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 23
Remaining segment data (21 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
708 2012-06-20 08:38:40.248811 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 708: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:40.248811000 GMT Daylight Time
Epoch Time: 1340177920.248811000 seconds
[Time delta from previous captured frame: 0.000046000 seconds]
[Time delta from previous displayed frame: 0.000304000 seconds]
[Time since reference or first frame: 12.227025000 seconds]
Frame Number: 708
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x234a (9034)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd885 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 1098, Ack: 97123, Len: 237
Source port: globmsgsvc (2519)
Destination port: http (80)
[Stream index: 11]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 97123 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x5e3b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #707(199), #708(237)]
[Frame: 707, payload: 0-198 (199 bytes)]
[Frame: 708, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
773 2012-06-20 08:38:40.908058 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 773: 910 bytes on wire (7280 bits), 910 bytes captured (7280 bits)
Arrival Time: Jun 20, 2012 08:38:40.908058000 GMT Daylight Time
Epoch Time: 1340177920.908058000 seconds
[Time delta from previous captured frame: 0.000055000 seconds]
[Time delta from previous displayed frame: 0.659247000 seconds]
[Time since reference or first frame: 12.886272000 seconds]
Frame Number: 773
Frame Length: 910 bytes (7280 bits)
Capture Length: 910 bytes (7280 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 896
Identification: 0xe219 (57881)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x634b [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: globmsgsvc (2519), Seq: 144828, Ack: 1335, Len: 856
Source port: http (80)
Destination port: globmsgsvc (2519)
[Stream index: 11]
Sequence number: 144828 (relative sequence number)
[Next sequence number: 145684 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x037f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2236]
TCP segment data (856 bytes)
[38 Reassembled TCP Segments (48561 bytes): #715(1380), #716(1380), #718(1380), #719(241), #721(1380), #722(68), #724(1380), #725(1380), #727(1380), #728(1380), #730(1380), #731(1380), #733(1380), #734(476), #736(1380), #737(1380), #739(138]
[Frame: 715, payload: 0-1379 (1380 bytes)]
[Frame: 716, payload: 1380-2759 (1380 bytes)]
[Frame: 718, payload: 2760-4139 (1380 bytes)]
[Frame: 719, payload: 4140-4380 (241 bytes)]
[Frame: 721, payload: 4381-5760 (1380 bytes)]
[Frame: 722, payload: 5761-5828 (68 bytes)]
[Frame: 724, payload: 5829-7208 (1380 bytes)]
[Frame: 725, payload: 7209-8588 (1380 bytes)]
[Frame: 727, payload: 8589-9968 (1380 bytes)]
[Frame: 728, payload: 9969-11348 (1380 bytes)]
[Frame: 730, payload: 11349-12728 (1380 bytes)]
[Frame: 731, payload: 12729-14108 (1380 bytes)]
[Frame: 733, payload: 14109-15488 (1380 bytes)]
[Frame: 734, payload: 15489-15964 (476 bytes)]
[Frame: 736, payload: 15965-17344 (1380 bytes)]
[Frame: 737, payload: 17345-18724 (1380 bytes)]
[Frame: 739, payload: 18725-20104 (1380 bytes)]
[Frame: 740, payload: 20105-21484 (1380 bytes)]
[Frame: 742, payload: 21485-22864 (1380 bytes)]
[Frame: 743, payload: 22865-24244 (1380 bytes)]
[Frame: 745, payload: 24245-25624 (1380 bytes)]
[Frame: 746, payload: 25625-27004 (1380 bytes)]
[Frame: 748, payload: 27005-28384 (1380 bytes)]
[Frame: 749, payload: 28385-29764 (1380 bytes)]
[Frame: 751, payload: 29765-31144 (1380 bytes)]
[Frame: 752, payload: 31145-32524 (1380 bytes)]
[Frame: 754, payload: 32525-33904 (1380 bytes)]
[Frame: 755, payload: 33905-35284 (1380 bytes)]
[Frame: 757, payload: 35285-36664 (1380 bytes)]
[Frame: 758, payload: 36665-38044 (1380 bytes)]
[Frame: 760, payload: 38045-39424 (1380 bytes)]
[Frame: 761, payload: 39425-40804 (1380 bytes)]
[Frame: 763, payload: 40805-42184 (1380 bytes)]
[Frame: 767, payload: 42185-43564 (1380 bytes)]
[Frame: 769, payload: 43565-44944 (1380 bytes)]
[Frame: 770, payload: 44945-46324 (1380 bytes)]
[Frame: 772, payload: 46325-47704 (1380 bytes)]
[Frame: 773, payload: 47705-48560 (856 bytes)]
[Segment count: 38]
[Reassembled TCP length: 48561]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:21 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48221\r\n
[Content length: 48221]
Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:21 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5828
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 429
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 23
Remaining segment data (21 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
775 2012-06-20 08:38:40.908361 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 775: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:40.908361000 GMT Daylight Time
Epoch Time: 1340177920.908361000 seconds
[Time delta from previous captured frame: 0.000280000 seconds]
[Time delta from previous displayed frame: 0.000303000 seconds]
[Time since reference or first frame: 12.886575000 seconds]
Frame Number: 775
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x235e (9054)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd8d9 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: globmsgsvc (2519), Dst Port: http (80), Seq: 1335, Ack: 145684, Len: 133
Source port: globmsgsvc (2519)
Destination port: http (80)
[Stream index: 11]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 145684 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xcd1b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
No. Time Source Destination Protocol Info
808 2012-06-20 08:38:41.475894 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 808: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:41.475894000 GMT Daylight Time
Epoch Time: 1340177921.475894000 seconds
[Time delta from previous captured frame: 0.000044000 seconds]
[Time delta from previous displayed frame: 0.567533000 seconds]
[Time since reference or first frame: 13.454108000 seconds]
Frame Number: 808
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x236b (9067)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd864 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 225, Ack: 1, Len: 237
Source port: adaptecmgr (2521)
Destination port: http (80)
[Stream index: 16]
Sequence number: 225 (relative sequence number)
[Next sequence number: 462 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc222 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 461]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (461 bytes): #807(224), #808(237)]
[Frame: 807, payload: 0-223 (224 bytes)]
[Frame: 808, payload: 224-460 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 461]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
eXtensible Markup Language
No. Time Source Destination Protocol Info
817 2012-06-20 08:38:41.743526 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 817: 77 bytes on wire (616 bits), 77 bytes captured (616 bits)
Arrival Time: Jun 20, 2012 08:38:41.743526000 GMT Daylight Time
Epoch Time: 1340177921.743526000 seconds
[Time delta from previous captured frame: 0.000006000 seconds]
[Time delta from previous displayed frame: 0.267632000 seconds]
[Time since reference or first frame: 13.721740000 seconds]
Frame Number: 817
Frame Length: 77 bytes (616 bits)
Capture Length: 77 bytes (616 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 63
Identification: 0xce08 (52744)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x7a9d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: adaptecmgr (2521), Seq: 4314, Ack: 462, Len: 23
Source port: http (80)
Destination port: adaptecmgr (2521)
[Stream index: 16]
Sequence number: 4314 (relative sequence number)
[Next sequence number: 4337 (relative sequence number)]
Acknowledgement number: 462 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x38d2 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 23]
TCP segment data (23 bytes)
[5 Reassembled TCP Segments (4336 bytes): #811(1380), #812(1380), #814(173), #815(1380), #817(23)]
[Frame: 811, payload: 0-1379 (1380 bytes)]
[Frame: 812, payload: 1380-2759 (1380 bytes)]
[Frame: 814, payload: 2760-2932 (173 bytes)]
[Frame: 815, payload: 2933-4312 (1380 bytes)]
[Frame: 817, payload: 4313-4335 (23 bytes)]
[Segment count: 5]
[Reassembled TCP length: 4336]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:22 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 3997\r\n
[Content length: 3997]
Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:22 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 1106
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 64
Samples per line: 134
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
819 2012-06-20 08:38:41.743891 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 819: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:41.743891000 GMT Daylight Time
Epoch Time: 1340177921.743891000 seconds
[Time delta from previous captured frame: 0.000042000 seconds]
[Time delta from previous displayed frame: 0.000365000 seconds]
[Time since reference or first frame: 13.722105000 seconds]
Frame Number: 819
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x236f (9071)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd860 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 660, Ack: 4337, Len: 237
Source port: adaptecmgr (2521)
Destination port: http (80)
[Stream index: 16]
Sequence number: 660 (relative sequence number)
[Next sequence number: 897 (relative sequence number)]
Acknowledgement number: 4337 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xaf7f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 435]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (435 bytes): #818(198), #819(237)]
[Frame: 818, payload: 0-197 (198 bytes)]
[Frame: 819, payload: 198-434 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 435]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
eXtensible Markup Language
No. Time Source Destination Protocol Info
829 2012-06-20 08:38:42.018389 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 829: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits)
Arrival Time: Jun 20, 2012 08:38:42.018389000 GMT Daylight Time
Epoch Time: 1340177922.018389000 seconds
[Time delta from previous captured frame: 0.000031000 seconds]
[Time delta from previous displayed frame: 0.274498000 seconds]
[Time since reference or first frame: 13.996603000 seconds]
Frame Number: 829
Frame Length: 250 bytes (2000 bits)
Capture Length: 250 bytes (2000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 236
Identification: 0xce0e (52750)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x79ea [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: adaptecmgr (2521), Seq: 8477, Ack: 897, Len: 196
Source port: http (80)
Destination port: adaptecmgr (2521)
[Stream index: 16]
Sequence number: 8477 (relative sequence number)
[Next sequence number: 8673 (relative sequence number)]
Acknowledgement number: 897 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x2fe7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1576]
TCP segment data (196 bytes)
[4 Reassembled TCP Segments (4336 bytes): #825(1380), #826(1380), #828(1380), #829(196)]
[Frame: 825, payload: 0-1379 (1380 bytes)]
[Frame: 826, payload: 1380-2759 (1380 bytes)]
[Frame: 828, payload: 2760-4139 (1380 bytes)]
[Frame: 829, payload: 4140-4335 (196 bytes)]
[Segment count: 4]
[Reassembled TCP length: 4336]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:23 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 3997\r\n
[Content length: 3997]
Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:23 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 1106
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 64
Samples per line: 134
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
832 2012-06-20 08:38:42.018686 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 832: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:42.018686000 GMT Daylight Time
Epoch Time: 1340177922.018686000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.000297000 seconds]
[Time since reference or first frame: 13.996900000 seconds]
Frame Number: 832
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2373 (9075)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd85c [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 1095, Ack: 8673, Len: 237
Source port: adaptecmgr (2521)
Destination port: http (80)
[Stream index: 16]
Sequence number: 1095 (relative sequence number)
[Next sequence number: 1332 (relative sequence number)]
Acknowledgement number: 8673 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x9cdc [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 435]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (435 bytes): #831(198), #832(237)]
[Frame: 831, payload: 0-197 (198 bytes)]
[Frame: 832, payload: 198-434 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 435]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
eXtensible Markup Language
No. Time Source Destination Protocol Info
840 2012-06-20 08:38:42.283564 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 840: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits)
Arrival Time: Jun 20, 2012 08:38:42.283564000 GMT Daylight Time
Epoch Time: 1340177922.283564000 seconds
[Time delta from previous captured frame: 0.000025000 seconds]
[Time delta from previous displayed frame: 0.264878000 seconds]
[Time since reference or first frame: 14.261778000 seconds]
Frame Number: 840
Frame Length: 250 bytes (2000 bits)
Capture Length: 250 bytes (2000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 236
Identification: 0xce14 (52756)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x79e4 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: adaptecmgr (2521), Seq: 12813, Ack: 1332, Len: 196
Source port: http (80)
Destination port: adaptecmgr (2521)
[Stream index: 16]
Sequence number: 12813 (relative sequence number)
[Next sequence number: 13009 (relative sequence number)]
Acknowledgement number: 1332 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x1d3f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1576]
TCP segment data (196 bytes)
[4 Reassembled TCP Segments (4336 bytes): #836(1380), #837(1380), #839(1380), #840(196)]
[Frame: 836, payload: 0-1379 (1380 bytes)]
[Frame: 837, payload: 1380-2759 (1380 bytes)]
[Frame: 839, payload: 2760-4139 (1380 bytes)]
[Frame: 840, payload: 4140-4335 (196 bytes)]
[Segment count: 4]
[Reassembled TCP length: 4336]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:23 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 3997\r\n
[Content length: 3997]
Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:23 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 1106
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 64
Samples per line: 134
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
842 2012-06-20 08:38:42.283843 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 842: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Arrival Time: Jun 20, 2012 08:38:42.283843000 GMT Daylight Time
Epoch Time: 1340177922.283843000 seconds
[Time delta from previous captured frame: 0.000267000 seconds]
[Time delta from previous displayed frame: 0.000279000 seconds]
[Time since reference or first frame: 14.262057000 seconds]
Frame Number: 842
Frame Length: 186 bytes (1488 bits)
Capture Length: 186 bytes (1488 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 172
Identification: 0x2376 (9078)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd8c2 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: adaptecmgr (2521), Dst Port: http (80), Seq: 1332, Ack: 13009, Len: 132
Source port: adaptecmgr (2521)
Destination port: http (80)
[Stream index: 16]
Sequence number: 1332 (relative sequence number)
[Next sequence number: 1464 (relative sequence number)]
Acknowledgement number: 13009 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xa4cf [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 132]
Hypertext Transfer Protocol
HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
No. Time Source Destination Protocol Info
853 2012-06-20 08:38:42.553644 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 853: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:42.553644000 GMT Daylight Time
Epoch Time: 1340177922.553644000 seconds
[Time delta from previous captured frame: 0.000127000 seconds]
[Time delta from previous displayed frame: 0.269801000 seconds]
[Time since reference or first frame: 14.531858000 seconds]
Frame Number: 853
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x237c (9084)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd853 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: windb (2522)
Destination port: http (80)
[Stream index: 17]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x4edd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #852(225), #853(237)]
[Frame: 852, payload: 0-224 (225 bytes)]
[Frame: 853, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
922 2012-06-20 08:38:43.108691 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 922: 1184 bytes on wire (9472 bits), 1184 bytes captured (9472 bits)
Arrival Time: Jun 20, 2012 08:38:43.108691000 GMT Daylight Time
Epoch Time: 1340177923.108691000 seconds
[Time delta from previous captured frame: 0.000040000 seconds]
[Time delta from previous displayed frame: 0.555047000 seconds]
[Time since reference or first frame: 15.086905000 seconds]
Frame Number: 922
Frame Length: 1184 bytes (9472 bits)
Capture Length: 1184 bytes (9472 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1170
Identification: 0xc63b (50747)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x7e17 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: windb (2522), Seq: 47298, Ack: 463, Len: 1130
Source port: http (80)
Destination port: windb (2522)
[Stream index: 17]
Sequence number: 47298 (relative sequence number)
[Next sequence number: 48428 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x8677 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2510]
TCP segment data (1130 bytes)
[38 Reassembled TCP Segments (48427 bytes): #856(1380), #857(105), #859(1380), #860(1380), #862(136), #863(1380), #865(1380), #866(136), #868(1380), #869(1380), #879(1380), #880(1380), #882(1380), #883(1380), #885(1380), #886(1380), #888(13]
[Frame: 856, payload: 0-1379 (1380 bytes)]
[Frame: 857, payload: 1380-1484 (105 bytes)]
[Frame: 859, payload: 1485-2864 (1380 bytes)]
[Frame: 860, payload: 2865-4244 (1380 bytes)]
[Frame: 862, payload: 4245-4380 (136 bytes)]
[Frame: 863, payload: 4381-5760 (1380 bytes)]
[Frame: 865, payload: 5761-7140 (1380 bytes)]
[Frame: 866, payload: 7141-7276 (136 bytes)]
[Frame: 868, payload: 7277-8656 (1380 bytes)]
[Frame: 869, payload: 8657-10036 (1380 bytes)]
[Frame: 879, payload: 10037-11416 (1380 bytes)]
[Frame: 880, payload: 11417-12796 (1380 bytes)]
[Frame: 882, payload: 12797-14176 (1380 bytes)]
[Frame: 883, payload: 14177-15556 (1380 bytes)]
[Frame: 885, payload: 15557-16936 (1380 bytes)]
[Frame: 886, payload: 16937-18316 (1380 bytes)]
[Frame: 888, payload: 18317-19696 (1380 bytes)]
[Frame: 889, payload: 19697-21076 (1380 bytes)]
[Frame: 891, payload: 21077-22456 (1380 bytes)]
[Frame: 892, payload: 22457-23836 (1380 bytes)]
[Frame: 894, payload: 23837-25216 (1380 bytes)]
[Frame: 895, payload: 25217-26596 (1380 bytes)]
[Frame: 897, payload: 26597-27976 (1380 bytes)]
[Frame: 898, payload: 27977-29356 (1380 bytes)]
[Frame: 900, payload: 29357-30736 (1380 bytes)]
[Frame: 904, payload: 30737-32116 (1380 bytes)]
[Frame: 906, payload: 32117-33496 (1380 bytes)]
[Frame: 907, payload: 33497-34876 (1380 bytes)]
[Frame: 909, payload: 34877-36256 (1380 bytes)]
[Frame: 910, payload: 36257-37636 (1380 bytes)]
[Frame: 912, payload: 37637-39016 (1380 bytes)]
[Frame: 913, payload: 39017-40396 (1380 bytes)]
[Frame: 915, payload: 40397-41776 (1380 bytes)]
[Frame: 916, payload: 41777-43156 (1380 bytes)]
[Frame: 918, payload: 43157-44536 (1380 bytes)]
[Frame: 919, payload: 44537-45916 (1380 bytes)]
[Frame: 921, payload: 45917-47296 (1380 bytes)]
[Frame: 922, payload: 47297-48426 (1130 bytes)]
[Segment count: 38]
[Reassembled TCP length: 48427]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:23 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48087\r\n
[Content length: 48087]
Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:23 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5134
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 405
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
925 2012-06-20 08:38:43.109137 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 925: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:43.109137000 GMT Daylight Time
Epoch Time: 1340177923.109137000 seconds
[Time delta from previous captured frame: 0.000134000 seconds]
[Time delta from previous displayed frame: 0.000446000 seconds]
[Time since reference or first frame: 15.087351000 seconds]
Frame Number: 925
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2391 (9105)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd83e [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 662, Ack: 48428, Len: 237
Source port: windb (2522)
Destination port: http (80)
[Stream index: 17]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 48428 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x8ffd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #924(199), #925(237)]
[Frame: 924, payload: 0-198 (199 bytes)]
[Frame: 925, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
985 2012-06-20 08:38:43.701965 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 985: 708 bytes on wire (5664 bits), 708 bytes captured (5664 bits)
Arrival Time: Jun 20, 2012 08:38:43.701965000 GMT Daylight Time
Epoch Time: 1340177923.701965000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.592828000 seconds]
[Time since reference or first frame: 15.680179000 seconds]
Frame Number: 985
Frame Length: 708 bytes (5664 bits)
Capture Length: 708 bytes (5664 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 694
Identification: 0xc663 (50787)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x7fcb [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: windb (2522), Seq: 96201, Ack: 899, Len: 654
Source port: http (80)
Destination port: windb (2522)
[Stream index: 17]
Sequence number: 96201 (relative sequence number)
[Next sequence number: 96855 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xe9c6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2034]
TCP segment data (654 bytes)
[38 Reassembled TCP Segments (48427 bytes): #929(1380), #930(1380), #932(1380), #933(241), #935(1380), #936(1380), #938(1380), #939(1380), #941(272), #942(1380), #944(1380), #945(1380), #947(1380), #948(1380), #950(340), #952(1380), #954(13]
[Frame: 929, payload: 0-1379 (1380 bytes)]
[Frame: 930, payload: 1380-2759 (1380 bytes)]
[Frame: 932, payload: 2760-4139 (1380 bytes)]
[Frame: 933, payload: 4140-4380 (241 bytes)]
[Frame: 935, payload: 4381-5760 (1380 bytes)]
[Frame: 936, payload: 5761-7140 (1380 bytes)]
[Frame: 938, payload: 7141-8520 (1380 bytes)]
[Frame: 939, payload: 8521-9900 (1380 bytes)]
[Frame: 941, payload: 9901-10172 (272 bytes)]
[Frame: 942, payload: 10173-11552 (1380 bytes)]
[Frame: 944, payload: 11553-12932 (1380 bytes)]
[Frame: 945, payload: 12933-14312 (1380 bytes)]
[Frame: 947, payload: 14313-15692 (1380 bytes)]
[Frame: 948, payload: 15693-17072 (1380 bytes)]
[Frame: 950, payload: 17073-17412 (340 bytes)]
[Frame: 952, payload: 17413-18792 (1380 bytes)]
[Frame: 954, payload: 18793-20172 (1380 bytes)]
[Frame: 955, payload: 20173-21552 (1380 bytes)]
[Frame: 957, payload: 21553-22932 (1380 bytes)]
[Frame: 958, payload: 22933-24312 (1380 bytes)]
[Frame: 960, payload: 24313-25692 (1380 bytes)]
[Frame: 961, payload: 25693-27072 (1380 bytes)]
[Frame: 963, payload: 27073-28452 (1380 bytes)]
[Frame: 964, payload: 28453-29832 (1380 bytes)]
[Frame: 966, payload: 29833-31212 (1380 bytes)]
[Frame: 967, payload: 31213-32592 (1380 bytes)]
[Frame: 969, payload: 32593-33972 (1380 bytes)]
[Frame: 970, payload: 33973-35352 (1380 bytes)]
[Frame: 972, payload: 35353-36732 (1380 bytes)]
[Frame: 973, payload: 36733-38112 (1380 bytes)]
[Frame: 975, payload: 38113-39492 (1380 bytes)]
[Frame: 976, payload: 39493-40872 (1380 bytes)]
[Frame: 978, payload: 40873-42252 (1380 bytes)]
[Frame: 979, payload: 42253-43632 (1380 bytes)]
[Frame: 981, payload: 43633-45012 (1380 bytes)]
[Frame: 982, payload: 45013-46392 (1380 bytes)]
[Frame: 984, payload: 46393-47772 (1380 bytes)]
[Frame: 985, payload: 47773-48426 (654 bytes)]
[Segment count: 38]
[Reassembled TCP length: 48427]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:24 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48087\r\n
[Content length: 48087]
Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:24 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5134
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 405
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
988 2012-06-20 08:38:43.702392 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 988: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:43.702392000 GMT Daylight Time
Epoch Time: 1340177923.702392000 seconds
[Time delta from previous captured frame: 0.000106000 seconds]
[Time delta from previous displayed frame: 0.000427000 seconds]
[Time since reference or first frame: 15.680606000 seconds]
Frame Number: 988
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x23a6 (9126)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd829 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 1098, Ack: 96855, Len: 237
Source port: windb (2522)
Destination port: http (80)
[Stream index: 17]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 96855 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xd11d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #987(199), #988(237)]
[Frame: 987, payload: 0-198 (199 bytes)]
[Frame: 988, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1051 2012-06-20 08:38:44.157166 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1051: 300 bytes on wire (2400 bits), 300 bytes captured (2400 bits)
Arrival Time: Jun 20, 2012 08:38:44.157166000 GMT Daylight Time
Epoch Time: 1340177924.157166000 seconds
[Time delta from previous captured frame: 0.000017000 seconds]
[Time delta from previous displayed frame: 0.454774000 seconds]
[Time since reference or first frame: 16.135380000 seconds]
Frame Number: 1051
Frame Length: 300 bytes (2400 bits)
Capture Length: 300 bytes (2400 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 286
Identification: 0xc68c (50828)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x813a [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: windb (2522), Seq: 145036, Ack: 1335, Len: 246
Source port: http (80)
Destination port: windb (2522)
[Stream index: 17]
Sequence number: 145036 (relative sequence number)
[Next sequence number: 145282 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x0713 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 246]
TCP segment data (246 bytes)
[39 Reassembled TCP Segments (48427 bytes): #993(1380), #994(1380), #996(1380), #997(241), #999(1380), #1000(1380), #1003(1380), #1004(1380), #1006(272), #1007(1380), #1009(1380), #1010(1380), #1012(1380), #1013(1380), #1015(340), #1016(138]
[Frame: 993, payload: 0-1379 (1380 bytes)]
[Frame: 994, payload: 1380-2759 (1380 bytes)]
[Frame: 996, payload: 2760-4139 (1380 bytes)]
[Frame: 997, payload: 4140-4380 (241 bytes)]
[Frame: 999, payload: 4381-5760 (1380 bytes)]
[Frame: 1000, payload: 5761-7140 (1380 bytes)]
[Frame: 1003, payload: 7141-8520 (1380 bytes)]
[Frame: 1004, payload: 8521-9900 (1380 bytes)]
[Frame: 1006, payload: 9901-10172 (272 bytes)]
[Frame: 1007, payload: 10173-11552 (1380 bytes)]
[Frame: 1009, payload: 11553-12932 (1380 bytes)]
[Frame: 1010, payload: 12933-14312 (1380 bytes)]
[Frame: 1012, payload: 14313-15692 (1380 bytes)]
[Frame: 1013, payload: 15693-17072 (1380 bytes)]
[Frame: 1015, payload: 17073-17412 (340 bytes)]
[Frame: 1016, payload: 17413-18792 (1380 bytes)]
[Frame: 1018, payload: 18793-20172 (1380 bytes)]
[Frame: 1019, payload: 20173-21552 (1380 bytes)]
[Frame: 1021, payload: 21553-22932 (1380 bytes)]
[Frame: 1022, payload: 22933-24312 (1380 bytes)]
[Frame: 1024, payload: 24313-25692 (1380 bytes)]
[Frame: 1025, payload: 25693-26100 (408 bytes)]
[Frame: 1027, payload: 26101-27480 (1380 bytes)]
[Frame: 1028, payload: 27481-28860 (1380 bytes)]
[Frame: 1030, payload: 28861-30240 (1380 bytes)]
[Frame: 1031, payload: 30241-31620 (1380 bytes)]
[Frame: 1033, payload: 31621-33000 (1380 bytes)]
[Frame: 1034, payload: 33001-34380 (1380 bytes)]
[Frame: 1036, payload: 34381-35760 (1380 bytes)]
[Frame: 1037, payload: 35761-37140 (1380 bytes)]
[Frame: 1039, payload: 37141-38520 (1380 bytes)]
[Frame: 1040, payload: 38521-39900 (1380 bytes)]
[Frame: 1042, payload: 39901-41280 (1380 bytes)]
[Frame: 1043, payload: 41281-42660 (1380 bytes)]
[Frame: 1045, payload: 42661-44040 (1380 bytes)]
[Frame: 1046, payload: 44041-45420 (1380 bytes)]
[Frame: 1048, payload: 45421-46800 (1380 bytes)]
[Frame: 1049, payload: 46801-48180 (1380 bytes)]
[Frame: 1051, payload: 48181-48426 (246 bytes)]
[Segment count: 39]
[Reassembled TCP length: 48427]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:25 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48087\r\n
[Content length: 48087]
Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:25 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5134
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 405
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1052 2012-06-20 08:38:44.157532 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 1052: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:44.157532000 GMT Daylight Time
Epoch Time: 1340177924.157532000 seconds
[Time delta from previous captured frame: 0.000366000 seconds]
[Time delta from previous displayed frame: 0.000366000 seconds]
[Time since reference or first frame: 16.135746000 seconds]
Frame Number: 1052
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x23ba (9146)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd87d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: windb (2522), Dst Port: http (80), Seq: 1335, Ack: 145282, Len: 133
Source port: windb (2522)
Destination port: http (80)
[Stream index: 17]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 145282 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0x3b8c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1051]
[The RTT to ACK the segment was: 0.000366000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
No. Time Source Destination Protocol Info
1063 2012-06-20 08:38:44.429431 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 1063: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:44.429431000 GMT Daylight Time
Epoch Time: 1340177924.429431000 seconds
[Time delta from previous captured frame: 0.000137000 seconds]
[Time delta from previous displayed frame: 0.271899000 seconds]
[Time since reference or first frame: 16.407645000 seconds]
Frame Number: 1063
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x23c0 (9152)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd80f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237
Source port: qke-llc-v3 (2523)
Destination port: http (80)
[Stream index: 19]
Sequence number: 227 (relative sequence number)
[Next sequence number: 464 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x354f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 463]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (463 bytes): #1062(226), #1063(237)]
[Frame: 1062, payload: 0-225 (226 bytes)]
[Frame: 1063, payload: 226-462 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 463]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1114 2012-06-20 08:38:44.979192 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1114: 331 bytes on wire (2648 bits), 331 bytes captured (2648 bits)
Arrival Time: Jun 20, 2012 08:38:44.979192000 GMT Daylight Time
Epoch Time: 1340177924.979192000 seconds
[Time delta from previous captured frame: 0.000016000 seconds]
[Time delta from previous displayed frame: 0.549761000 seconds]
[Time since reference or first frame: 16.957406000 seconds]
Frame Number: 1114
Frame Length: 331 bytes (2648 bits)
Capture Length: 331 bytes (2648 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 317
Identification: 0x667b (26235)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xe12c [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: qke-llc-v3 (2523), Seq: 35014, Ack: 464, Len: 277
Source port: http (80)
Destination port: qke-llc-v3 (2523)
[Stream index: 19]
Sequence number: 35014 (relative sequence number)
[Next sequence number: 35291 (relative sequence number)]
Acknowledgement number: 464 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xa8e1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 277]
TCP segment data (277 bytes)
[27 Reassembled TCP Segments (35290 bytes): #1068(1380), #1069(1380), #1071(1380), #1072(1380), #1074(1380), #1075(1380), #1077(1380), #1078(513), #1081(1380), #1082(1380), #1084(1380), #1085(1380), #1087(1380), #1088(1380), #1090(1380), #1]
[Frame: 1068, payload: 0-1379 (1380 bytes)]
[Frame: 1069, payload: 1380-2759 (1380 bytes)]
[Frame: 1071, payload: 2760-4139 (1380 bytes)]
[Frame: 1072, payload: 4140-5519 (1380 bytes)]
[Frame: 1074, payload: 5520-6899 (1380 bytes)]
[Frame: 1075, payload: 6900-8279 (1380 bytes)]
[Frame: 1077, payload: 8280-9659 (1380 bytes)]
[Frame: 1078, payload: 9660-10172 (513 bytes)]
[Frame: 1081, payload: 10173-11552 (1380 bytes)]
[Frame: 1082, payload: 11553-12932 (1380 bytes)]
[Frame: 1084, payload: 12933-14312 (1380 bytes)]
[Frame: 1085, payload: 14313-15692 (1380 bytes)]
[Frame: 1087, payload: 15693-17072 (1380 bytes)]
[Frame: 1088, payload: 17073-18452 (1380 bytes)]
[Frame: 1090, payload: 18453-19832 (1380 bytes)]
[Frame: 1091, payload: 19833-21212 (1380 bytes)]
[Frame: 1093, payload: 21213-22592 (1380 bytes)]
[Frame: 1094, payload: 22593-23972 (1380 bytes)]
[Frame: 1096, payload: 23973-25352 (1380 bytes)]
[Frame: 1103, payload: 25353-26732 (1380 bytes)]
[Frame: 1105, payload: 26733-28112 (1380 bytes)]
[Frame: 1106, payload: 28113-29492 (1380 bytes)]
[Frame: 1108, payload: 29493-30872 (1380 bytes)]
[Frame: 1109, payload: 30873-32252 (1380 bytes)]
[Frame: 1111, payload: 32253-33632 (1380 bytes)]
[Frame: 1112, payload: 33633-35012 (1380 bytes)]
[Frame: 1114, payload: 35013-35289 (277 bytes)]
[Segment count: 27]
[Reassembled TCP length: 35290]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:25 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 34949\r\n
[Content length: 34949]
Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:25 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7221
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 238
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1116 2012-06-20 08:38:44.979626 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 1116: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:44.979626000 GMT Daylight Time
Epoch Time: 1340177924.979626000 seconds
[Time delta from previous captured frame: 0.000103000 seconds]
[Time delta from previous displayed frame: 0.000434000 seconds]
[Time since reference or first frame: 16.957840000 seconds]
Frame Number: 1116
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x23d2 (9170)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7fd [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 664, Ack: 35291, Len: 237
Source port: qke-llc-v3 (2523)
Destination port: http (80)
[Stream index: 19]
Sequence number: 664 (relative sequence number)
[Next sequence number: 901 (relative sequence number)]
Acknowledgement number: 35291 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0xa9c0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #1115(200), #1116(237)]
[Frame: 1115, payload: 0-199 (200 bytes)]
[Frame: 1116, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1168 2012-06-20 08:38:45.401594 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1168: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Jun 20, 2012 08:38:45.401594000 GMT Daylight Time
Epoch Time: 1340177925.401594000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.421968000 seconds]
[Time since reference or first frame: 17.379808000 seconds]
Frame Number: 1168
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 00
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 45
Identification: 0x669a (26266)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xe21d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: qke-llc-v3 (2523), Seq: 70576, Ack: 901, Len: 5
Source port: http (80)
Destination port: qke-llc-v3 (2523)
[Stream index: 19]
Sequence number: 70576 (relative sequence number)
[Next sequence number: 70581 (relative sequence number)]
Acknowledgement number: 901 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xae64 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 5]
TCP segment data (5 bytes)
[29 Reassembled TCP Segments (35290 bytes): #1124(1380), #1125(105), #1127(1380), #1128(1380), #1130(1380), #1131(1380), #1133(1380), #1134(1380), #1136(1380), #1137(1380), #1139(1380), #1140(612), #1142(1380), #1143(68), #1147(1380), #1148]
[Frame: 1124, payload: 0-1379 (1380 bytes)]
[Frame: 1125, payload: 1380-1484 (105 bytes)]
[Frame: 1127, payload: 1485-2864 (1380 bytes)]
[Frame: 1128, payload: 2865-4244 (1380 bytes)]
[Frame: 1130, payload: 4245-5624 (1380 bytes)]
[Frame: 1131, payload: 5625-7004 (1380 bytes)]
[Frame: 1133, payload: 7005-8384 (1380 bytes)]
[Frame: 1134, payload: 8385-9764 (1380 bytes)]
[Frame: 1136, payload: 9765-11144 (1380 bytes)]
[Frame: 1137, payload: 11145-12524 (1380 bytes)]
[Frame: 1139, payload: 12525-13904 (1380 bytes)]
[Frame: 1140, payload: 13905-14516 (612 bytes)]
[Frame: 1142, payload: 14517-15896 (1380 bytes)]
[Frame: 1143, payload: 15897-15964 (68 bytes)]
[Frame: 1147, payload: 15965-17344 (1380 bytes)]
[Frame: 1148, payload: 17345-18724 (1380 bytes)]
[Frame: 1150, payload: 18725-20104 (1380 bytes)]
[Frame: 1151, payload: 20105-21484 (1380 bytes)]
[Frame: 1153, payload: 21485-22864 (1380 bytes)]
[Frame: 1154, payload: 22865-24244 (1380 bytes)]
[Frame: 1156, payload: 24245-25624 (1380 bytes)]
[Frame: 1157, payload: 25625-27004 (1380 bytes)]
[Frame: 1159, payload: 27005-28384 (1380 bytes)]
[Frame: 1160, payload: 28385-29764 (1380 bytes)]
[Frame: 1162, payload: 29765-31144 (1380 bytes)]
[Frame: 1163, payload: 31145-32524 (1380 bytes)]
[Frame: 1165, payload: 32525-33904 (1380 bytes)]
[Frame: 1166, payload: 33905-35284 (1380 bytes)]
[Frame: 1168, payload: 35285-35289 (5 bytes)]
[Segment count: 29]
[Reassembled TCP length: 35290]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:26 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 34949\r\n
[Content length: 34949]
Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:26 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7221
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 238
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1170 2012-06-20 08:38:45.401945 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 1170: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:45.401945000 GMT Daylight Time
Epoch Time: 1340177925.401945000 seconds
[Time delta from previous captured frame: 0.000103000 seconds]
[Time delta from previous displayed frame: 0.000351000 seconds]
[Time since reference or first frame: 17.380159000 seconds]
Frame Number: 1170
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x23e2 (9186)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7ed [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 1101, Ack: 70581, Len: 237
Source port: qke-llc-v3 (2523)
Destination port: http (80)
[Stream index: 19]
Sequence number: 1101 (relative sequence number)
[Next sequence number: 1338 (relative sequence number)]
Acknowledgement number: 70581 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x1e30 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #1169(200), #1170(237)]
[Frame: 1169, payload: 0-199 (200 bytes)]
[Frame: 1170, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1218 2012-06-20 08:38:45.821609 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1218: 1031 bytes on wire (8248 bits), 1031 bytes captured (8248 bits)
Arrival Time: Jun 20, 2012 08:38:45.821609000 GMT Daylight Time
Epoch Time: 1340177925.821609000 seconds
[Time delta from previous captured frame: 0.000016000 seconds]
[Time delta from previous displayed frame: 0.419664000 seconds]
[Time since reference or first frame: 17.799823000 seconds]
Frame Number: 1218
Frame Length: 1031 bytes (8248 bits)
Capture Length: 1031 bytes (8248 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1017
Identification: 0x66b8 (26296)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xde33 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: qke-llc-v3 (2523), Seq: 104894, Ack: 1338, Len: 977
Source port: http (80)
Destination port: qke-llc-v3 (2523)
[Stream index: 19]
Sequence number: 104894 (relative sequence number)
[Next sequence number: 105871 (relative sequence number)]
Acknowledgement number: 1338 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x2028 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2357]
TCP segment data (977 bytes)
[28 Reassembled TCP Segments (35290 bytes): #1178(1380), #1179(1380), #1181(1380), #1182(241), #1184(1380), #1185(1380), #1187(1380), #1188(1380), #1190(1380), #1191(1380), #1193(408), #1194(1380), #1196(1380), #1197(1380), #1199(1380), #12]
[Frame: 1178, payload: 0-1379 (1380 bytes)]
[Frame: 1179, payload: 1380-2759 (1380 bytes)]
[Frame: 1181, payload: 2760-4139 (1380 bytes)]
[Frame: 1182, payload: 4140-4380 (241 bytes)]
[Frame: 1184, payload: 4381-5760 (1380 bytes)]
[Frame: 1185, payload: 5761-7140 (1380 bytes)]
[Frame: 1187, payload: 7141-8520 (1380 bytes)]
[Frame: 1188, payload: 8521-9900 (1380 bytes)]
[Frame: 1190, payload: 9901-11280 (1380 bytes)]
[Frame: 1191, payload: 11281-12660 (1380 bytes)]
[Frame: 1193, payload: 12661-13068 (408 bytes)]
[Frame: 1194, payload: 13069-14448 (1380 bytes)]
[Frame: 1196, payload: 14449-15828 (1380 bytes)]
[Frame: 1197, payload: 15829-17208 (1380 bytes)]
[Frame: 1199, payload: 17209-18588 (1380 bytes)]
[Frame: 1200, payload: 18589-19968 (1380 bytes)]
[Frame: 1202, payload: 19969-21348 (1380 bytes)]
[Frame: 1203, payload: 21349-22728 (1380 bytes)]
[Frame: 1205, payload: 22729-24108 (1380 bytes)]
[Frame: 1206, payload: 24109-24652 (544 bytes)]
[Frame: 1208, payload: 24653-26032 (1380 bytes)]
[Frame: 1209, payload: 26033-27412 (1380 bytes)]
[Frame: 1211, payload: 27413-28792 (1380 bytes)]
[Frame: 1212, payload: 28793-30172 (1380 bytes)]
[Frame: 1214, payload: 30173-31552 (1380 bytes)]
[Frame: 1215, payload: 31553-32932 (1380 bytes)]
[Frame: 1217, payload: 32933-34312 (1380 bytes)]
[Frame: 1218, payload: 34313-35289 (977 bytes)]
[Segment count: 28]
[Reassembled TCP length: 35290]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:26 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 34949\r\n
[Content length: 34949]
Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:26 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7221
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 238
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1220 2012-06-20 08:38:45.821976 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 1220: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Arrival Time: Jun 20, 2012 08:38:45.821976000 GMT Daylight Time
Epoch Time: 1340177925.821976000 seconds
[Time delta from previous captured frame: 0.000316000 seconds]
[Time delta from previous displayed frame: 0.000367000 seconds]
[Time since reference or first frame: 17.800190000 seconds]
Frame Number: 1220
Frame Length: 188 bytes (1504 bits)
Capture Length: 188 bytes (1504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 174
Identification: 0x23f2 (9202)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd844 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: qke-llc-v3 (2523), Dst Port: http (80), Seq: 1338, Ack: 105871, Len: 134
Source port: qke-llc-v3 (2523)
Destination port: http (80)
[Stream index: 19]
Sequence number: 1338 (relative sequence number)
[Next sequence number: 1472 (relative sequence number)]
Acknowledgement number: 105871 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xdb9d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 134]
Hypertext Transfer Protocol
HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
No. Time Source Destination Protocol Info
1235 2012-06-20 08:38:46.090606 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 1235: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:46.090606000 GMT Daylight Time
Epoch Time: 1340177926.090606000 seconds
[Time delta from previous captured frame: 0.000131000 seconds]
[Time delta from previous displayed frame: 0.268630000 seconds]
[Time since reference or first frame: 18.068820000 seconds]
Frame Number: 1235
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x23f8 (9208)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7d7 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237
Source port: optiwave-lm (2524)
Destination port: http (80)
[Stream index: 21]
Sequence number: 227 (relative sequence number)
[Next sequence number: 464 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x8d88 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 463]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (463 bytes): #1234(226), #1235(237)]
[Frame: 1234, payload: 0-225 (226 bytes)]
[Frame: 1235, payload: 226-462 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 463]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1277 2012-06-20 08:38:46.657150 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1277: 1288 bytes on wire (10304 bits), 1288 bytes captured (10304 bits)
Arrival Time: Jun 20, 2012 08:38:46.657150000 GMT Daylight Time
Epoch Time: 1340177926.657150000 seconds
[Time delta from previous captured frame: 0.000035000 seconds]
[Time delta from previous displayed frame: 0.566544000 seconds]
[Time since reference or first frame: 18.635364000 seconds]
Frame Number: 1277
Frame Length: 1288 bytes (10304 bits)
Capture Length: 1288 bytes (10304 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1274
Identification: 0xbf05 (48901)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x84e5 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: optiwave-lm (2524), Seq: 26734, Ack: 464, Len: 1234
Source port: http (80)
Destination port: optiwave-lm (2524)
[Stream index: 21]
Sequence number: 26734 (relative sequence number)
[Next sequence number: 27968 (relative sequence number)]
Acknowledgement number: 464 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x94a6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2614]
TCP segment data (1234 bytes)
[22 Reassembled TCP Segments (27967 bytes): #1241(1380), #1242(1380), #1244(1380), #1245(241), #1247(1380), #1248(1380), #1250(1380), #1251(1380), #1253(272), #1257(1380), #1259(1380), #1260(1380), #1262(1380), #1263(1380), #1265(1380), #12]
[Frame: 1241, payload: 0-1379 (1380 bytes)]
[Frame: 1242, payload: 1380-2759 (1380 bytes)]
[Frame: 1244, payload: 2760-4139 (1380 bytes)]
[Frame: 1245, payload: 4140-4380 (241 bytes)]
[Frame: 1247, payload: 4381-5760 (1380 bytes)]
[Frame: 1248, payload: 5761-7140 (1380 bytes)]
[Frame: 1250, payload: 7141-8520 (1380 bytes)]
[Frame: 1251, payload: 8521-9900 (1380 bytes)]
[Frame: 1253, payload: 9901-10172 (272 bytes)]
[Frame: 1257, payload: 10173-11552 (1380 bytes)]
[Frame: 1259, payload: 11553-12932 (1380 bytes)]
[Frame: 1260, payload: 12933-14312 (1380 bytes)]
[Frame: 1262, payload: 14313-15692 (1380 bytes)]
[Frame: 1263, payload: 15693-17072 (1380 bytes)]
[Frame: 1265, payload: 17073-18452 (1380 bytes)]
[Frame: 1266, payload: 18453-19832 (1380 bytes)]
[Frame: 1268, payload: 19833-21212 (1380 bytes)]
[Frame: 1269, payload: 21213-22592 (1380 bytes)]
[Frame: 1271, payload: 22593-23972 (1380 bytes)]
[Frame: 1274, payload: 23973-25352 (1380 bytes)]
[Frame: 1276, payload: 25353-26732 (1380 bytes)]
[Frame: 1277, payload: 26733-27966 (1234 bytes)]
[Segment count: 22]
[Reassembled TCP length: 27967]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:27 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 27627\r\n
[Content length: 27627]
Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:27 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6304
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 237
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1280 2012-06-20 08:38:46.657560 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 1280: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:46.657560000 GMT Daylight Time
Epoch Time: 1340177926.657560000 seconds
[Time delta from previous captured frame: 0.000132000 seconds]
[Time delta from previous displayed frame: 0.000410000 seconds]
[Time since reference or first frame: 18.635774000 seconds]
Frame Number: 1280
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2405 (9221)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7ca [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 664, Ack: 27968, Len: 237
Source port: optiwave-lm (2524)
Destination port: http (80)
[Stream index: 21]
Sequence number: 664 (relative sequence number)
[Next sequence number: 901 (relative sequence number)]
Acknowledgement number: 27968 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x1e94 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #1279(200), #1280(237)]
[Frame: 1279, payload: 0-199 (200 bytes)]
[Frame: 1280, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1319 2012-06-20 08:38:47.066469 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1319: 1220 bytes on wire (9760 bits), 1220 bytes captured (9760 bits)
Arrival Time: Jun 20, 2012 08:38:47.066469000 GMT Daylight Time
Epoch Time: 1340177927.066469000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.408909000 seconds]
[Time since reference or first frame: 19.044683000 seconds]
Frame Number: 1319
Frame Length: 1220 bytes (9760 bits)
Capture Length: 1220 bytes (9760 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1206
Identification: 0xbf1e (48926)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x8510 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: optiwave-lm (2524), Seq: 54769, Ack: 901, Len: 1166
Source port: http (80)
Destination port: optiwave-lm (2524)
[Stream index: 21]
Sequence number: 54769 (relative sequence number)
[Next sequence number: 55935 (relative sequence number)]
Acknowledgement number: 901 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x2016 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1166]
TCP segment data (1166 bytes)
[23 Reassembled TCP Segments (27967 bytes): #1285(1380), #1286(1380), #1288(1380), #1289(241), #1291(1380), #1292(1380), #1294(1380), #1295(1380), #1297(272), #1298(1380), #1300(68), #1302(1380), #1304(1380), #1305(1380), #1307(1380), #1308]
[Frame: 1285, payload: 0-1379 (1380 bytes)]
[Frame: 1286, payload: 1380-2759 (1380 bytes)]
[Frame: 1288, payload: 2760-4139 (1380 bytes)]
[Frame: 1289, payload: 4140-4380 (241 bytes)]
[Frame: 1291, payload: 4381-5760 (1380 bytes)]
[Frame: 1292, payload: 5761-7140 (1380 bytes)]
[Frame: 1294, payload: 7141-8520 (1380 bytes)]
[Frame: 1295, payload: 8521-9900 (1380 bytes)]
[Frame: 1297, payload: 9901-10172 (272 bytes)]
[Frame: 1298, payload: 10173-11552 (1380 bytes)]
[Frame: 1300, payload: 11553-11620 (68 bytes)]
[Frame: 1302, payload: 11621-13000 (1380 bytes)]
[Frame: 1304, payload: 13001-14380 (1380 bytes)]
[Frame: 1305, payload: 14381-15760 (1380 bytes)]
[Frame: 1307, payload: 15761-17140 (1380 bytes)]
[Frame: 1308, payload: 17141-18520 (1380 bytes)]
[Frame: 1310, payload: 18521-19900 (1380 bytes)]
[Frame: 1311, payload: 19901-21280 (1380 bytes)]
[Frame: 1313, payload: 21281-22660 (1380 bytes)]
[Frame: 1314, payload: 22661-24040 (1380 bytes)]
[Frame: 1316, payload: 24041-25420 (1380 bytes)]
[Frame: 1317, payload: 25421-26800 (1380 bytes)]
[Frame: 1319, payload: 26801-27966 (1166 bytes)]
[Segment count: 23]
[Reassembled TCP length: 27967]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:27 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 27627\r\n
[Content length: 27627]
Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:27 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6304
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 237
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1321 2012-06-20 08:38:47.066763 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 1321: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:47.066763000 GMT Daylight Time
Epoch Time: 1340177927.066763000 seconds
[Time delta from previous captured frame: 0.000046000 seconds]
[Time delta from previous displayed frame: 0.000294000 seconds]
[Time since reference or first frame: 19.044977000 seconds]
Frame Number: 1321
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2412 (9234)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7bd [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 1101, Ack: 55935, Len: 237
Source port: optiwave-lm (2524)
Destination port: http (80)
[Stream index: 21]
Sequence number: 1101 (relative sequence number)
[Next sequence number: 1338 (relative sequence number)]
Acknowledgement number: 55935 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 254
[Calculated window size: 65024]
[Window size scaling factor: 256]
Checksum: 0xafa3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #1320(200), #1321(237)]
[Frame: 1320, payload: 0-199 (200 bytes)]
[Frame: 1321, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1360 2012-06-20 08:38:47.486388 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1360: 948 bytes on wire (7584 bits), 948 bytes captured (7584 bits)
Arrival Time: Jun 20, 2012 08:38:47.486388000 GMT Daylight Time
Epoch Time: 1340177927.486388000 seconds
[Time delta from previous captured frame: 0.000008000 seconds]
[Time delta from previous displayed frame: 0.419625000 seconds]
[Time since reference or first frame: 19.464602000 seconds]
Frame Number: 1360
Frame Length: 948 bytes (7584 bits)
Capture Length: 948 bytes (7584 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 934
Identification: 0xbf37 (48951)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x8607 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: optiwave-lm (2524), Seq: 83008, Ack: 1338, Len: 894
Source port: http (80)
Destination port: optiwave-lm (2524)
[Stream index: 21]
Sequence number: 83008 (relative sequence number)
[Next sequence number: 83902 (relative sequence number)]
Acknowledgement number: 1338 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x953f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 894]
TCP segment data (894 bytes)
[23 Reassembled TCP Segments (27967 bytes): #1327(1380), #1328(1380), #1330(1380), #1331(241), #1333(1380), #1334(1380), #1336(1380), #1337(1380), #1339(272), #1340(1380), #1342(1380), #1343(1380), #1345(1380), #1346(1380), #1348(340), #134]
[Frame: 1327, payload: 0-1379 (1380 bytes)]
[Frame: 1328, payload: 1380-2759 (1380 bytes)]
[Frame: 1330, payload: 2760-4139 (1380 bytes)]
[Frame: 1331, payload: 4140-4380 (241 bytes)]
[Frame: 1333, payload: 4381-5760 (1380 bytes)]
[Frame: 1334, payload: 5761-7140 (1380 bytes)]
[Frame: 1336, payload: 7141-8520 (1380 bytes)]
[Frame: 1337, payload: 8521-9900 (1380 bytes)]
[Frame: 1339, payload: 9901-10172 (272 bytes)]
[Frame: 1340, payload: 10173-11552 (1380 bytes)]
[Frame: 1342, payload: 11553-12932 (1380 bytes)]
[Frame: 1343, payload: 12933-14312 (1380 bytes)]
[Frame: 1345, payload: 14313-15692 (1380 bytes)]
[Frame: 1346, payload: 15693-17072 (1380 bytes)]
[Frame: 1348, payload: 17073-17412 (340 bytes)]
[Frame: 1349, payload: 17413-18792 (1380 bytes)]
[Frame: 1351, payload: 18793-20172 (1380 bytes)]
[Frame: 1352, payload: 20173-21552 (1380 bytes)]
[Frame: 1354, payload: 21553-22932 (1380 bytes)]
[Frame: 1355, payload: 22933-24312 (1380 bytes)]
[Frame: 1357, payload: 24313-25692 (1380 bytes)]
[Frame: 1358, payload: 25693-27072 (1380 bytes)]
[Frame: 1360, payload: 27073-27966 (894 bytes)]
[Segment count: 23]
[Reassembled TCP length: 27967]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:28 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 27627\r\n
[Content length: 27627]
Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:28 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6304
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 237
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1361 2012-06-20 08:38:47.486649 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 1361: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Arrival Time: Jun 20, 2012 08:38:47.486649000 GMT Daylight Time
Epoch Time: 1340177927.486649000 seconds
[Time delta from previous captured frame: 0.000261000 seconds]
[Time delta from previous displayed frame: 0.000261000 seconds]
[Time since reference or first frame: 19.464863000 seconds]
Frame Number: 1361
Frame Length: 188 bytes (1504 bits)
Capture Length: 188 bytes (1504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 174
Identification: 0x241e (9246)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd818 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: optiwave-lm (2524), Dst Port: http (80), Seq: 1338, Ack: 83902, Len: 134
Source port: optiwave-lm (2524)
Destination port: http (80)
[Stream index: 21]
Sequence number: 1338 (relative sequence number)
[Next sequence number: 1472 (relative sequence number)]
Acknowledgement number: 83902 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0x8aac [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1360]
[The RTT to ACK the segment was: 0.000261000 seconds]
[Bytes in flight: 134]
Hypertext Transfer Protocol
HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
No. Time Source Destination Protocol Info
1375 2012-06-20 08:38:47.757852 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 1375: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:47.757852000 GMT Daylight Time
Epoch Time: 1340177927.757852000 seconds
[Time delta from previous captured frame: 0.000132000 seconds]
[Time delta from previous displayed frame: 0.271203000 seconds]
[Time since reference or first frame: 19.736066000 seconds]
Frame Number: 1375
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2424 (9252)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7ab [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: ms-v-worlds (2525)
Destination port: http (80)
[Stream index: 22]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x58a4 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #1374(225), #1375(237)]
[Frame: 1374, payload: 0-224 (225 bytes)]
[Frame: 1375, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1437 2012-06-20 08:38:48.313092 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1437: 1089 bytes on wire (8712 bits), 1089 bytes captured (8712 bits)
Arrival Time: Jun 20, 2012 08:38:48.313092000 GMT Daylight Time
Epoch Time: 1340177928.313092000 seconds
[Time delta from previous captured frame: 0.000240000 seconds]
[Time delta from previous displayed frame: 0.555240000 seconds]
[Time since reference or first frame: 20.291306000 seconds]
Frame Number: 1437
Frame Length: 1089 bytes (8712 bits)
Capture Length: 1089 bytes (8712 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1075
Identification: 0x0f9d (3997)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x3515 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ms-v-worlds (2525), Seq: 45850, Ack: 463, Len: 1035
Source port: http (80)
Destination port: ms-v-worlds (2525)
[Stream index: 22]
Sequence number: 45850 (relative sequence number)
[Next sequence number: 46885 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x18ed [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1035]
TCP segment data (1035 bytes)
[35 Reassembled TCP Segments (46884 bytes): #1385(1380), #1386(1380), #1388(1380), #1389(1380), #1391(309), #1392(1380), #1394(1380), #1395(1380), #1397(1380), #1398(1380), #1401(1380), #1402(1380), #1404(1380), #1405(1380), #1407(1380), #1]
[Frame: 1385, payload: 0-1379 (1380 bytes)]
[Frame: 1386, payload: 1380-2759 (1380 bytes)]
[Frame: 1388, payload: 2760-4139 (1380 bytes)]
[Frame: 1389, payload: 4140-5519 (1380 bytes)]
[Frame: 1391, payload: 5520-5828 (309 bytes)]
[Frame: 1392, payload: 5829-7208 (1380 bytes)]
[Frame: 1394, payload: 7209-8588 (1380 bytes)]
[Frame: 1395, payload: 8589-9968 (1380 bytes)]
[Frame: 1397, payload: 9969-11348 (1380 bytes)]
[Frame: 1398, payload: 11349-12728 (1380 bytes)]
[Frame: 1401, payload: 12729-14108 (1380 bytes)]
[Frame: 1402, payload: 14109-15488 (1380 bytes)]
[Frame: 1404, payload: 15489-16868 (1380 bytes)]
[Frame: 1405, payload: 16869-18248 (1380 bytes)]
[Frame: 1407, payload: 18249-19628 (1380 bytes)]
[Frame: 1408, payload: 19629-21008 (1380 bytes)]
[Frame: 1410, payload: 21009-22388 (1380 bytes)]
[Frame: 1411, payload: 22389-23768 (1380 bytes)]
[Frame: 1413, payload: 23769-25148 (1380 bytes)]
[Frame: 1414, payload: 25149-26528 (1380 bytes)]
[Frame: 1416, payload: 26529-27908 (1380 bytes)]
[Frame: 1417, payload: 27909-29288 (1380 bytes)]
[Frame: 1419, payload: 29289-30668 (1380 bytes)]
[Frame: 1420, payload: 30669-32048 (1380 bytes)]
[Frame: 1422, payload: 32049-33428 (1380 bytes)]
[Frame: 1423, payload: 33429-34808 (1380 bytes)]
[Frame: 1425, payload: 34809-36188 (1380 bytes)]
[Frame: 1426, payload: 36189-37568 (1380 bytes)]
[Frame: 1428, payload: 37569-38948 (1380 bytes)]
[Frame: 1429, payload: 38949-40328 (1380 bytes)]
[Frame: 1431, payload: 40329-41708 (1380 bytes)]
[Frame: 1432, payload: 41709-43088 (1380 bytes)]
[Frame: 1434, payload: 43089-44468 (1380 bytes)]
[Frame: 1435, payload: 44469-45848 (1380 bytes)]
[Frame: 1437, payload: 45849-46883 (1035 bytes)]
[Segment count: 35]
[Reassembled TCP length: 46884]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:29 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 46544\r\n
[Content length: 46544]
Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:29 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 80\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7881
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1439 2012-06-20 08:38:48.313541 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 1439: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:48.313541000 GMT Daylight Time
Epoch Time: 1340177928.313541000 seconds
[Time delta from previous captured frame: 0.000134000 seconds]
[Time delta from previous displayed frame: 0.000449000 seconds]
[Time since reference or first frame: 20.291755000 seconds]
Frame Number: 1439
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2439 (9273)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd796 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 662, Ack: 46885, Len: 237
Source port: ms-v-worlds (2525)
Destination port: http (80)
[Stream index: 22]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 46885 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 254
[Calculated window size: 65024]
[Window size scaling factor: 256]
Checksum: 0x9fcf [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #1438(199), #1439(237)]
[Frame: 1438, payload: 0-198 (199 bytes)]
[Frame: 1439, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1499 2012-06-20 08:38:48.767498 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1499: 477 bytes on wire (3816 bits), 477 bytes captured (3816 bits)
Arrival Time: Jun 20, 2012 08:38:48.767498000 GMT Daylight Time
Epoch Time: 1340177928.767498000 seconds
[Time delta from previous captured frame: 0.000010000 seconds]
[Time delta from previous displayed frame: 0.453957000 seconds]
[Time since reference or first frame: 20.745712000 seconds]
Frame Number: 1499
Frame Length: 477 bytes (3816 bits)
Capture Length: 477 bytes (3816 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 463
Identification: 0x0fc4 (4036)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x3752 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ms-v-worlds (2525), Seq: 93346, Ack: 899, Len: 423
Source port: http (80)
Destination port: ms-v-worlds (2525)
[Stream index: 22]
Sequence number: 93346 (relative sequence number)
[Next sequence number: 93769 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xb2c0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 423]
TCP segment data (423 bytes)
[37 Reassembled TCP Segments (46884 bytes): #1443(1380), #1444(105), #1446(1380), #1447(1380), #1449(1380), #1450(1380), #1452(1380), #1453(1380), #1455(1380), #1456(1380), #1458(1380), #1459(612), #1461(1380), #1462(1380), #1464(1380), #14]
[Frame: 1443, payload: 0-1379 (1380 bytes)]
[Frame: 1444, payload: 1380-1484 (105 bytes)]
[Frame: 1446, payload: 1485-2864 (1380 bytes)]
[Frame: 1447, payload: 2865-4244 (1380 bytes)]
[Frame: 1449, payload: 4245-5624 (1380 bytes)]
[Frame: 1450, payload: 5625-7004 (1380 bytes)]
[Frame: 1452, payload: 7005-8384 (1380 bytes)]
[Frame: 1453, payload: 8385-9764 (1380 bytes)]
[Frame: 1455, payload: 9765-11144 (1380 bytes)]
[Frame: 1456, payload: 11145-12524 (1380 bytes)]
[Frame: 1458, payload: 12525-13904 (1380 bytes)]
[Frame: 1459, payload: 13905-14516 (612 bytes)]
[Frame: 1461, payload: 14517-15896 (1380 bytes)]
[Frame: 1462, payload: 15897-17276 (1380 bytes)]
[Frame: 1464, payload: 17277-18656 (1380 bytes)]
[Frame: 1465, payload: 18657-18860 (204 bytes)]
[Frame: 1469, payload: 18861-20240 (1380 bytes)]
[Frame: 1470, payload: 20241-21620 (1380 bytes)]
[Frame: 1472, payload: 21621-23000 (1380 bytes)]
[Frame: 1473, payload: 23001-24380 (1380 bytes)]
[Frame: 1475, payload: 24381-25760 (1380 bytes)]
[Frame: 1476, payload: 25761-27140 (1380 bytes)]
[Frame: 1478, payload: 27141-28520 (1380 bytes)]
[Frame: 1479, payload: 28521-29900 (1380 bytes)]
[Frame: 1481, payload: 29901-31280 (1380 bytes)]
[Frame: 1482, payload: 31281-32660 (1380 bytes)]
[Frame: 1484, payload: 32661-34040 (1380 bytes)]
[Frame: 1485, payload: 34041-35420 (1380 bytes)]
[Frame: 1487, payload: 35421-36800 (1380 bytes)]
[Frame: 1488, payload: 36801-38180 (1380 bytes)]
[Frame: 1490, payload: 38181-39560 (1380 bytes)]
[Frame: 1491, payload: 39561-40940 (1380 bytes)]
[Frame: 1493, payload: 40941-42320 (1380 bytes)]
[Frame: 1494, payload: 42321-43700 (1380 bytes)]
[Frame: 1496, payload: 43701-45080 (1380 bytes)]
[Frame: 1497, payload: 45081-46460 (1380 bytes)]
[Frame: 1499, payload: 46461-46883 (423 bytes)]
[Segment count: 37]
[Reassembled TCP length: 46884]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:29 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 46544\r\n
[Content length: 46544]
Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:29 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 80\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7881
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1501 2012-06-20 08:38:48.767869 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 1501: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:48.767869000 GMT Daylight Time
Epoch Time: 1340177928.767869000 seconds
[Time delta from previous captured frame: 0.000061000 seconds]
[Time delta from previous displayed frame: 0.000371000 seconds]
[Time since reference or first frame: 20.746083000 seconds]
Frame Number: 1501
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x244d (9293)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd782 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 1098, Ack: 93769, Len: 237
Source port: ms-v-worlds (2525)
Destination port: http (80)
[Stream index: 22]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 93769 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0xe6f3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #1500(199), #1501(237)]
[Frame: 1500, payload: 0-198 (199 bytes)]
[Frame: 1501, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1567 2012-06-20 08:38:49.201113 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1567: 1381 bytes on wire (11048 bits), 1381 bytes captured (11048 bits)
Arrival Time: Jun 20, 2012 08:38:49.201113000 GMT Daylight Time
Epoch Time: 1340177929.201113000 seconds
[Time delta from previous captured frame: 0.000181000 seconds]
[Time delta from previous displayed frame: 0.433244000 seconds]
[Time since reference or first frame: 21.179327000 seconds]
Frame Number: 1567
Frame Length: 1381 bytes (11048 bits)
Capture Length: 1381 bytes (11048 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1367
Identification: 0x0fee (4078)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x33a0 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ms-v-worlds (2525), Seq: 139326, Ack: 1335, Len: 1327
Source port: http (80)
Destination port: ms-v-worlds (2525)
[Stream index: 22]
Sequence number: 139326 (relative sequence number)
[Next sequence number: 140653 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x8d78 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2707]
TCP segment data (1327 bytes)
[40 Reassembled TCP Segments (46884 bytes): #1507(1380), #1508(105), #1510(1380), #1511(1380), #1513(1380), #1514(1380), #1516(1380), #1517(1380), #1519(408), #1520(1380), #1522(1380), #1523(1380), #1525(204), #1526(1380), #1528(68), #1529(]
[Frame: 1507, payload: 0-1379 (1380 bytes)]
[Frame: 1508, payload: 1380-1484 (105 bytes)]
[Frame: 1510, payload: 1485-2864 (1380 bytes)]
[Frame: 1511, payload: 2865-4244 (1380 bytes)]
[Frame: 1513, payload: 4245-5624 (1380 bytes)]
[Frame: 1514, payload: 5625-7004 (1380 bytes)]
[Frame: 1516, payload: 7005-8384 (1380 bytes)]
[Frame: 1517, payload: 8385-9764 (1380 bytes)]
[Frame: 1519, payload: 9765-10172 (408 bytes)]
[Frame: 1520, payload: 10173-11552 (1380 bytes)]
[Frame: 1522, payload: 11553-12932 (1380 bytes)]
[Frame: 1523, payload: 12933-14312 (1380 bytes)]
[Frame: 1525, payload: 14313-14516 (204 bytes)]
[Frame: 1526, payload: 14517-15896 (1380 bytes)]
[Frame: 1528, payload: 15897-15964 (68 bytes)]
[Frame: 1529, payload: 15965-17344 (1380 bytes)]
[Frame: 1531, payload: 17345-17412 (68 bytes)]
[Frame: 1532, payload: 17413-18792 (1380 bytes)]
[Frame: 1534, payload: 18793-18860 (68 bytes)]
[Frame: 1535, payload: 18861-20240 (1380 bytes)]
[Frame: 1537, payload: 20241-21620 (1380 bytes)]
[Frame: 1538, payload: 21621-23000 (1380 bytes)]
[Frame: 1540, payload: 23001-24380 (1380 bytes)]
[Frame: 1541, payload: 24381-25760 (1380 bytes)]
[Frame: 1543, payload: 25761-27140 (1380 bytes)]
[Frame: 1544, payload: 27141-28520 (1380 bytes)]
[Frame: 1546, payload: 28521-28996 (476 bytes)]
[Frame: 1549, payload: 28997-30376 (1380 bytes)]
[Frame: 1551, payload: 30377-31756 (1380 bytes)]
[Frame: 1552, payload: 31757-33136 (1380 bytes)]
[Frame: 1554, payload: 33137-34516 (1380 bytes)]
[Frame: 1555, payload: 34517-35896 (1380 bytes)]
[Frame: 1557, payload: 35897-37276 (1380 bytes)]
[Frame: 1558, payload: 37277-38656 (1380 bytes)]
[Frame: 1560, payload: 38657-40036 (1380 bytes)]
[Frame: 1561, payload: 40037-41416 (1380 bytes)]
[Frame: 1563, payload: 41417-42796 (1380 bytes)]
[Frame: 1564, payload: 42797-44176 (1380 bytes)]
[Frame: 1566, payload: 44177-45556 (1380 bytes)]
[Frame: 1567, payload: 45557-46883 (1327 bytes)]
[Segment count: 40]
[Reassembled TCP length: 46884]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:30 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 46544\r\n
[Content length: 46544]
Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:30 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 80\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7881
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1569 2012-06-20 08:38:49.201401 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 1569: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:49.201401000 GMT Daylight Time
Epoch Time: 1340177929.201401000 seconds
[Time delta from previous captured frame: 0.000223000 seconds]
[Time delta from previous displayed frame: 0.000288000 seconds]
[Time since reference or first frame: 21.179615000 seconds]
Frame Number: 1569
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2462 (9314)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7d5 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ms-v-worlds (2525), Dst Port: http (80), Seq: 1335, Ack: 140653, Len: 133
Source port: ms-v-worlds (2525)
Destination port: http (80)
[Stream index: 22]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 140653 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x5c71 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
No. Time Source Destination Protocol Info
1582 2012-06-20 08:38:49.470670 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 1582: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:49.470670000 GMT Daylight Time
Epoch Time: 1340177929.470670000 seconds
[Time delta from previous captured frame: 0.000130000 seconds]
[Time delta from previous displayed frame: 0.269269000 seconds]
[Time since reference or first frame: 21.448884000 seconds]
Frame Number: 1582
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2468 (9320)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd767 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: ema-sent-lm (2526)
Destination port: http (80)
[Stream index: 25]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x6522 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #1581(225), #1582(237)]
[Frame: 1581, payload: 0-224 (225 bytes)]
[Frame: 1582, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1626 2012-06-20 08:38:50.094913 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1626: 1013 bytes on wire (8104 bits), 1013 bytes captured (8104 bits)
Arrival Time: Jun 20, 2012 08:38:50.094913000 GMT Daylight Time
Epoch Time: 1340177930.094913000 seconds
[Time delta from previous captured frame: 0.000154000 seconds]
[Time delta from previous displayed frame: 0.624243000 seconds]
[Time since reference or first frame: 22.073127000 seconds]
Frame Number: 1626
Frame Length: 1013 bytes (8104 bits)
Capture Length: 1013 bytes (8104 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 999
Identification: 0x4180 (16768)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x037e [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ema-sent-lm (2526), Seq: 34946, Ack: 463, Len: 959
Source port: http (80)
Destination port: ema-sent-lm (2526)
[Stream index: 25]
Sequence number: 34946 (relative sequence number)
[Next sequence number: 35905 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xecbe [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 959]
TCP segment data (959 bytes)
[27 Reassembled TCP Segments (35904 bytes): #1586(1380), #1587(1380), #1589(1380), #1590(1380), #1592(1380), #1593(1380), #1595(445), #1596(1380), #1598(1380), #1599(1380), #1601(1380), #1602(1380), #1604(1380), #1605(1380), #1607(1380), #1]
[Frame: 1586, payload: 0-1379 (1380 bytes)]
[Frame: 1587, payload: 1380-2759 (1380 bytes)]
[Frame: 1589, payload: 2760-4139 (1380 bytes)]
[Frame: 1590, payload: 4140-5519 (1380 bytes)]
[Frame: 1592, payload: 5520-6899 (1380 bytes)]
[Frame: 1593, payload: 6900-8279 (1380 bytes)]
[Frame: 1595, payload: 8280-8724 (445 bytes)]
[Frame: 1596, payload: 8725-10104 (1380 bytes)]
[Frame: 1598, payload: 10105-11484 (1380 bytes)]
[Frame: 1599, payload: 11485-12864 (1380 bytes)]
[Frame: 1601, payload: 12865-14244 (1380 bytes)]
[Frame: 1602, payload: 14245-15624 (1380 bytes)]
[Frame: 1604, payload: 15625-17004 (1380 bytes)]
[Frame: 1605, payload: 17005-18384 (1380 bytes)]
[Frame: 1607, payload: 18385-19764 (1380 bytes)]
[Frame: 1608, payload: 19765-21144 (1380 bytes)]
[Frame: 1610, payload: 21145-22524 (1380 bytes)]
[Frame: 1611, payload: 22525-23904 (1380 bytes)]
[Frame: 1613, payload: 23905-25284 (1380 bytes)]
[Frame: 1615, payload: 25285-26664 (1380 bytes)]
[Frame: 1617, payload: 26665-28044 (1380 bytes)]
[Frame: 1618, payload: 28045-29424 (1380 bytes)]
[Frame: 1620, payload: 29425-30804 (1380 bytes)]
[Frame: 1621, payload: 30805-32184 (1380 bytes)]
[Frame: 1623, payload: 32185-33564 (1380 bytes)]
[Frame: 1624, payload: 33565-34944 (1380 bytes)]
[Frame: 1626, payload: 34945-35903 (959 bytes)]
[Segment count: 27]
[Reassembled TCP length: 35904]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:30 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 35564\r\n
[Content length: 35564]
Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:30 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7094
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1628 2012-06-20 08:38:50.095397 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 1628: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:50.095397000 GMT Daylight Time
Epoch Time: 1340177930.095397000 seconds
[Time delta from previous captured frame: 0.000135000 seconds]
[Time delta from previous displayed frame: 0.000484000 seconds]
[Time since reference or first frame: 22.073611000 seconds]
Frame Number: 1628
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2477 (9335)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd758 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 662, Ack: 35905, Len: 237
Source port: ema-sent-lm (2526)
Destination port: http (80)
[Stream index: 25]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 35905 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0xd730 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #1627(199), #1628(237)]
[Frame: 1627, payload: 0-198 (199 bytes)]
[Frame: 1628, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1675 2012-06-20 08:38:50.508214 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1675: 469 bytes on wire (3752 bits), 469 bytes captured (3752 bits)
Arrival Time: Jun 20, 2012 08:38:50.508214000 GMT Daylight Time
Epoch Time: 1340177930.508214000 seconds
[Time delta from previous captured frame: 0.000016000 seconds]
[Time delta from previous displayed frame: 0.412817000 seconds]
[Time since reference or first frame: 22.486428000 seconds]
Frame Number: 1675
Frame Length: 469 bytes (3752 bits)
Capture Length: 469 bytes (3752 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 455
Identification: 0x419f (16799)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x057f [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ema-sent-lm (2526), Seq: 71394, Ack: 899, Len: 415
Source port: http (80)
Destination port: ema-sent-lm (2526)
[Stream index: 25]
Sequence number: 71394 (relative sequence number)
[Next sequence number: 71809 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x426d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 415]
TCP segment data (415 bytes)
[29 Reassembled TCP Segments (35904 bytes): #1632(1380), #1633(1380), #1635(1380), #1636(241), #1638(1380), #1639(1380), #1641(1380), #1642(1380), #1644(1380), #1645(1380), #1647(1380), #1648(476), #1650(1380), #1651(1380), #1653(1380), #16]
[Frame: 1632, payload: 0-1379 (1380 bytes)]
[Frame: 1633, payload: 1380-2759 (1380 bytes)]
[Frame: 1635, payload: 2760-4139 (1380 bytes)]
[Frame: 1636, payload: 4140-4380 (241 bytes)]
[Frame: 1638, payload: 4381-5760 (1380 bytes)]
[Frame: 1639, payload: 5761-7140 (1380 bytes)]
[Frame: 1641, payload: 7141-8520 (1380 bytes)]
[Frame: 1642, payload: 8521-9900 (1380 bytes)]
[Frame: 1644, payload: 9901-11280 (1380 bytes)]
[Frame: 1645, payload: 11281-12660 (1380 bytes)]
[Frame: 1647, payload: 12661-14040 (1380 bytes)]
[Frame: 1648, payload: 14041-14516 (476 bytes)]
[Frame: 1650, payload: 14517-15896 (1380 bytes)]
[Frame: 1651, payload: 15897-17276 (1380 bytes)]
[Frame: 1653, payload: 17277-18656 (1380 bytes)]
[Frame: 1654, payload: 18657-20036 (1380 bytes)]
[Frame: 1656, payload: 20037-20308 (272 bytes)]
[Frame: 1658, payload: 20309-21688 (1380 bytes)]
[Frame: 1660, payload: 21689-23068 (1380 bytes)]
[Frame: 1661, payload: 23069-24448 (1380 bytes)]
[Frame: 1663, payload: 24449-25828 (1380 bytes)]
[Frame: 1664, payload: 25829-27208 (1380 bytes)]
[Frame: 1666, payload: 27209-28588 (1380 bytes)]
[Frame: 1667, payload: 28589-29968 (1380 bytes)]
[Frame: 1669, payload: 29969-31348 (1380 bytes)]
[Frame: 1670, payload: 31349-32728 (1380 bytes)]
[Frame: 1672, payload: 32729-34108 (1380 bytes)]
[Frame: 1673, payload: 34109-35488 (1380 bytes)]
[Frame: 1675, payload: 35489-35903 (415 bytes)]
[Segment count: 29]
[Reassembled TCP length: 35904]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:31 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 35564\r\n
[Content length: 35564]
Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:31 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7094
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1677 2012-06-20 08:38:50.508701 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 1677: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:50.508701000 GMT Daylight Time
Epoch Time: 1340177930.508701000 seconds
[Time delta from previous captured frame: 0.000099000 seconds]
[Time delta from previous displayed frame: 0.000487000 seconds]
[Time since reference or first frame: 22.486915000 seconds]
Frame Number: 1677
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2487 (9351)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd748 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 1098, Ack: 71809, Len: 237
Source port: ema-sent-lm (2526)
Destination port: http (80)
[Stream index: 25]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 71809 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0x493a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #1676(199), #1677(237)]
[Frame: 1676, payload: 0-198 (199 bytes)]
[Frame: 1677, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1724 2012-06-20 08:38:50.904470 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1724: 1305 bytes on wire (10440 bits), 1305 bytes captured (10440 bits)
Arrival Time: Jun 20, 2012 08:38:50.904470000 GMT Daylight Time
Epoch Time: 1340177930.904470000 seconds
[Time delta from previous captured frame: 0.000124000 seconds]
[Time delta from previous displayed frame: 0.395769000 seconds]
[Time since reference or first frame: 22.882684000 seconds]
Frame Number: 1724
Frame Length: 1305 bytes (10440 bits)
Capture Length: 1305 bytes (10440 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1291
Identification: 0x41bd (16829)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x021d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ema-sent-lm (2526), Seq: 106462, Ack: 1335, Len: 1251
Source port: http (80)
Destination port: ema-sent-lm (2526)
[Stream index: 25]
Sequence number: 106462 (relative sequence number)
[Next sequence number: 107713 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xac86 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2631]
TCP segment data (1251 bytes)
[28 Reassembled TCP Segments (35904 bytes): #1684(1380), #1685(1380), #1687(1380), #1688(1380), #1690(309), #1691(1380), #1693(1380), #1694(1380), #1696(1380), #1697(1380), #1699(340), #1700(1380), #1702(1380), #1703(1380), #1705(1380), #17]
[Frame: 1684, payload: 0-1379 (1380 bytes)]
[Frame: 1685, payload: 1380-2759 (1380 bytes)]
[Frame: 1687, payload: 2760-4139 (1380 bytes)]
[Frame: 1688, payload: 4140-5519 (1380 bytes)]
[Frame: 1690, payload: 5520-5828 (309 bytes)]
[Frame: 1691, payload: 5829-7208 (1380 bytes)]
[Frame: 1693, payload: 7209-8588 (1380 bytes)]
[Frame: 1694, payload: 8589-9968 (1380 bytes)]
[Frame: 1696, payload: 9969-11348 (1380 bytes)]
[Frame: 1697, payload: 11349-12728 (1380 bytes)]
[Frame: 1699, payload: 12729-13068 (340 bytes)]
[Frame: 1700, payload: 13069-14448 (1380 bytes)]
[Frame: 1702, payload: 14449-15828 (1380 bytes)]
[Frame: 1703, payload: 15829-17208 (1380 bytes)]
[Frame: 1705, payload: 17209-18588 (1380 bytes)]
[Frame: 1706, payload: 18589-19968 (1380 bytes)]
[Frame: 1708, payload: 19969-21348 (1380 bytes)]
[Frame: 1709, payload: 21349-22728 (1380 bytes)]
[Frame: 1711, payload: 22729-24108 (1380 bytes)]
[Frame: 1712, payload: 24109-25488 (1380 bytes)]
[Frame: 1714, payload: 25489-26868 (1380 bytes)]
[Frame: 1715, payload: 26869-28248 (1380 bytes)]
[Frame: 1717, payload: 28249-29628 (1380 bytes)]
[Frame: 1718, payload: 29629-31008 (1380 bytes)]
[Frame: 1720, payload: 31009-31892 (884 bytes)]
[Frame: 1721, payload: 31893-33272 (1380 bytes)]
[Frame: 1723, payload: 33273-34652 (1380 bytes)]
[Frame: 1724, payload: 34653-35903 (1251 bytes)]
[Segment count: 28]
[Reassembled TCP length: 35904]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:31 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 35564\r\n
[Content length: 35564]
Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:31 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7094
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1726 2012-06-20 08:38:50.904750 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 1726: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:50.904750000 GMT Daylight Time
Epoch Time: 1340177930.904750000 seconds
[Time delta from previous captured frame: 0.000228000 seconds]
[Time delta from previous displayed frame: 0.000280000 seconds]
[Time since reference or first frame: 22.882964000 seconds]
Frame Number: 1726
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2496 (9366)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd7a1 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ema-sent-lm (2526), Dst Port: http (80), Seq: 1335, Ack: 107713, Len: 133
Source port: ema-sent-lm (2526)
Destination port: http (80)
[Stream index: 25]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 107713 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xe99c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
No. Time Source Destination Protocol Info
1738 2012-06-20 08:38:51.208825 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 1738: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:51.208825000 GMT Daylight Time
Epoch Time: 1340177931.208825000 seconds
[Time delta from previous captured frame: 0.000130000 seconds]
[Time delta from previous displayed frame: 0.304075000 seconds]
[Time since reference or first frame: 23.187039000 seconds]
Frame Number: 1738
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x249c (9372)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd733 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: iqserver (2527)
Destination port: http (80)
[Stream index: 26]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x6d0e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #1737(225), #1738(237)]
[Frame: 1737, payload: 0-224 (225 bytes)]
[Frame: 1738, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1804 2012-06-20 08:38:51.783098 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1804: 349 bytes on wire (2792 bits), 349 bytes captured (2792 bits)
Arrival Time: Jun 20, 2012 08:38:51.783098000 GMT Daylight Time
Epoch Time: 1340177931.783098000 seconds
[Time delta from previous captured frame: 0.000016000 seconds]
[Time delta from previous displayed frame: 0.574273000 seconds]
[Time since reference or first frame: 23.761312000 seconds]
Frame Number: 1804
Frame Length: 349 bytes (2792 bits)
Capture Length: 349 bytes (2792 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 335
Identification: 0xdb28 (56104)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6c6d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: iqserver (2527), Seq: 52886, Ack: 463, Len: 295
Source port: http (80)
Destination port: iqserver (2527)
[Stream index: 26]
Sequence number: 52886 (relative sequence number)
[Next sequence number: 53181 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xd054 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1675]
TCP segment data (295 bytes)
[40 Reassembled TCP Segments (53180 bytes): #1744(1380), #1745(1380), #1747(1380), #1748(1380), #1750(1380), #1751(1380), #1753(445), #1754(1380), #1756(1380), #1757(1380), #1759(1380), #1760(1380), #1762(1380), #1763(1380), #1765(1380), #1]
[Frame: 1744, payload: 0-1379 (1380 bytes)]
[Frame: 1745, payload: 1380-2759 (1380 bytes)]
[Frame: 1747, payload: 2760-4139 (1380 bytes)]
[Frame: 1748, payload: 4140-5519 (1380 bytes)]
[Frame: 1750, payload: 5520-6899 (1380 bytes)]
[Frame: 1751, payload: 6900-8279 (1380 bytes)]
[Frame: 1753, payload: 8280-8724 (445 bytes)]
[Frame: 1754, payload: 8725-10104 (1380 bytes)]
[Frame: 1756, payload: 10105-11484 (1380 bytes)]
[Frame: 1757, payload: 11485-12864 (1380 bytes)]
[Frame: 1759, payload: 12865-14244 (1380 bytes)]
[Frame: 1760, payload: 14245-15624 (1380 bytes)]
[Frame: 1762, payload: 15625-17004 (1380 bytes)]
[Frame: 1763, payload: 17005-18384 (1380 bytes)]
[Frame: 1765, payload: 18385-19764 (1380 bytes)]
[Frame: 1766, payload: 19765-21144 (1380 bytes)]
[Frame: 1768, payload: 21145-22524 (1380 bytes)]
[Frame: 1769, payload: 22525-23904 (1380 bytes)]
[Frame: 1771, payload: 23905-25284 (1380 bytes)]
[Frame: 1772, payload: 25285-26664 (1380 bytes)]
[Frame: 1774, payload: 26665-28044 (1380 bytes)]
[Frame: 1775, payload: 28045-29424 (1380 bytes)]
[Frame: 1777, payload: 29425-30804 (1380 bytes)]
[Frame: 1778, payload: 30805-32184 (1380 bytes)]
[Frame: 1780, payload: 32185-33564 (1380 bytes)]
[Frame: 1783, payload: 33565-34944 (1380 bytes)]
[Frame: 1785, payload: 34945-36324 (1380 bytes)]
[Frame: 1786, payload: 36325-37704 (1380 bytes)]
[Frame: 1788, payload: 37705-39084 (1380 bytes)]
[Frame: 1789, payload: 39085-40464 (1380 bytes)]
[Frame: 1791, payload: 40465-41844 (1380 bytes)]
[Frame: 1792, payload: 41845-43224 (1380 bytes)]
[Frame: 1794, payload: 43225-44604 (1380 bytes)]
[Frame: 1795, payload: 44605-45984 (1380 bytes)]
[Frame: 1797, payload: 45985-47364 (1380 bytes)]
[Frame: 1798, payload: 47365-48744 (1380 bytes)]
[Frame: 1800, payload: 48745-50124 (1380 bytes)]
[Frame: 1801, payload: 50125-51504 (1380 bytes)]
[Frame: 1803, payload: 51505-52884 (1380 bytes)]
[Frame: 1804, payload: 52885-53179 (295 bytes)]
[Segment count: 40]
[Reassembled TCP length: 53180]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:32 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 52840\r\n
[Content length: 52840]
Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:32 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 70\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10026
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 379
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1807 2012-06-20 08:38:51.783561 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 1807: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:51.783561000 GMT Daylight Time
Epoch Time: 1340177931.783561000 seconds
[Time delta from previous captured frame: 0.000109000 seconds]
[Time delta from previous displayed frame: 0.000463000 seconds]
[Time since reference or first frame: 23.761775000 seconds]
Frame Number: 1807
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x24b2 (9394)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd71d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 662, Ack: 53181, Len: 237
Source port: iqserver (2527)
Destination port: http (80)
[Stream index: 26]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 53181 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x9b9d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #1806(199), #1807(237)]
[Frame: 1806, payload: 0-198 (199 bytes)]
[Frame: 1807, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1874 2012-06-20 08:38:52.198366 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1874: 1389 bytes on wire (11112 bits), 1389 bytes captured (11112 bits)
Arrival Time: Jun 20, 2012 08:38:52.198366000 GMT Daylight Time
Epoch Time: 1340177932.198366000 seconds
[Time delta from previous captured frame: 0.000172000 seconds]
[Time delta from previous displayed frame: 0.414805000 seconds]
[Time since reference or first frame: 24.176580000 seconds]
Frame Number: 1874
Frame Length: 1389 bytes (11112 bits)
Capture Length: 1389 bytes (11112 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1375
Identification: 0xdb54 (56148)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6831 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: iqserver (2527), Seq: 105026, Ack: 899, Len: 1335
Source port: http (80)
Destination port: iqserver (2527)
[Stream index: 26]
Sequence number: 105026 (relative sequence number)
[Next sequence number: 106361 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xbe40 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2715]
TCP segment data (1335 bytes)
[42 Reassembled TCP Segments (53180 bytes): #1811(1380), #1812(1380), #1814(173), #1815(1380), #1817(1380), #1818(136), #1820(1380), #1821(1380), #1823(1380), #1824(1380), #1826(1380), #1827(1380), #1829(408), #1830(1380), #1832(68), #1833(]
[Frame: 1811, payload: 0-1379 (1380 bytes)]
[Frame: 1812, payload: 1380-2759 (1380 bytes)]
[Frame: 1814, payload: 2760-2932 (173 bytes)]
[Frame: 1815, payload: 2933-4312 (1380 bytes)]
[Frame: 1817, payload: 4313-5692 (1380 bytes)]
[Frame: 1818, payload: 5693-5828 (136 bytes)]
[Frame: 1820, payload: 5829-7208 (1380 bytes)]
[Frame: 1821, payload: 7209-8588 (1380 bytes)]
[Frame: 1823, payload: 8589-9968 (1380 bytes)]
[Frame: 1824, payload: 9969-11348 (1380 bytes)]
[Frame: 1826, payload: 11349-12728 (1380 bytes)]
[Frame: 1827, payload: 12729-14108 (1380 bytes)]
[Frame: 1829, payload: 14109-14516 (408 bytes)]
[Frame: 1830, payload: 14517-15896 (1380 bytes)]
[Frame: 1832, payload: 15897-15964 (68 bytes)]
[Frame: 1833, payload: 15965-17344 (1380 bytes)]
[Frame: 1835, payload: 17345-18724 (1380 bytes)]
[Frame: 1836, payload: 18725-20104 (1380 bytes)]
[Frame: 1838, payload: 20105-21484 (1380 bytes)]
[Frame: 1839, payload: 21485-22864 (1380 bytes)]
[Frame: 1841, payload: 22865-24244 (1380 bytes)]
[Frame: 1842, payload: 24245-25624 (1380 bytes)]
[Frame: 1844, payload: 25625-27004 (1380 bytes)]
[Frame: 1847, payload: 27005-28384 (1380 bytes)]
[Frame: 1849, payload: 28385-29764 (1380 bytes)]
[Frame: 1850, payload: 29765-31144 (1380 bytes)]
[Frame: 1852, payload: 31145-32524 (1380 bytes)]
[Frame: 1853, payload: 32525-33904 (1380 bytes)]
[Frame: 1855, payload: 33905-35284 (1380 bytes)]
[Frame: 1856, payload: 35285-36664 (1380 bytes)]
[Frame: 1858, payload: 36665-38044 (1380 bytes)]
[Frame: 1859, payload: 38045-39424 (1380 bytes)]
[Frame: 1861, payload: 39425-40804 (1380 bytes)]
[Frame: 1862, payload: 40805-42184 (1380 bytes)]
[Frame: 1864, payload: 42185-43564 (1380 bytes)]
[Frame: 1865, payload: 43565-44944 (1380 bytes)]
[Frame: 1867, payload: 44945-46324 (1380 bytes)]
[Frame: 1868, payload: 46325-47704 (1380 bytes)]
[Frame: 1870, payload: 47705-49084 (1380 bytes)]
[Frame: 1871, payload: 49085-50464 (1380 bytes)]
[Frame: 1873, payload: 50465-51844 (1380 bytes)]
[Frame: 1874, payload: 51845-53179 (1335 bytes)]
[Segment count: 42]
[Reassembled TCP length: 53180]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:33 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 52840\r\n
[Content length: 52840]
Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:33 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 70\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10026
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 379
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1877 2012-06-20 08:38:52.198694 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 1877: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:52.198694000 GMT Daylight Time
Epoch Time: 1340177932.198694000 seconds
[Time delta from previous captured frame: 0.000044000 seconds]
[Time delta from previous displayed frame: 0.000328000 seconds]
[Time since reference or first frame: 24.176908000 seconds]
Frame Number: 1877
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x24c9 (9417)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd706 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 1098, Ack: 106361, Len: 237
Source port: iqserver (2527)
Destination port: http (80)
[Stream index: 26]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 106361 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xca2c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #1876(199), #1877(237)]
[Frame: 1876, payload: 0-198 (199 bytes)]
[Frame: 1877, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
1947 2012-06-20 08:38:52.618470 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 1947: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits)
Arrival Time: Jun 20, 2012 08:38:52.618470000 GMT Daylight Time
Epoch Time: 1340177932.618470000 seconds
[Time delta from previous captured frame: 0.000022000 seconds]
[Time delta from previous displayed frame: 0.419776000 seconds]
[Time since reference or first frame: 24.596684000 seconds]
Frame Number: 1947
Frame Length: 777 bytes (6216 bits)
Capture Length: 777 bytes (6216 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 763
Identification: 0xdb80 (56192)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6a69 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: iqserver (2527), Seq: 158818, Ack: 1335, Len: 723
Source port: http (80)
Destination port: iqserver (2527)
[Stream index: 26]
Sequence number: 158818 (relative sequence number)
[Next sequence number: 159541 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xab3f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2103]
TCP segment data (723 bytes)
[42 Reassembled TCP Segments (53180 bytes): #1886(1380), #1887(1380), #1889(1380), #1890(1380), #1892(1380), #1893(1380), #1895(445), #1896(1380), #1898(1380), #1899(1380), #1901(1380), #1902(272), #1904(1380), #1905(1380), #1907(1380), #19]
[Frame: 1886, payload: 0-1379 (1380 bytes)]
[Frame: 1887, payload: 1380-2759 (1380 bytes)]
[Frame: 1889, payload: 2760-4139 (1380 bytes)]
[Frame: 1890, payload: 4140-5519 (1380 bytes)]
[Frame: 1892, payload: 5520-6899 (1380 bytes)]
[Frame: 1893, payload: 6900-8279 (1380 bytes)]
[Frame: 1895, payload: 8280-8724 (445 bytes)]
[Frame: 1896, payload: 8725-10104 (1380 bytes)]
[Frame: 1898, payload: 10105-11484 (1380 bytes)]
[Frame: 1899, payload: 11485-12864 (1380 bytes)]
[Frame: 1901, payload: 12865-14244 (1380 bytes)]
[Frame: 1902, payload: 14245-14516 (272 bytes)]
[Frame: 1904, payload: 14517-15896 (1380 bytes)]
[Frame: 1905, payload: 15897-17276 (1380 bytes)]
[Frame: 1907, payload: 17277-18656 (1380 bytes)]
[Frame: 1908, payload: 18657-20036 (1380 bytes)]
[Frame: 1910, payload: 20037-21416 (1380 bytes)]
[Frame: 1911, payload: 21417-22796 (1380 bytes)]
[Frame: 1913, payload: 22797-23204 (408 bytes)]
[Frame: 1914, payload: 23205-24584 (1380 bytes)]
[Frame: 1916, payload: 24585-25964 (1380 bytes)]
[Frame: 1917, payload: 25965-27344 (1380 bytes)]
[Frame: 1919, payload: 27345-28724 (1380 bytes)]
[Frame: 1920, payload: 28725-28996 (272 bytes)]
[Frame: 1922, payload: 28997-30376 (1380 bytes)]
[Frame: 1923, payload: 30377-31756 (1380 bytes)]
[Frame: 1925, payload: 31757-33136 (1380 bytes)]
[Frame: 1926, payload: 33137-34516 (1380 bytes)]
[Frame: 1928, payload: 34517-35896 (1380 bytes)]
[Frame: 1929, payload: 35897-37276 (1380 bytes)]
[Frame: 1931, payload: 37277-38656 (1380 bytes)]
[Frame: 1932, payload: 38657-40036 (1380 bytes)]
[Frame: 1934, payload: 40037-41416 (1380 bytes)]
[Frame: 1935, payload: 41417-42796 (1380 bytes)]
[Frame: 1937, payload: 42797-44176 (1380 bytes)]
[Frame: 1938, payload: 44177-45556 (1380 bytes)]
[Frame: 1940, payload: 45557-46936 (1380 bytes)]
[Frame: 1941, payload: 46937-48316 (1380 bytes)]
[Frame: 1943, payload: 48317-49696 (1380 bytes)]
[Frame: 1944, payload: 49697-51076 (1380 bytes)]
[Frame: 1946, payload: 51077-52456 (1380 bytes)]
[Frame: 1947, payload: 52457-53179 (723 bytes)]
[Segment count: 42]
[Reassembled TCP length: 53180]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:33 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 52840\r\n
[Content length: 52840]
Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:33 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 70\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10026
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 379
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
1949 2012-06-20 08:38:52.618776 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 1949: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:52.618776000 GMT Daylight Time
Epoch Time: 1340177932.618776000 seconds
[Time delta from previous captured frame: 0.000263000 seconds]
[Time delta from previous displayed frame: 0.000306000 seconds]
[Time since reference or first frame: 24.596990000 seconds]
Frame Number: 1949
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x24df (9439)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd758 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: iqserver (2527), Dst Port: http (80), Seq: 1335, Ack: 159541, Len: 133
Source port: iqserver (2527)
Destination port: http (80)
[Stream index: 26]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 159541 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x2608 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
No. Time Source Destination Protocol Info
1961 2012-06-20 08:38:52.888743 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 1961: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:52.888743000 GMT Daylight Time
Epoch Time: 1340177932.888743000 seconds
[Time delta from previous captured frame: 0.000131000 seconds]
[Time delta from previous displayed frame: 0.269967000 seconds]
[Time since reference or first frame: 24.866957000 seconds]
Frame Number: 1961
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x24e5 (9445)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd6ea [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: ncr_ccl (2528)
Destination port: http (80)
[Stream index: 29]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x924e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #1960(225), #1961(237)]
[Frame: 1960, payload: 0-224 (225 bytes)]
[Frame: 1961, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2059 2012-06-20 08:38:53.633621 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2059: 1295 bytes on wire (10360 bits), 1295 bytes captured (10360 bits)
Arrival Time: Jun 20, 2012 08:38:53.633621000 GMT Daylight Time
Epoch Time: 1340177933.633621000 seconds
[Time delta from previous captured frame: 0.000048000 seconds]
[Time delta from previous displayed frame: 0.744878000 seconds]
[Time since reference or first frame: 25.611835000 seconds]
Frame Number: 2059
Frame Length: 1295 bytes (10360 bits)
Capture Length: 1295 bytes (10360 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1281
Identification: 0xe7e8 (59368)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x5bfb [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ncr_ccl (2528), Seq: 78970, Ack: 463, Len: 1241
Source port: http (80)
Destination port: ncr_ccl (2528)
[Stream index: 29]
Sequence number: 78970 (relative sequence number)
[Next sequence number: 80211 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xfb95 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1241]
TCP segment data (1241 bytes)
[59 Reassembled TCP Segments (80210 bytes): #1967(1380), #1968(1380), #1970(1380), #1971(1380), #1973(309), #1974(1380), #1976(1380), #1977(1380), #1979(1380), #1980(1380), #1985(1380), #1986(1380), #1988(1380), #1989(1380), #1991(1380), #1]
[Frame: 1967, payload: 0-1379 (1380 bytes)]
[Frame: 1968, payload: 1380-2759 (1380 bytes)]
[Frame: 1970, payload: 2760-4139 (1380 bytes)]
[Frame: 1971, payload: 4140-5519 (1380 bytes)]
[Frame: 1973, payload: 5520-5828 (309 bytes)]
[Frame: 1974, payload: 5829-7208 (1380 bytes)]
[Frame: 1976, payload: 7209-8588 (1380 bytes)]
[Frame: 1977, payload: 8589-9968 (1380 bytes)]
[Frame: 1979, payload: 9969-11348 (1380 bytes)]
[Frame: 1980, payload: 11349-12728 (1380 bytes)]
[Frame: 1985, payload: 12729-14108 (1380 bytes)]
[Frame: 1986, payload: 14109-15488 (1380 bytes)]
[Frame: 1988, payload: 15489-16868 (1380 bytes)]
[Frame: 1989, payload: 16869-18248 (1380 bytes)]
[Frame: 1991, payload: 18249-19628 (1380 bytes)]
[Frame: 1992, payload: 19629-21008 (1380 bytes)]
[Frame: 1994, payload: 21009-22388 (1380 bytes)]
[Frame: 1995, payload: 22389-23768 (1380 bytes)]
[Frame: 1997, payload: 23769-25148 (1380 bytes)]
[Frame: 1998, payload: 25149-26528 (1380 bytes)]
[Frame: 2000, payload: 26529-27908 (1380 bytes)]
[Frame: 2001, payload: 27909-29288 (1380 bytes)]
[Frame: 2004, payload: 29289-30668 (1380 bytes)]
[Frame: 2005, payload: 30669-32048 (1380 bytes)]
[Frame: 2007, payload: 32049-33428 (1380 bytes)]
[Frame: 2008, payload: 33429-34808 (1380 bytes)]
[Frame: 2010, payload: 34809-36188 (1380 bytes)]
[Frame: 2011, payload: 36189-37568 (1380 bytes)]
[Frame: 2013, payload: 37569-38948 (1380 bytes)]
[Frame: 2014, payload: 38949-40328 (1380 bytes)]
[Frame: 2016, payload: 40329-41708 (1380 bytes)]
[Frame: 2017, payload: 41709-43088 (1380 bytes)]
[Frame: 2019, payload: 43089-44468 (1380 bytes)]
[Frame: 2020, payload: 44469-45848 (1380 bytes)]
[Frame: 2022, payload: 45849-47228 (1380 bytes)]
[Frame: 2023, payload: 47229-48608 (1380 bytes)]
[Frame: 2025, payload: 48609-49988 (1380 bytes)]
[Frame: 2026, payload: 49989-51368 (1380 bytes)]
[Frame: 2028, payload: 51369-52748 (1380 bytes)]
[Frame: 2029, payload: 52749-54128 (1380 bytes)]
[Frame: 2032, payload: 54129-55508 (1380 bytes)]
[Frame: 2033, payload: 55509-56888 (1380 bytes)]
[Frame: 2035, payload: 56889-58268 (1380 bytes)]
[Frame: 2036, payload: 58269-59648 (1380 bytes)]
[Frame: 2038, payload: 59649-61028 (1380 bytes)]
[Frame: 2039, payload: 61029-62408 (1380 bytes)]
[Frame: 2041, payload: 62409-63788 (1380 bytes)]
[Frame: 2042, payload: 63789-65168 (1380 bytes)]
[Frame: 2044, payload: 65169-66548 (1380 bytes)]
[Frame: 2045, payload: 66549-67928 (1380 bytes)]
[Frame: 2047, payload: 67929-69308 (1380 bytes)]
[Frame: 2048, payload: 69309-70688 (1380 bytes)]
[Frame: 2050, payload: 70689-72068 (1380 bytes)]
[Frame: 2051, payload: 72069-73448 (1380 bytes)]
[Frame: 2053, payload: 73449-74828 (1380 bytes)]
[Frame: 2054, payload: 74829-76208 (1380 bytes)]
[Frame: 2056, payload: 76209-77588 (1380 bytes)]
[Frame: 2057, payload: 77589-78968 (1380 bytes)]
[Frame: 2059, payload: 78969-80209 (1241 bytes)]
[Segment count: 59]
[Reassembled TCP length: 80210]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:34 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 79869\r\n
[Content length: 79869]
Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:34 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6704
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2061 2012-06-20 08:38:53.633977 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 2061: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:53.633977000 GMT Daylight Time
Epoch Time: 1340177933.633977000 seconds
[Time delta from previous captured frame: 0.000100000 seconds]
[Time delta from previous displayed frame: 0.000356000 seconds]
[Time since reference or first frame: 25.612191000 seconds]
Frame Number: 2061
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2504 (9476)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd6cb [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 662, Ack: 80211, Len: 237
Source port: ncr_ccl (2528)
Destination port: http (80)
[Stream index: 29]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 80211 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0x574c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2060(199), #2061(237)]
[Frame: 2060, payload: 0-198 (199 bytes)]
[Frame: 2061, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2158 2012-06-20 08:38:54.090053 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2158: 207 bytes on wire (1656 bits), 207 bytes captured (1656 bits)
Arrival Time: Jun 20, 2012 08:38:54.090053000 GMT Daylight Time
Epoch Time: 1340177934.090053000 seconds
[Time delta from previous captured frame: 0.000012000 seconds]
[Time delta from previous displayed frame: 0.456076000 seconds]
[Time since reference or first frame: 26.068267000 seconds]
Frame Number: 2158
Frame Length: 207 bytes (1656 bits)
Capture Length: 207 bytes (1656 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 193
Identification: 0xe828 (59432)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x5ffb [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ncr_ccl (2528), Seq: 160268, Ack: 899, Len: 153
Source port: http (80)
Destination port: ncr_ccl (2528)
[Stream index: 29]
Sequence number: 160268 (relative sequence number)
[Next sequence number: 160421 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x6983 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1533]
TCP segment data (153 bytes)
[62 Reassembled TCP Segments (80210 bytes): #2067(1380), #2068(1380), #2070(1380), #2071(1380), #2073(1380), #2074(1380), #2076(445), #2077(1380), #2079(1380), #2080(1380), #2082(1380), #2083(272), #2085(1380), #2086(1380), #2088(1380), #20]
[Frame: 2067, payload: 0-1379 (1380 bytes)]
[Frame: 2068, payload: 1380-2759 (1380 bytes)]
[Frame: 2070, payload: 2760-4139 (1380 bytes)]
[Frame: 2071, payload: 4140-5519 (1380 bytes)]
[Frame: 2073, payload: 5520-6899 (1380 bytes)]
[Frame: 2074, payload: 6900-8279 (1380 bytes)]
[Frame: 2076, payload: 8280-8724 (445 bytes)]
[Frame: 2077, payload: 8725-10104 (1380 bytes)]
[Frame: 2079, payload: 10105-11484 (1380 bytes)]
[Frame: 2080, payload: 11485-12864 (1380 bytes)]
[Frame: 2082, payload: 12865-14244 (1380 bytes)]
[Frame: 2083, payload: 14245-14516 (272 bytes)]
[Frame: 2085, payload: 14517-15896 (1380 bytes)]
[Frame: 2086, payload: 15897-17276 (1380 bytes)]
[Frame: 2088, payload: 17277-18656 (1380 bytes)]
[Frame: 2089, payload: 18657-20036 (1380 bytes)]
[Frame: 2091, payload: 20037-20308 (272 bytes)]
[Frame: 2092, payload: 20309-21688 (1380 bytes)]
[Frame: 2094, payload: 21689-23068 (1380 bytes)]
[Frame: 2095, payload: 23069-24448 (1380 bytes)]
[Frame: 2097, payload: 24449-25828 (1380 bytes)]
[Frame: 2098, payload: 25829-27208 (1380 bytes)]
[Frame: 2100, payload: 27209-28588 (1380 bytes)]
[Frame: 2101, payload: 28589-28996 (408 bytes)]
[Frame: 2103, payload: 28997-30376 (1380 bytes)]
[Frame: 2104, payload: 30377-31756 (1380 bytes)]
[Frame: 2106, payload: 31757-33136 (1380 bytes)]
[Frame: 2107, payload: 33137-34516 (1380 bytes)]
[Frame: 2109, payload: 34517-35896 (1380 bytes)]
[Frame: 2110, payload: 35897-37276 (1380 bytes)]
[Frame: 2112, payload: 37277-38656 (1380 bytes)]
[Frame: 2113, payload: 38657-40036 (1380 bytes)]
[Frame: 2115, payload: 40037-41416 (1380 bytes)]
[Frame: 2116, payload: 41417-42796 (1380 bytes)]
[Frame: 2118, payload: 42797-44176 (1380 bytes)]
[Frame: 2119, payload: 44177-45556 (1380 bytes)]
[Frame: 2121, payload: 45557-46936 (1380 bytes)]
[Frame: 2122, payload: 46937-48316 (1380 bytes)]
[Frame: 2124, payload: 48317-49696 (1380 bytes)]
[Frame: 2125, payload: 49697-51076 (1380 bytes)]
[Frame: 2127, payload: 51077-52456 (1380 bytes)]
[Frame: 2128, payload: 52457-53836 (1380 bytes)]
[Frame: 2130, payload: 53837-55216 (1380 bytes)]
[Frame: 2131, payload: 55217-56596 (1380 bytes)]
[Frame: 2133, payload: 56597-57976 (1380 bytes)]
[Frame: 2134, payload: 57977-59356 (1380 bytes)]
[Frame: 2136, payload: 59357-60736 (1380 bytes)]
[Frame: 2137, payload: 60737-62116 (1380 bytes)]
[Frame: 2139, payload: 62117-63496 (1380 bytes)]
[Frame: 2140, payload: 63497-64876 (1380 bytes)]
[Frame: 2142, payload: 64877-66256 (1380 bytes)]
[Frame: 2143, payload: 66257-67636 (1380 bytes)]
[Frame: 2145, payload: 67637-69016 (1380 bytes)]
[Frame: 2146, payload: 69017-70396 (1380 bytes)]
[Frame: 2148, payload: 70397-71776 (1380 bytes)]
[Frame: 2149, payload: 71777-73156 (1380 bytes)]
[Frame: 2151, payload: 73157-74536 (1380 bytes)]
[Frame: 2152, payload: 74537-75916 (1380 bytes)]
[Frame: 2154, payload: 75917-77296 (1380 bytes)]
[Frame: 2155, payload: 77297-78676 (1380 bytes)]
[Frame: 2157, payload: 78677-80056 (1380 bytes)]
[Frame: 2158, payload: 80057-80209 (153 bytes)]
[Segment count: 62]
[Reassembled TCP length: 80210]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:34 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 79869\r\n
[Content length: 79869]
Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:34 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6704
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2161 2012-06-20 08:38:54.090409 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 2161: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:54.090409000 GMT Daylight Time
Epoch Time: 1340177934.090409000 seconds
[Time delta from previous captured frame: 0.000042000 seconds]
[Time delta from previous displayed frame: 0.000356000 seconds]
[Time since reference or first frame: 26.068623000 seconds]
Frame Number: 2161
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2525 (9509)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd6aa [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 1098, Ack: 160421, Len: 237
Source port: ncr_ccl (2528)
Destination port: http (80)
[Stream index: 29]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 160421 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x1c40 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2160(199), #2161(237)]
[Frame: 2160, payload: 0-198 (199 bytes)]
[Frame: 2161, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2268 2012-06-20 08:38:54.747226 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2268: 615 bytes on wire (4920 bits), 615 bytes captured (4920 bits)
Arrival Time: Jun 20, 2012 08:38:54.747226000 GMT Daylight Time
Epoch Time: 1340177934.747226000 seconds
[Time delta from previous captured frame: 0.000012000 seconds]
[Time delta from previous displayed frame: 0.656817000 seconds]
[Time since reference or first frame: 26.725440000 seconds]
Frame Number: 2268
Frame Length: 615 bytes (4920 bits)
Capture Length: 615 bytes (4920 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 601
Identification: 0xe867 (59495)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x5e24 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ncr_ccl (2528), Seq: 240070, Ack: 1335, Len: 561
Source port: http (80)
Destination port: ncr_ccl (2528)
[Stream index: 29]
Sequence number: 240070 (relative sequence number)
[Next sequence number: 240631 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x1a14 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 561]
TCP segment data (561 bytes)
[61 Reassembled TCP Segments (80210 bytes): #2171(1380), #2172(1380), #2174(1380), #2175(1380), #2177(1380), #2178(1380), #2180(445), #2181(1380), #2183(1380), #2184(1380), #2186(1380), #2187(272), #2189(1380), #2190(1380), #2192(1380), #21]
[Frame: 2171, payload: 0-1379 (1380 bytes)]
[Frame: 2172, payload: 1380-2759 (1380 bytes)]
[Frame: 2174, payload: 2760-4139 (1380 bytes)]
[Frame: 2175, payload: 4140-5519 (1380 bytes)]
[Frame: 2177, payload: 5520-6899 (1380 bytes)]
[Frame: 2178, payload: 6900-8279 (1380 bytes)]
[Frame: 2180, payload: 8280-8724 (445 bytes)]
[Frame: 2181, payload: 8725-10104 (1380 bytes)]
[Frame: 2183, payload: 10105-11484 (1380 bytes)]
[Frame: 2184, payload: 11485-12864 (1380 bytes)]
[Frame: 2186, payload: 12865-14244 (1380 bytes)]
[Frame: 2187, payload: 14245-14516 (272 bytes)]
[Frame: 2189, payload: 14517-15896 (1380 bytes)]
[Frame: 2190, payload: 15897-17276 (1380 bytes)]
[Frame: 2192, payload: 17277-18656 (1380 bytes)]
[Frame: 2193, payload: 18657-20036 (1380 bytes)]
[Frame: 2195, payload: 20037-20308 (272 bytes)]
[Frame: 2196, payload: 20309-21688 (1380 bytes)]
[Frame: 2198, payload: 21689-23068 (1380 bytes)]
[Frame: 2199, payload: 23069-24448 (1380 bytes)]
[Frame: 2201, payload: 24449-25828 (1380 bytes)]
[Frame: 2202, payload: 25829-27208 (1380 bytes)]
[Frame: 2204, payload: 27209-28588 (1380 bytes)]
[Frame: 2209, payload: 28589-29968 (1380 bytes)]
[Frame: 2211, payload: 29969-31348 (1380 bytes)]
[Frame: 2212, payload: 31349-32728 (1380 bytes)]
[Frame: 2214, payload: 32729-34108 (1380 bytes)]
[Frame: 2215, payload: 34109-35488 (1380 bytes)]
[Frame: 2217, payload: 35489-36868 (1380 bytes)]
[Frame: 2218, payload: 36869-38248 (1380 bytes)]
[Frame: 2220, payload: 38249-39628 (1380 bytes)]
[Frame: 2221, payload: 39629-41008 (1380 bytes)]
[Frame: 2223, payload: 41009-42388 (1380 bytes)]
[Frame: 2224, payload: 42389-43768 (1380 bytes)]
[Frame: 2226, payload: 43769-45148 (1380 bytes)]
[Frame: 2227, payload: 45149-46528 (1380 bytes)]
[Frame: 2229, payload: 46529-47908 (1380 bytes)]
[Frame: 2230, payload: 47909-49288 (1380 bytes)]
[Frame: 2232, payload: 49289-50668 (1380 bytes)]
[Frame: 2233, payload: 50669-52048 (1380 bytes)]
[Frame: 2235, payload: 52049-53428 (1380 bytes)]
[Frame: 2236, payload: 53429-54808 (1380 bytes)]
[Frame: 2238, payload: 54809-56188 (1380 bytes)]
[Frame: 2239, payload: 56189-57568 (1380 bytes)]
[Frame: 2241, payload: 57569-58948 (1380 bytes)]
[Frame: 2242, payload: 58949-60328 (1380 bytes)]
[Frame: 2247, payload: 60329-61708 (1380 bytes)]
[Frame: 2248, payload: 61709-63088 (1380 bytes)]
[Frame: 2250, payload: 63089-64468 (1380 bytes)]
[Frame: 2251, payload: 64469-65848 (1380 bytes)]
[Frame: 2253, payload: 65849-67228 (1380 bytes)]
[Frame: 2254, payload: 67229-68608 (1380 bytes)]
[Frame: 2256, payload: 68609-69988 (1380 bytes)]
[Frame: 2257, payload: 69989-71368 (1380 bytes)]
[Frame: 2259, payload: 71369-72748 (1380 bytes)]
[Frame: 2260, payload: 72749-74128 (1380 bytes)]
[Frame: 2262, payload: 74129-75508 (1380 bytes)]
[Frame: 2263, payload: 75509-76888 (1380 bytes)]
[Frame: 2265, payload: 76889-78268 (1380 bytes)]
[Frame: 2266, payload: 78269-79648 (1380 bytes)]
[Frame: 2268, payload: 79649-80209 (561 bytes)]
[Segment count: 61]
[Reassembled TCP length: 80210]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:35 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 79869\r\n
[Content length: 79869]
Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:35 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6704
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2269 2012-06-20 08:38:54.747525 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 2269: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:54.747525000 GMT Daylight Time
Epoch Time: 1340177934.747525000 seconds
[Time delta from previous captured frame: 0.000299000 seconds]
[Time delta from previous displayed frame: 0.000299000 seconds]
[Time since reference or first frame: 26.725739000 seconds]
Frame Number: 2269
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2544 (9540)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd6f3 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ncr_ccl (2528), Dst Port: http (80), Seq: 1335, Ack: 240631, Len: 133
Source port: ncr_ccl (2528)
Destination port: http (80)
[Stream index: 29]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 240631 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x1187 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 2268]
[The RTT to ACK the segment was: 0.000299000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
No. Time Source Destination Protocol Info
2281 2012-06-20 08:38:55.017775 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 2281: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:55.017775000 GMT Daylight Time
Epoch Time: 1340177935.017775000 seconds
[Time delta from previous captured frame: 0.000127000 seconds]
[Time delta from previous displayed frame: 0.270250000 seconds]
[Time since reference or first frame: 26.995989000 seconds]
Frame Number: 2281
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x254a (9546)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd685 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: utsftp (2529)
Destination port: http (80)
[Stream index: 31]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x85a4 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #2280(225), #2281(237)]
[Frame: 2280, payload: 0-224 (225 bytes)]
[Frame: 2281, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2348 2012-06-20 08:38:55.634279 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2348: 1339 bytes on wire (10712 bits), 1339 bytes captured (10712 bits)
Arrival Time: Jun 20, 2012 08:38:55.634279000 GMT Daylight Time
Epoch Time: 1340177935.634279000 seconds
[Time delta from previous captured frame: 0.000387000 seconds]
[Time delta from previous displayed frame: 0.616504000 seconds]
[Time since reference or first frame: 27.612493000 seconds]
Frame Number: 2348
Frame Length: 1339 bytes (10712 bits)
Capture Length: 1339 bytes (10712 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1325
Identification: 0x8ee2 (36578)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xb4d5 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: utsftp (2529), Seq: 52886, Ack: 463, Len: 1285
Source port: http (80)
Destination port: utsftp (2529)
[Stream index: 31]
Sequence number: 52886 (relative sequence number)
[Next sequence number: 54171 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x9ae9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1285]
TCP segment data (1285 bytes)
[41 Reassembled TCP Segments (54170 bytes): #2288(1380), #2289(105), #2291(1380), #2292(1380), #2294(1380), #2295(1380), #2297(1380), #2298(340), #2300(1380), #2301(1380), #2303(1380), #2304(1380), #2306(1380), #2307(1380), #2309(1380), #23]
[Frame: 2288, payload: 0-1379 (1380 bytes)]
[Frame: 2289, payload: 1380-1484 (105 bytes)]
[Frame: 2291, payload: 1485-2864 (1380 bytes)]
[Frame: 2292, payload: 2865-4244 (1380 bytes)]
[Frame: 2294, payload: 4245-5624 (1380 bytes)]
[Frame: 2295, payload: 5625-7004 (1380 bytes)]
[Frame: 2297, payload: 7005-8384 (1380 bytes)]
[Frame: 2298, payload: 8385-8724 (340 bytes)]
[Frame: 2300, payload: 8725-10104 (1380 bytes)]
[Frame: 2301, payload: 10105-11484 (1380 bytes)]
[Frame: 2303, payload: 11485-12864 (1380 bytes)]
[Frame: 2304, payload: 12865-14244 (1380 bytes)]
[Frame: 2306, payload: 14245-15624 (1380 bytes)]
[Frame: 2307, payload: 15625-17004 (1380 bytes)]
[Frame: 2309, payload: 17005-18384 (1380 bytes)]
[Frame: 2310, payload: 18385-19764 (1380 bytes)]
[Frame: 2312, payload: 19765-21144 (1380 bytes)]
[Frame: 2313, payload: 21145-22524 (1380 bytes)]
[Frame: 2315, payload: 22525-23904 (1380 bytes)]
[Frame: 2316, payload: 23905-25284 (1380 bytes)]
[Frame: 2318, payload: 25285-26664 (1380 bytes)]
[Frame: 2319, payload: 26665-28044 (1380 bytes)]
[Frame: 2321, payload: 28045-29424 (1380 bytes)]
[Frame: 2322, payload: 29425-30804 (1380 bytes)]
[Frame: 2324, payload: 30805-32184 (1380 bytes)]
[Frame: 2325, payload: 32185-33564 (1380 bytes)]
[Frame: 2327, payload: 33565-34944 (1380 bytes)]
[Frame: 2328, payload: 34945-36324 (1380 bytes)]
[Frame: 2330, payload: 36325-37704 (1380 bytes)]
[Frame: 2331, payload: 37705-39084 (1380 bytes)]
[Frame: 2333, payload: 39085-40464 (1380 bytes)]
[Frame: 2334, payload: 40465-41844 (1380 bytes)]
[Frame: 2336, payload: 41845-43224 (1380 bytes)]
[Frame: 2337, payload: 43225-44604 (1380 bytes)]
[Frame: 2339, payload: 44605-45984 (1380 bytes)]
[Frame: 2340, payload: 45985-47364 (1380 bytes)]
[Frame: 2342, payload: 47365-48744 (1380 bytes)]
[Frame: 2343, payload: 48745-50124 (1380 bytes)]
[Frame: 2345, payload: 50125-51504 (1380 bytes)]
[Frame: 2346, payload: 51505-52884 (1380 bytes)]
[Frame: 2348, payload: 52885-54169 (1285 bytes)]
[Segment count: 41]
[Reassembled TCP length: 54170]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:36 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 53829\r\n
[Content length: 53829]
Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:36 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 237\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10024
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 400
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2350 2012-06-20 08:38:55.634704 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 2350: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:55.634704000 GMT Daylight Time
Epoch Time: 1340177935.634704000 seconds
[Time delta from previous captured frame: 0.000100000 seconds]
[Time delta from previous displayed frame: 0.000425000 seconds]
[Time since reference or first frame: 27.612918000 seconds]
Frame Number: 2350
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2560 (9568)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd66f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 662, Ack: 54171, Len: 237
Source port: utsftp (2529)
Destination port: http (80)
[Stream index: 31]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 54171 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0xb05a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2349(199), #2350(237)]
[Frame: 2349, payload: 0-198 (199 bytes)]
[Frame: 2350, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2416 2012-06-20 08:38:56.051176 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2416: 931 bytes on wire (7448 bits), 931 bytes captured (7448 bits)
Arrival Time: Jun 20, 2012 08:38:56.051176000 GMT Daylight Time
Epoch Time: 1340177936.051176000 seconds
[Time delta from previous captured frame: 0.000010000 seconds]
[Time delta from previous displayed frame: 0.416472000 seconds]
[Time since reference or first frame: 28.029390000 seconds]
Frame Number: 2416
Frame Length: 931 bytes (7448 bits)
Capture Length: 931 bytes (7448 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 917
Identification: 0x8f0d (36621)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xb642 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: utsftp (2529), Seq: 107464, Ack: 899, Len: 877
Source port: http (80)
Destination port: utsftp (2529)
[Stream index: 31]
Sequence number: 107464 (relative sequence number)
[Next sequence number: 108341 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xd2e8 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 877]
TCP segment data (877 bytes)
[41 Reassembled TCP Segments (54170 bytes): #2356(1380), #2357(1380), #2359(1380), #2360(1380), #2362(1380), #2363(1380), #2365(1380), #2366(1380), #2368(581), #2369(1380), #2371(1380), #2372(1380), #2374(1380), #2375(272), #2377(1380), #23]
[Frame: 2356, payload: 0-1379 (1380 bytes)]
[Frame: 2357, payload: 1380-2759 (1380 bytes)]
[Frame: 2359, payload: 2760-4139 (1380 bytes)]
[Frame: 2360, payload: 4140-5519 (1380 bytes)]
[Frame: 2362, payload: 5520-6899 (1380 bytes)]
[Frame: 2363, payload: 6900-8279 (1380 bytes)]
[Frame: 2365, payload: 8280-9659 (1380 bytes)]
[Frame: 2366, payload: 9660-11039 (1380 bytes)]
[Frame: 2368, payload: 11040-11620 (581 bytes)]
[Frame: 2369, payload: 11621-13000 (1380 bytes)]
[Frame: 2371, payload: 13001-14380 (1380 bytes)]
[Frame: 2372, payload: 14381-15760 (1380 bytes)]
[Frame: 2374, payload: 15761-17140 (1380 bytes)]
[Frame: 2375, payload: 17141-17412 (272 bytes)]
[Frame: 2377, payload: 17413-18792 (1380 bytes)]
[Frame: 2378, payload: 18793-20172 (1380 bytes)]
[Frame: 2380, payload: 20173-21552 (1380 bytes)]
[Frame: 2381, payload: 21553-22932 (1380 bytes)]
[Frame: 2383, payload: 22933-24312 (1380 bytes)]
[Frame: 2384, payload: 24313-25692 (1380 bytes)]
[Frame: 2386, payload: 25693-27072 (1380 bytes)]
[Frame: 2387, payload: 27073-28452 (1380 bytes)]
[Frame: 2389, payload: 28453-29832 (1380 bytes)]
[Frame: 2390, payload: 29833-31212 (1380 bytes)]
[Frame: 2392, payload: 31213-32592 (1380 bytes)]
[Frame: 2393, payload: 32593-33972 (1380 bytes)]
[Frame: 2395, payload: 33973-35352 (1380 bytes)]
[Frame: 2396, payload: 35353-36732 (1380 bytes)]
[Frame: 2398, payload: 36733-38112 (1380 bytes)]
[Frame: 2399, payload: 38113-39492 (1380 bytes)]
[Frame: 2401, payload: 39493-40872 (1380 bytes)]
[Frame: 2402, payload: 40873-42252 (1380 bytes)]
[Frame: 2404, payload: 42253-43632 (1380 bytes)]
[Frame: 2405, payload: 43633-45012 (1380 bytes)]
[Frame: 2407, payload: 45013-46392 (1380 bytes)]
[Frame: 2408, payload: 46393-47772 (1380 bytes)]
[Frame: 2410, payload: 47773-49152 (1380 bytes)]
[Frame: 2411, payload: 49153-50532 (1380 bytes)]
[Frame: 2413, payload: 50533-51912 (1380 bytes)]
[Frame: 2414, payload: 51913-53292 (1380 bytes)]
[Frame: 2416, payload: 53293-54169 (877 bytes)]
[Segment count: 41]
[Reassembled TCP length: 54170]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:36 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 53829\r\n
[Content length: 53829]
Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:36 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 237\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10024
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 400
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2418 2012-06-20 08:38:56.051451 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 2418: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:56.051451000 GMT Daylight Time
Epoch Time: 1340177936.051451000 seconds
[Time delta from previous captured frame: 0.000044000 seconds]
[Time delta from previous displayed frame: 0.000275000 seconds]
[Time since reference or first frame: 28.029665000 seconds]
Frame Number: 2418
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2576 (9590)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd659 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 1098, Ack: 108341, Len: 237
Source port: utsftp (2529)
Destination port: http (80)
[Stream index: 31]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 108341 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0xdb09 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2417(199), #2418(237)]
[Frame: 2417, payload: 0-198 (199 bytes)]
[Frame: 2418, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2485 2012-06-20 08:38:56.501635 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2485: 387 bytes on wire (3096 bits), 387 bytes captured (3096 bits)
Arrival Time: Jun 20, 2012 08:38:56.501635000 GMT Daylight Time
Epoch Time: 1340177936.501635000 seconds
[Time delta from previous captured frame: 0.000009000 seconds]
[Time delta from previous displayed frame: 0.450184000 seconds]
[Time since reference or first frame: 28.479849000 seconds]
Frame Number: 2485
Frame Length: 387 bytes (3096 bits)
Capture Length: 387 bytes (3096 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 373
Identification: 0x8f3a (36666)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xb835 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: utsftp (2529), Seq: 162178, Ack: 1335, Len: 333
Source port: http (80)
Destination port: utsftp (2529)
[Stream index: 31]
Sequence number: 162178 (relative sequence number)
[Next sequence number: 162511 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xfaab [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 333]
TCP segment data (333 bytes)
[43 Reassembled TCP Segments (54170 bytes): #2421(1380), #2422(1380), #2424(173), #2425(1380), #2427(1380), #2428(1380), #2430(1380), #2431(1380), #2433(1380), #2434(1380), #2436(1380), #2437(544), #2439(1380), #2440(1380), #2442(1380), #24]
[Frame: 2421, payload: 0-1379 (1380 bytes)]
[Frame: 2422, payload: 1380-2759 (1380 bytes)]
[Frame: 2424, payload: 2760-2932 (173 bytes)]
[Frame: 2425, payload: 2933-4312 (1380 bytes)]
[Frame: 2427, payload: 4313-5692 (1380 bytes)]
[Frame: 2428, payload: 5693-7072 (1380 bytes)]
[Frame: 2430, payload: 7073-8452 (1380 bytes)]
[Frame: 2431, payload: 8453-9832 (1380 bytes)]
[Frame: 2433, payload: 9833-11212 (1380 bytes)]
[Frame: 2434, payload: 11213-12592 (1380 bytes)]
[Frame: 2436, payload: 12593-13972 (1380 bytes)]
[Frame: 2437, payload: 13973-14516 (544 bytes)]
[Frame: 2439, payload: 14517-15896 (1380 bytes)]
[Frame: 2440, payload: 15897-17276 (1380 bytes)]
[Frame: 2442, payload: 17277-18656 (1380 bytes)]
[Frame: 2443, payload: 18657-20036 (1380 bytes)]
[Frame: 2445, payload: 20037-21416 (1380 bytes)]
[Frame: 2446, payload: 21417-22796 (1380 bytes)]
[Frame: 2448, payload: 22797-24176 (1380 bytes)]
[Frame: 2449, payload: 24177-24652 (476 bytes)]
[Frame: 2451, payload: 24653-26032 (1380 bytes)]
[Frame: 2452, payload: 26033-27412 (1380 bytes)]
[Frame: 2454, payload: 27413-28792 (1380 bytes)]
[Frame: 2455, payload: 28793-28996 (204 bytes)]
[Frame: 2458, payload: 28997-30376 (1380 bytes)]
[Frame: 2459, payload: 30377-31756 (1380 bytes)]
[Frame: 2461, payload: 31757-33136 (1380 bytes)]
[Frame: 2462, payload: 33137-34516 (1380 bytes)]
[Frame: 2464, payload: 34517-35896 (1380 bytes)]
[Frame: 2465, payload: 35897-37276 (1380 bytes)]
[Frame: 2467, payload: 37277-38656 (1380 bytes)]
[Frame: 2468, payload: 38657-40036 (1380 bytes)]
[Frame: 2470, payload: 40037-41416 (1380 bytes)]
[Frame: 2471, payload: 41417-42796 (1380 bytes)]
[Frame: 2473, payload: 42797-44176 (1380 bytes)]
[Frame: 2474, payload: 44177-45556 (1380 bytes)]
[Frame: 2476, payload: 45557-46936 (1380 bytes)]
[Frame: 2477, payload: 46937-48316 (1380 bytes)]
[Frame: 2479, payload: 48317-49696 (1380 bytes)]
[Frame: 2480, payload: 49697-51076 (1380 bytes)]
[Frame: 2482, payload: 51077-52456 (1380 bytes)]
[Frame: 2483, payload: 52457-53836 (1380 bytes)]
[Frame: 2485, payload: 53837-54169 (333 bytes)]
[Segment count: 43]
[Reassembled TCP length: 54170]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:37 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 53829\r\n
[Content length: 53829]
Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:37 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 237\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10024
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 400
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2486 2012-06-20 08:38:56.501882 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 2486: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:56.501882000 GMT Daylight Time
Epoch Time: 1340177936.501882000 seconds
[Time delta from previous captured frame: 0.000247000 seconds]
[Time delta from previous displayed frame: 0.000247000 seconds]
[Time since reference or first frame: 28.480096000 seconds]
Frame Number: 2486
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x258c (9612)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd6ab [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: utsftp (2529), Dst Port: http (80), Seq: 1335, Ack: 162511, Len: 133
Source port: utsftp (2529)
Destination port: http (80)
[Stream index: 31]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 162511 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0x320b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 2485]
[The RTT to ACK the segment was: 0.000247000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
No. Time Source Destination Protocol Info
2496 2012-06-20 08:38:56.771905 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 2496: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:56.771905000 GMT Daylight Time
Epoch Time: 1340177936.771905000 seconds
[Time delta from previous captured frame: 0.000123000 seconds]
[Time delta from previous displayed frame: 0.270023000 seconds]
[Time since reference or first frame: 28.750119000 seconds]
Frame Number: 2496
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2592 (9618)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd63d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: vrcommerce (2530)
Destination port: http (80)
[Stream index: 32]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xe1c7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #2495(225), #2496(237)]
[Frame: 2495, payload: 0-224 (225 bytes)]
[Frame: 2496, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2574 2012-06-20 08:38:57.499571 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2574: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
Arrival Time: Jun 20, 2012 08:38:57.499571000 GMT Daylight Time
Epoch Time: 1340177937.499571000 seconds
[Time delta from previous captured frame: 0.000048000 seconds]
[Time delta from previous displayed frame: 0.727666000 seconds]
[Time since reference or first frame: 29.477785000 seconds]
Frame Number: 2574
Frame Length: 86 bytes (688 bits)
Capture Length: 86 bytes (688 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 72
Identification: 0x0340 (832)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x455d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vrcommerce (2530), Seq: 58270, Ack: 463, Len: 32
Source port: http (80)
Destination port: vrcommerce (2530)
[Stream index: 32]
Sequence number: 58270 (relative sequence number)
[Next sequence number: 58302 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xccae [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 32]
TCP segment data (32 bytes)
[47 Reassembled TCP Segments (58301 bytes): #2501(1380), #2502(105), #2504(1380), #2505(68), #2507(1380), #2508(68), #2510(1380), #2511(68), #2513(1380), #2514(1380), #2517(1380), #2518(1380), #2520(1380), #2521(1380), #2523(1380), #2524(13]
[Frame: 2501, payload: 0-1379 (1380 bytes)]
[Frame: 2502, payload: 1380-1484 (105 bytes)]
[Frame: 2504, payload: 1485-2864 (1380 bytes)]
[Frame: 2505, payload: 2865-2932 (68 bytes)]
[Frame: 2507, payload: 2933-4312 (1380 bytes)]
[Frame: 2508, payload: 4313-4380 (68 bytes)]
[Frame: 2510, payload: 4381-5760 (1380 bytes)]
[Frame: 2511, payload: 5761-5828 (68 bytes)]
[Frame: 2513, payload: 5829-7208 (1380 bytes)]
[Frame: 2514, payload: 7209-8588 (1380 bytes)]
[Frame: 2517, payload: 8589-9968 (1380 bytes)]
[Frame: 2518, payload: 9969-11348 (1380 bytes)]
[Frame: 2520, payload: 11349-12728 (1380 bytes)]
[Frame: 2521, payload: 12729-14108 (1380 bytes)]
[Frame: 2523, payload: 14109-15488 (1380 bytes)]
[Frame: 2524, payload: 15489-16868 (1380 bytes)]
[Frame: 2526, payload: 16869-18248 (1380 bytes)]
[Frame: 2527, payload: 18249-19628 (1380 bytes)]
[Frame: 2529, payload: 19629-21008 (1380 bytes)]
[Frame: 2530, payload: 21009-22388 (1380 bytes)]
[Frame: 2532, payload: 22389-23768 (1380 bytes)]
[Frame: 2533, payload: 23769-25148 (1380 bytes)]
[Frame: 2535, payload: 25149-26528 (1380 bytes)]
[Frame: 2536, payload: 26529-27908 (1380 bytes)]
[Frame: 2538, payload: 27909-29288 (1380 bytes)]
[Frame: 2541, payload: 29289-30668 (1380 bytes)]
[Frame: 2543, payload: 30669-32048 (1380 bytes)]
[Frame: 2544, payload: 32049-33428 (1380 bytes)]
[Frame: 2546, payload: 33429-34808 (1380 bytes)]
[Frame: 2547, payload: 34809-36188 (1380 bytes)]
[Frame: 2549, payload: 36189-37568 (1380 bytes)]
[Frame: 2550, payload: 37569-38948 (1380 bytes)]
[Frame: 2552, payload: 38949-40328 (1380 bytes)]
[Frame: 2553, payload: 40329-41708 (1380 bytes)]
[Frame: 2555, payload: 41709-43088 (1380 bytes)]
[Frame: 2556, payload: 43089-44468 (1380 bytes)]
[Frame: 2558, payload: 44469-45848 (1380 bytes)]
[Frame: 2559, payload: 45849-47228 (1380 bytes)]
[Frame: 2561, payload: 47229-48608 (1380 bytes)]
[Frame: 2562, payload: 48609-49988 (1380 bytes)]
[Frame: 2565, payload: 49989-51368 (1380 bytes)]
[Frame: 2566, payload: 51369-52748 (1380 bytes)]
[Frame: 2568, payload: 52749-54128 (1380 bytes)]
[Frame: 2569, payload: 54129-55508 (1380 bytes)]
[Frame: 2571, payload: 55509-56888 (1380 bytes)]
[Frame: 2572, payload: 56889-58268 (1380 bytes)]
[Frame: 2574, payload: 58269-58300 (32 bytes)]
[Segment count: 47]
[Reassembled TCP length: 58301]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:38 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57961\r\n
[Content length: 57961]
Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:38 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6507
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2576 2012-06-20 08:38:57.500006 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 2576: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:57.500006000 GMT Daylight Time
Epoch Time: 1340177937.500006000 seconds
[Time delta from previous captured frame: 0.000104000 seconds]
[Time delta from previous displayed frame: 0.000435000 seconds]
[Time since reference or first frame: 29.478220000 seconds]
Frame Number: 2576
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x25ab (9643)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd624 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 662, Ack: 58302, Len: 237
Source port: vrcommerce (2530)
Destination port: http (80)
[Stream index: 32]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 58302 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xfc55 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2575(199), #2576(237)]
[Frame: 2575, payload: 0-198 (199 bytes)]
[Frame: 2576, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2656 2012-06-20 08:38:57.982060 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2656: 650 bytes on wire (5200 bits), 650 bytes captured (5200 bits)
Arrival Time: Jun 20, 2012 08:38:57.982060000 GMT Daylight Time
Epoch Time: 1340177937.982060000 seconds
[Time delta from previous captured frame: 0.000007000 seconds]
[Time delta from previous displayed frame: 0.482054000 seconds]
[Time since reference or first frame: 29.960274000 seconds]
Frame Number: 2656
Frame Length: 650 bytes (5200 bits)
Capture Length: 650 bytes (5200 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 636
Identification: 0x0371 (881)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x42f8 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vrcommerce (2530), Seq: 116007, Ack: 899, Len: 596
Source port: http (80)
Destination port: vrcommerce (2530)
[Stream index: 32]
Sequence number: 116007 (relative sequence number)
[Next sequence number: 116603 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x763c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 596]
TCP segment data (596 bytes)
[47 Reassembled TCP Segments (58301 bytes): #2585(1380), #2586(1380), #2588(1380), #2589(241), #2591(1380), #2592(1380), #2594(1380), #2595(1380), #2597(272), #2598(1380), #2600(1380), #2601(136), #2603(1380), #2604(1380), #2606(1380), #260]
[Frame: 2585, payload: 0-1379 (1380 bytes)]
[Frame: 2586, payload: 1380-2759 (1380 bytes)]
[Frame: 2588, payload: 2760-4139 (1380 bytes)]
[Frame: 2589, payload: 4140-4380 (241 bytes)]
[Frame: 2591, payload: 4381-5760 (1380 bytes)]
[Frame: 2592, payload: 5761-7140 (1380 bytes)]
[Frame: 2594, payload: 7141-8520 (1380 bytes)]
[Frame: 2595, payload: 8521-9900 (1380 bytes)]
[Frame: 2597, payload: 9901-10172 (272 bytes)]
[Frame: 2598, payload: 10173-11552 (1380 bytes)]
[Frame: 2600, payload: 11553-12932 (1380 bytes)]
[Frame: 2601, payload: 12933-13068 (136 bytes)]
[Frame: 2603, payload: 13069-14448 (1380 bytes)]
[Frame: 2604, payload: 14449-15828 (1380 bytes)]
[Frame: 2606, payload: 15829-17208 (1380 bytes)]
[Frame: 2607, payload: 17209-17412 (204 bytes)]
[Frame: 2609, payload: 17413-18792 (1380 bytes)]
[Frame: 2610, payload: 18793-20172 (1380 bytes)]
[Frame: 2612, payload: 20173-21552 (1380 bytes)]
[Frame: 2613, payload: 21553-22932 (1380 bytes)]
[Frame: 2615, payload: 22933-23204 (272 bytes)]
[Frame: 2616, payload: 23205-24584 (1380 bytes)]
[Frame: 2618, payload: 24585-25964 (1380 bytes)]
[Frame: 2619, payload: 25965-27344 (1380 bytes)]
[Frame: 2621, payload: 27345-28724 (1380 bytes)]
[Frame: 2622, payload: 28725-30104 (1380 bytes)]
[Frame: 2626, payload: 30105-31484 (1380 bytes)]
[Frame: 2627, payload: 31485-32864 (1380 bytes)]
[Frame: 2629, payload: 32865-34244 (1380 bytes)]
[Frame: 2630, payload: 34245-35624 (1380 bytes)]
[Frame: 2632, payload: 35625-37004 (1380 bytes)]
[Frame: 2633, payload: 37005-38384 (1380 bytes)]
[Frame: 2635, payload: 38385-39764 (1380 bytes)]
[Frame: 2636, payload: 39765-41144 (1380 bytes)]
[Frame: 2638, payload: 41145-42524 (1380 bytes)]
[Frame: 2639, payload: 42525-43904 (1380 bytes)]
[Frame: 2641, payload: 43905-45284 (1380 bytes)]
[Frame: 2642, payload: 45285-46664 (1380 bytes)]
[Frame: 2644, payload: 46665-48044 (1380 bytes)]
[Frame: 2645, payload: 48045-49424 (1380 bytes)]
[Frame: 2647, payload: 49425-50804 (1380 bytes)]
[Frame: 2648, payload: 50805-52184 (1380 bytes)]
[Frame: 2650, payload: 52185-53564 (1380 bytes)]
[Frame: 2651, payload: 53565-54944 (1380 bytes)]
[Frame: 2653, payload: 54945-56324 (1380 bytes)]
[Frame: 2654, payload: 56325-57704 (1380 bytes)]
[Frame: 2656, payload: 57705-58300 (596 bytes)]
[Segment count: 47]
[Reassembled TCP length: 58301]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:38 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57961\r\n
[Content length: 57961]
Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:38 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6507
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2658 2012-06-20 08:38:57.982379 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 2658: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:57.982379000 GMT Daylight Time
Epoch Time: 1340177937.982379000 seconds
[Time delta from previous captured frame: 0.000051000 seconds]
[Time delta from previous displayed frame: 0.000319000 seconds]
[Time since reference or first frame: 29.960593000 seconds]
Frame Number: 2658
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x25c4 (9668)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd60b [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 1098, Ack: 116603, Len: 237
Source port: vrcommerce (2530)
Destination port: http (80)
[Stream index: 32]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 116603 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x16e6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2657(199), #2658(237)]
[Frame: 2657, payload: 0-198 (199 bytes)]
[Frame: 2658, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2734 2012-06-20 08:38:58.432747 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2734: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits)
Arrival Time: Jun 20, 2012 08:38:58.432747000 GMT Daylight Time
Epoch Time: 1340177938.432747000 seconds
[Time delta from previous captured frame: 0.000025000 seconds]
[Time delta from previous displayed frame: 0.450368000 seconds]
[Time since reference or first frame: 30.410961000 seconds]
Frame Number: 2734
Frame Length: 174 bytes (1392 bits)
Capture Length: 174 bytes (1392 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 160
Identification: 0x03a3 (931)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x44a2 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vrcommerce (2530), Seq: 174784, Ack: 1335, Len: 120
Source port: http (80)
Destination port: vrcommerce (2530)
[Stream index: 32]
Sequence number: 174784 (relative sequence number)
[Next sequence number: 174904 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x305b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1500]
TCP segment data (120 bytes)
[48 Reassembled TCP Segments (58301 bytes): #2664(1380), #2665(105), #2667(1380), #2668(1380), #2670(136), #2671(1380), #2673(1380), #2674(1380), #2676(1380), #2677(1380), #2679(340), #2680(1380), #2682(1380), #2683(136), #2685(1380), #2686]
[Frame: 2664, payload: 0-1379 (1380 bytes)]
[Frame: 2665, payload: 1380-1484 (105 bytes)]
[Frame: 2667, payload: 1485-2864 (1380 bytes)]
[Frame: 2668, payload: 2865-4244 (1380 bytes)]
[Frame: 2670, payload: 4245-4380 (136 bytes)]
[Frame: 2671, payload: 4381-5760 (1380 bytes)]
[Frame: 2673, payload: 5761-7140 (1380 bytes)]
[Frame: 2674, payload: 7141-8520 (1380 bytes)]
[Frame: 2676, payload: 8521-9900 (1380 bytes)]
[Frame: 2677, payload: 9901-11280 (1380 bytes)]
[Frame: 2679, payload: 11281-11620 (340 bytes)]
[Frame: 2680, payload: 11621-13000 (1380 bytes)]
[Frame: 2682, payload: 13001-14380 (1380 bytes)]
[Frame: 2683, payload: 14381-14516 (136 bytes)]
[Frame: 2685, payload: 14517-15896 (1380 bytes)]
[Frame: 2686, payload: 15897-17276 (1380 bytes)]
[Frame: 2688, payload: 17277-18656 (1380 bytes)]
[Frame: 2689, payload: 18657-20036 (1380 bytes)]
[Frame: 2691, payload: 20037-21416 (1380 bytes)]
[Frame: 2692, payload: 21417-22796 (1380 bytes)]
[Frame: 2694, payload: 22797-24176 (1380 bytes)]
[Frame: 2695, payload: 24177-24652 (476 bytes)]
[Frame: 2697, payload: 24653-26032 (1380 bytes)]
[Frame: 2698, payload: 26033-27412 (1380 bytes)]
[Frame: 2700, payload: 27413-28792 (1380 bytes)]
[Frame: 2701, payload: 28793-30172 (1380 bytes)]
[Frame: 2703, payload: 30173-31552 (1380 bytes)]
[Frame: 2704, payload: 31553-32932 (1380 bytes)]
[Frame: 2706, payload: 32933-33340 (408 bytes)]
[Frame: 2707, payload: 33341-34720 (1380 bytes)]
[Frame: 2709, payload: 34721-36100 (1380 bytes)]
[Frame: 2710, payload: 36101-37480 (1380 bytes)]
[Frame: 2712, payload: 37481-38860 (1380 bytes)]
[Frame: 2713, payload: 38861-40240 (1380 bytes)]
[Frame: 2715, payload: 40241-41620 (1380 bytes)]
[Frame: 2716, payload: 41621-43000 (1380 bytes)]
[Frame: 2718, payload: 43001-44380 (1380 bytes)]
[Frame: 2719, payload: 44381-45760 (1380 bytes)]
[Frame: 2721, payload: 45761-47140 (1380 bytes)]
[Frame: 2722, payload: 47141-48520 (1380 bytes)]
[Frame: 2724, payload: 48521-49900 (1380 bytes)]
[Frame: 2725, payload: 49901-51280 (1380 bytes)]
[Frame: 2727, payload: 51281-52660 (1380 bytes)]
[Frame: 2728, payload: 52661-54040 (1380 bytes)]
[Frame: 2730, payload: 54041-55420 (1380 bytes)]
[Frame: 2731, payload: 55421-56800 (1380 bytes)]
[Frame: 2733, payload: 56801-58180 (1380 bytes)]
[Frame: 2734, payload: 58181-58300 (120 bytes)]
[Segment count: 48]
[Reassembled TCP length: 58301]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:39 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57961\r\n
[Content length: 57961]
Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:39 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6507
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2736 2012-06-20 08:38:58.433022 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 2736: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:38:58.433022000 GMT Daylight Time
Epoch Time: 1340177938.433022000 seconds
[Time delta from previous captured frame: 0.000252000 seconds]
[Time delta from previous displayed frame: 0.000275000 seconds]
[Time since reference or first frame: 30.411236000 seconds]
Frame Number: 2736
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x25dd (9693)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd65a [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vrcommerce (2530), Dst Port: http (80), Seq: 1335, Ack: 174904, Len: 133
Source port: vrcommerce (2530)
Destination port: http (80)
[Stream index: 32]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 174904 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x61b6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
No. Time Source Destination Protocol Info
2748 2012-06-20 08:38:58.704220 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 2748: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:58.704220000 GMT Daylight Time
Epoch Time: 1340177938.704220000 seconds
[Time delta from previous captured frame: 0.000102000 seconds]
[Time delta from previous displayed frame: 0.271198000 seconds]
[Time since reference or first frame: 30.682434000 seconds]
Frame Number: 2748
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x25e3 (9699)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd5ec [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: ito-e-gui (2531)
Destination port: http (80)
[Stream index: 33]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x8df5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #2747(225), #2748(237)]
[Frame: 2747, payload: 0-224 (225 bytes)]
[Frame: 2748, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2820 2012-06-20 08:38:59.442036 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2820: 726 bytes on wire (5808 bits), 726 bytes captured (5808 bits)
Arrival Time: Jun 20, 2012 08:38:59.442036000 GMT Daylight Time
Epoch Time: 1340177939.442036000 seconds
[Time delta from previous captured frame: 0.000099000 seconds]
[Time delta from previous displayed frame: 0.737816000 seconds]
[Time since reference or first frame: 31.420250000 seconds]
Frame Number: 2820
Frame Length: 726 bytes (5808 bits)
Capture Length: 726 bytes (5808 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 712
Identification: 0x745f (29791)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xd1bd [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ito-e-gui (2531), Seq: 57094, Ack: 463, Len: 672
Source port: http (80)
Destination port: ito-e-gui (2531)
[Stream index: 33]
Sequence number: 57094 (relative sequence number)
[Next sequence number: 57766 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x4c94 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 672]
TCP segment data (672 bytes)
[43 Reassembled TCP Segments (57765 bytes): #2754(1380), #2755(1380), #2757(1380), #2758(1380), #2760(1380), #2761(1380), #2763(1380), #2764(513), #2766(1380), #2767(1380), #2769(1380), #2770(1380), #2772(1380), #2773(1380), #2775(1380), #2]
[Frame: 2754, payload: 0-1379 (1380 bytes)]
[Frame: 2755, payload: 1380-2759 (1380 bytes)]
[Frame: 2757, payload: 2760-4139 (1380 bytes)]
[Frame: 2758, payload: 4140-5519 (1380 bytes)]
[Frame: 2760, payload: 5520-6899 (1380 bytes)]
[Frame: 2761, payload: 6900-8279 (1380 bytes)]
[Frame: 2763, payload: 8280-9659 (1380 bytes)]
[Frame: 2764, payload: 9660-10172 (513 bytes)]
[Frame: 2766, payload: 10173-11552 (1380 bytes)]
[Frame: 2767, payload: 11553-12932 (1380 bytes)]
[Frame: 2769, payload: 12933-14312 (1380 bytes)]
[Frame: 2770, payload: 14313-15692 (1380 bytes)]
[Frame: 2772, payload: 15693-17072 (1380 bytes)]
[Frame: 2773, payload: 17073-18452 (1380 bytes)]
[Frame: 2775, payload: 18453-19832 (1380 bytes)]
[Frame: 2776, payload: 19833-21212 (1380 bytes)]
[Frame: 2778, payload: 21213-22592 (1380 bytes)]
[Frame: 2779, payload: 22593-23972 (1380 bytes)]
[Frame: 2781, payload: 23973-25352 (1380 bytes)]
[Frame: 2782, payload: 25353-26732 (1380 bytes)]
[Frame: 2784, payload: 26733-28112 (1380 bytes)]
[Frame: 2785, payload: 28113-29492 (1380 bytes)]
[Frame: 2787, payload: 29493-30872 (1380 bytes)]
[Frame: 2788, payload: 30873-32252 (1380 bytes)]
[Frame: 2790, payload: 32253-33632 (1380 bytes)]
[Frame: 2793, payload: 33633-35012 (1380 bytes)]
[Frame: 2795, payload: 35013-36392 (1380 bytes)]
[Frame: 2796, payload: 36393-37772 (1380 bytes)]
[Frame: 2798, payload: 37773-39152 (1380 bytes)]
[Frame: 2799, payload: 39153-40532 (1380 bytes)]
[Frame: 2801, payload: 40533-41912 (1380 bytes)]
[Frame: 2802, payload: 41913-43292 (1380 bytes)]
[Frame: 2804, payload: 43293-44672 (1380 bytes)]
[Frame: 2805, payload: 44673-46052 (1380 bytes)]
[Frame: 2807, payload: 46053-47432 (1380 bytes)]
[Frame: 2808, payload: 47433-48812 (1380 bytes)]
[Frame: 2810, payload: 48813-50192 (1380 bytes)]
[Frame: 2811, payload: 50193-51572 (1380 bytes)]
[Frame: 2813, payload: 51573-52952 (1380 bytes)]
[Frame: 2814, payload: 52953-54332 (1380 bytes)]
[Frame: 2817, payload: 54333-55712 (1380 bytes)]
[Frame: 2818, payload: 55713-57092 (1380 bytes)]
[Frame: 2820, payload: 57093-57764 (672 bytes)]
[Segment count: 43]
[Reassembled TCP length: 57765]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:40 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57425\r\n
[Content length: 57425]
Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:40 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 79\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5969
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 458
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2822 2012-06-20 08:38:59.442509 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 2822: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:59.442509000 GMT Daylight Time
Epoch Time: 1340177939.442509000 seconds
[Time delta from previous captured frame: 0.000133000 seconds]
[Time delta from previous displayed frame: 0.000473000 seconds]
[Time since reference or first frame: 31.420723000 seconds]
Frame Number: 2822
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x25fa (9722)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd5d5 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 662, Ack: 57766, Len: 237
Source port: ito-e-gui (2531)
Destination port: http (80)
[Stream index: 33]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 57766 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0xaa9d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2821(199), #2822(237)]
[Frame: 2821, payload: 0-198 (199 bytes)]
[Frame: 2822, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2893 2012-06-20 08:38:59.918142 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2893: 1222 bytes on wire (9776 bits), 1222 bytes captured (9776 bits)
Arrival Time: Jun 20, 2012 08:38:59.918142000 GMT Daylight Time
Epoch Time: 1340177939.918142000 seconds
[Time delta from previous captured frame: 0.000090000 seconds]
[Time delta from previous displayed frame: 0.475633000 seconds]
[Time since reference or first frame: 31.896356000 seconds]
Frame Number: 2893
Frame Length: 1222 bytes (9776 bits)
Capture Length: 1222 bytes (9776 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1208
Identification: 0x748d (29837)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xcf9f [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ito-e-gui (2531), Seq: 114363, Ack: 899, Len: 1168
Source port: http (80)
Destination port: ito-e-gui (2531)
[Stream index: 33]
Sequence number: 114363 (relative sequence number)
[Next sequence number: 115531 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x9eb2 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2548]
TCP segment data (1168 bytes)
[44 Reassembled TCP Segments (57765 bytes): #2829(1380), #2830(1380), #2832(1380), #2833(1380), #2835(1380), #2836(1380), #2838(1380), #2839(1380), #2841(581), #2842(1380), #2844(1380), #2845(136), #2847(1380), #2848(1380), #2850(1380), #28]
[Frame: 2829, payload: 0-1379 (1380 bytes)]
[Frame: 2830, payload: 1380-2759 (1380 bytes)]
[Frame: 2832, payload: 2760-4139 (1380 bytes)]
[Frame: 2833, payload: 4140-5519 (1380 bytes)]
[Frame: 2835, payload: 5520-6899 (1380 bytes)]
[Frame: 2836, payload: 6900-8279 (1380 bytes)]
[Frame: 2838, payload: 8280-9659 (1380 bytes)]
[Frame: 2839, payload: 9660-11039 (1380 bytes)]
[Frame: 2841, payload: 11040-11620 (581 bytes)]
[Frame: 2842, payload: 11621-13000 (1380 bytes)]
[Frame: 2844, payload: 13001-14380 (1380 bytes)]
[Frame: 2845, payload: 14381-14516 (136 bytes)]
[Frame: 2847, payload: 14517-15896 (1380 bytes)]
[Frame: 2848, payload: 15897-17276 (1380 bytes)]
[Frame: 2850, payload: 17277-18656 (1380 bytes)]
[Frame: 2851, payload: 18657-20036 (1380 bytes)]
[Frame: 2853, payload: 20037-21416 (1380 bytes)]
[Frame: 2854, payload: 21417-22796 (1380 bytes)]
[Frame: 2856, payload: 22797-24176 (1380 bytes)]
[Frame: 2857, payload: 24177-25556 (1380 bytes)]
[Frame: 2859, payload: 25557-26936 (1380 bytes)]
[Frame: 2860, payload: 26937-28316 (1380 bytes)]
[Frame: 2862, payload: 28317-28996 (680 bytes)]
[Frame: 2863, payload: 28997-30376 (1380 bytes)]
[Frame: 2865, payload: 30377-31756 (1380 bytes)]
[Frame: 2866, payload: 31757-33136 (1380 bytes)]
[Frame: 2868, payload: 33137-34516 (1380 bytes)]
[Frame: 2869, payload: 34517-35896 (1380 bytes)]
[Frame: 2871, payload: 35897-37276 (1380 bytes)]
[Frame: 2872, payload: 37277-38656 (1380 bytes)]
[Frame: 2874, payload: 38657-40036 (1380 bytes)]
[Frame: 2875, payload: 40037-41416 (1380 bytes)]
[Frame: 2877, payload: 41417-42796 (1380 bytes)]
[Frame: 2878, payload: 42797-44176 (1380 bytes)]
[Frame: 2880, payload: 44177-45556 (1380 bytes)]
[Frame: 2881, payload: 45557-46936 (1380 bytes)]
[Frame: 2883, payload: 46937-48316 (1380 bytes)]
[Frame: 2884, payload: 48317-49696 (1380 bytes)]
[Frame: 2886, payload: 49697-51076 (1380 bytes)]
[Frame: 2887, payload: 51077-52456 (1380 bytes)]
[Frame: 2889, payload: 52457-53836 (1380 bytes)]
[Frame: 2890, payload: 53837-55216 (1380 bytes)]
[Frame: 2892, payload: 55217-56596 (1380 bytes)]
[Frame: 2893, payload: 56597-57764 (1168 bytes)]
[Segment count: 44]
[Reassembled TCP length: 57765]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:40 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57425\r\n
[Content length: 57425]
Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:40 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 79\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5969
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 458
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2896 2012-06-20 08:38:59.918454 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 2896: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:38:59.918454000 GMT Daylight Time
Epoch Time: 1340177939.918454000 seconds
[Time delta from previous captured frame: 0.000042000 seconds]
[Time delta from previous displayed frame: 0.000312000 seconds]
[Time since reference or first frame: 31.896668000 seconds]
Frame Number: 2896
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2612 (9746)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd5bd [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 1098, Ack: 115531, Len: 237
Source port: ito-e-gui (2531)
Destination port: http (80)
[Stream index: 33]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 115531 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc741 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #2895(199), #2896(237)]
[Frame: 2895, payload: 0-198 (199 bytes)]
[Frame: 2896, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
2968 2012-06-20 08:39:00.377041 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 2968: 542 bytes on wire (4336 bits), 542 bytes captured (4336 bits)
Arrival Time: Jun 20, 2012 08:39:00.377041000 GMT Daylight Time
Epoch Time: 1340177940.377041000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.458587000 seconds]
[Time since reference or first frame: 32.355255000 seconds]
Frame Number: 2968
Frame Length: 542 bytes (4336 bits)
Capture Length: 542 bytes (4336 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 528
Identification: 0x74bc (29884)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xd218 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ito-e-gui (2531), Seq: 172808, Ack: 1335, Len: 488
Source port: http (80)
Destination port: ito-e-gui (2531)
[Stream index: 33]
Sequence number: 172808 (relative sequence number)
[Next sequence number: 173296 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x6f63 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 488]
TCP segment data (488 bytes)
[45 Reassembled TCP Segments (57765 bytes): #2901(1380), #2902(1380), #2904(1380), #2905(1380), #2907(1380), #2908(1380), #2910(445), #2911(1380), #2913(1380), #2914(1380), #2916(1380), #2917(272), #2919(1380), #2920(1380), #2922(1380), #29]
[Frame: 2901, payload: 0-1379 (1380 bytes)]
[Frame: 2902, payload: 1380-2759 (1380 bytes)]
[Frame: 2904, payload: 2760-4139 (1380 bytes)]
[Frame: 2905, payload: 4140-5519 (1380 bytes)]
[Frame: 2907, payload: 5520-6899 (1380 bytes)]
[Frame: 2908, payload: 6900-8279 (1380 bytes)]
[Frame: 2910, payload: 8280-8724 (445 bytes)]
[Frame: 2911, payload: 8725-10104 (1380 bytes)]
[Frame: 2913, payload: 10105-11484 (1380 bytes)]
[Frame: 2914, payload: 11485-12864 (1380 bytes)]
[Frame: 2916, payload: 12865-14244 (1380 bytes)]
[Frame: 2917, payload: 14245-14516 (272 bytes)]
[Frame: 2919, payload: 14517-15896 (1380 bytes)]
[Frame: 2920, payload: 15897-17276 (1380 bytes)]
[Frame: 2922, payload: 17277-18656 (1380 bytes)]
[Frame: 2923, payload: 18657-20036 (1380 bytes)]
[Frame: 2925, payload: 20037-21416 (1380 bytes)]
[Frame: 2926, payload: 21417-22796 (1380 bytes)]
[Frame: 2928, payload: 22797-24176 (1380 bytes)]
[Frame: 2929, payload: 24177-25556 (1380 bytes)]
[Frame: 2931, payload: 25557-26936 (1380 bytes)]
[Frame: 2932, payload: 26937-28316 (1380 bytes)]
[Frame: 2934, payload: 28317-28996 (680 bytes)]
[Frame: 2935, payload: 28997-30376 (1380 bytes)]
[Frame: 2937, payload: 30377-31756 (1380 bytes)]
[Frame: 2938, payload: 31757-33136 (1380 bytes)]
[Frame: 2940, payload: 33137-34516 (1380 bytes)]
[Frame: 2941, payload: 34517-35896 (1380 bytes)]
[Frame: 2943, payload: 35897-37276 (1380 bytes)]
[Frame: 2944, payload: 37277-38656 (1380 bytes)]
[Frame: 2946, payload: 38657-40036 (1380 bytes)]
[Frame: 2947, payload: 40037-41416 (1380 bytes)]
[Frame: 2949, payload: 41417-42796 (1380 bytes)]
[Frame: 2950, payload: 42797-43476 (680 bytes)]
[Frame: 2953, payload: 43477-44856 (1380 bytes)]
[Frame: 2954, payload: 44857-46236 (1380 bytes)]
[Frame: 2956, payload: 46237-47616 (1380 bytes)]
[Frame: 2957, payload: 47617-48996 (1380 bytes)]
[Frame: 2959, payload: 48997-50376 (1380 bytes)]
[Frame: 2960, payload: 50377-51756 (1380 bytes)]
[Frame: 2962, payload: 51757-53136 (1380 bytes)]
[Frame: 2963, payload: 53137-54516 (1380 bytes)]
[Frame: 2965, payload: 54517-55896 (1380 bytes)]
[Frame: 2966, payload: 55897-57276 (1380 bytes)]
[Frame: 2968, payload: 57277-57764 (488 bytes)]
[Segment count: 45]
[Reassembled TCP length: 57765]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:41 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57425\r\n
[Content length: 57425]
Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:41 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 79\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5969
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 458
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
2969 2012-06-20 08:39:00.377338 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 2969: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:00.377338000 GMT Daylight Time
Epoch Time: 1340177940.377338000 seconds
[Time delta from previous captured frame: 0.000297000 seconds]
[Time delta from previous displayed frame: 0.000297000 seconds]
[Time since reference or first frame: 32.355552000 seconds]
Frame Number: 2969
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2629 (9769)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd60e [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ito-e-gui (2531), Dst Port: http (80), Seq: 1335, Ack: 173296, Len: 133
Source port: ito-e-gui (2531)
Destination port: http (80)
[Stream index: 33]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 173296 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x0e32 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 2968]
[The RTT to ACK the segment was: 0.000297000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
No. Time Source Destination Protocol Info
2983 2012-06-20 08:39:00.650604 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 2983: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:00.650604000 GMT Daylight Time
Epoch Time: 1340177940.650604000 seconds
[Time delta from previous captured frame: 0.000127000 seconds]
[Time delta from previous displayed frame: 0.273266000 seconds]
[Time since reference or first frame: 32.628818000 seconds]
Frame Number: 2983
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x262f (9775)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd5a0 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: ovtopmd (2532)
Destination port: http (80)
[Stream index: 34]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x97a3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #2982(225), #2983(237)]
[Frame: 2982, payload: 0-224 (225 bytes)]
[Frame: 2983, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3059 2012-06-20 08:39:01.394506 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3059: 1351 bytes on wire (10808 bits), 1351 bytes captured (10808 bits)
Arrival Time: Jun 20, 2012 08:39:01.394506000 GMT Daylight Time
Epoch Time: 1340177941.394506000 seconds
[Time delta from previous captured frame: 0.000009000 seconds]
[Time delta from previous displayed frame: 0.743902000 seconds]
[Time since reference or first frame: 33.372720000 seconds]
Frame Number: 3059
Frame Length: 1351 bytes (10808 bits)
Capture Length: 1351 bytes (10808 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1337
Identification: 0x37b8 (14264)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0bf4 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ovtopmd (2532), Seq: 60721, Ack: 463, Len: 1297
Source port: http (80)
Destination port: ovtopmd (2532)
[Stream index: 34]
Sequence number: 60721 (relative sequence number)
[Next sequence number: 62018 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x571c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1297]
TCP segment data (1297 bytes)
[45 Reassembled TCP Segments (62017 bytes): #2986(1380), #2987(1380), #2989(1380), #2990(1380), #2992(1380), #2993(1380), #2995(1380), #2996(1380), #2998(1380), #2999(1380), #3005(1380), #3006(1380), #3008(1380), #3009(1380), #3011(1380), #]
[Frame: 2986, payload: 0-1379 (1380 bytes)]
[Frame: 2987, payload: 1380-2759 (1380 bytes)]
[Frame: 2989, payload: 2760-4139 (1380 bytes)]
[Frame: 2990, payload: 4140-5519 (1380 bytes)]
[Frame: 2992, payload: 5520-6899 (1380 bytes)]
[Frame: 2993, payload: 6900-8279 (1380 bytes)]
[Frame: 2995, payload: 8280-9659 (1380 bytes)]
[Frame: 2996, payload: 9660-11039 (1380 bytes)]
[Frame: 2998, payload: 11040-12419 (1380 bytes)]
[Frame: 2999, payload: 12420-13799 (1380 bytes)]
[Frame: 3005, payload: 13800-15179 (1380 bytes)]
[Frame: 3006, payload: 15180-16559 (1380 bytes)]
[Frame: 3008, payload: 16560-17939 (1380 bytes)]
[Frame: 3009, payload: 17940-19319 (1380 bytes)]
[Frame: 3011, payload: 19320-20699 (1380 bytes)]
[Frame: 3012, payload: 20700-22079 (1380 bytes)]
[Frame: 3014, payload: 22080-23459 (1380 bytes)]
[Frame: 3015, payload: 23460-24839 (1380 bytes)]
[Frame: 3017, payload: 24840-26219 (1380 bytes)]
[Frame: 3018, payload: 26220-27599 (1380 bytes)]
[Frame: 3020, payload: 27600-28979 (1380 bytes)]
[Frame: 3021, payload: 28980-30359 (1380 bytes)]
[Frame: 3025, payload: 30360-31739 (1380 bytes)]
[Frame: 3026, payload: 31740-33119 (1380 bytes)]
[Frame: 3028, payload: 33120-34499 (1380 bytes)]
[Frame: 3029, payload: 34500-35879 (1380 bytes)]
[Frame: 3031, payload: 35880-37259 (1380 bytes)]
[Frame: 3032, payload: 37260-38639 (1380 bytes)]
[Frame: 3034, payload: 38640-40019 (1380 bytes)]
[Frame: 3035, payload: 40020-41399 (1380 bytes)]
[Frame: 3037, payload: 41400-42779 (1380 bytes)]
[Frame: 3038, payload: 42780-44159 (1380 bytes)]
[Frame: 3040, payload: 44160-45539 (1380 bytes)]
[Frame: 3041, payload: 45540-46919 (1380 bytes)]
[Frame: 3043, payload: 46920-48299 (1380 bytes)]
[Frame: 3044, payload: 48300-49679 (1380 bytes)]
[Frame: 3046, payload: 49680-51059 (1380 bytes)]
[Frame: 3047, payload: 51060-52439 (1380 bytes)]
[Frame: 3049, payload: 52440-53819 (1380 bytes)]
[Frame: 3050, payload: 53820-55199 (1380 bytes)]
[Frame: 3053, payload: 55200-56579 (1380 bytes)]
[Frame: 3054, payload: 56580-57959 (1380 bytes)]
[Frame: 3056, payload: 57960-59339 (1380 bytes)]
[Frame: 3057, payload: 59340-60719 (1380 bytes)]
[Frame: 3059, payload: 60720-62016 (1297 bytes)]
[Segment count: 45]
[Reassembled TCP length: 62017]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:42 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 61677\r\n
[Content length: 61677]
Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:42 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7157
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 476
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3061 2012-06-20 08:39:01.394961 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 3061: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:01.394961000 GMT Daylight Time
Epoch Time: 1340177941.394961000 seconds
[Time delta from previous captured frame: 0.000132000 seconds]
[Time delta from previous displayed frame: 0.000455000 seconds]
[Time since reference or first frame: 33.373175000 seconds]
Frame Number: 3061
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2647 (9799)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd588 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 662, Ack: 62018, Len: 237
Source port: ovtopmd (2532)
Destination port: http (80)
[Stream index: 34]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 62018 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0xa3b2 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #3060(199), #3061(237)]
[Frame: 3060, payload: 0-198 (199 bytes)]
[Frame: 3061, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3140 2012-06-20 08:39:01.854160 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3140: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits)
Arrival Time: Jun 20, 2012 08:39:01.854160000 GMT Daylight Time
Epoch Time: 1340177941.854160000 seconds
[Time delta from previous captured frame: 0.000008000 seconds]
[Time delta from previous displayed frame: 0.459199000 seconds]
[Time since reference or first frame: 33.832374000 seconds]
Frame Number: 3140
Frame Length: 362 bytes (2896 bits)
Capture Length: 362 bytes (2896 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 348
Identification: 0x37ea (14314)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0f9f [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ovtopmd (2532), Seq: 123727, Ack: 899, Len: 308
Source port: http (80)
Destination port: ovtopmd (2532)
[Stream index: 34]
Sequence number: 123727 (relative sequence number)
[Next sequence number: 124035 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x1eef [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1688]
TCP segment data (308 bytes)
[48 Reassembled TCP Segments (62017 bytes): #3069(1380), #3070(1380), #3072(1380), #3073(1380), #3075(309), #3076(1380), #3078(1380), #3079(1380), #3081(1380), #3082(1380), #3084(1380), #3085(408), #3087(1380), #3088(1380), #3090(1380), #30]
[Frame: 3069, payload: 0-1379 (1380 bytes)]
[Frame: 3070, payload: 1380-2759 (1380 bytes)]
[Frame: 3072, payload: 2760-4139 (1380 bytes)]
[Frame: 3073, payload: 4140-5519 (1380 bytes)]
[Frame: 3075, payload: 5520-5828 (309 bytes)]
[Frame: 3076, payload: 5829-7208 (1380 bytes)]
[Frame: 3078, payload: 7209-8588 (1380 bytes)]
[Frame: 3079, payload: 8589-9968 (1380 bytes)]
[Frame: 3081, payload: 9969-11348 (1380 bytes)]
[Frame: 3082, payload: 11349-12728 (1380 bytes)]
[Frame: 3084, payload: 12729-14108 (1380 bytes)]
[Frame: 3085, payload: 14109-14516 (408 bytes)]
[Frame: 3087, payload: 14517-15896 (1380 bytes)]
[Frame: 3088, payload: 15897-17276 (1380 bytes)]
[Frame: 3090, payload: 17277-18656 (1380 bytes)]
[Frame: 3091, payload: 18657-20036 (1380 bytes)]
[Frame: 3093, payload: 20037-20308 (272 bytes)]
[Frame: 3094, payload: 20309-21688 (1380 bytes)]
[Frame: 3096, payload: 21689-23068 (1380 bytes)]
[Frame: 3097, payload: 23069-24448 (1380 bytes)]
[Frame: 3099, payload: 24449-25828 (1380 bytes)]
[Frame: 3100, payload: 25829-27208 (1380 bytes)]
[Frame: 3102, payload: 27209-28588 (1380 bytes)]
[Frame: 3103, payload: 28589-29968 (1380 bytes)]
[Frame: 3105, payload: 29969-31348 (1380 bytes)]
[Frame: 3107, payload: 31349-32728 (1380 bytes)]
[Frame: 3109, payload: 32729-34108 (1380 bytes)]
[Frame: 3110, payload: 34109-35488 (1380 bytes)]
[Frame: 3112, payload: 35489-36868 (1380 bytes)]
[Frame: 3113, payload: 36869-38248 (1380 bytes)]
[Frame: 3115, payload: 38249-39628 (1380 bytes)]
[Frame: 3116, payload: 39629-41008 (1380 bytes)]
[Frame: 3118, payload: 41009-42388 (1380 bytes)]
[Frame: 3119, payload: 42389-43768 (1380 bytes)]
[Frame: 3121, payload: 43769-45148 (1380 bytes)]
[Frame: 3122, payload: 45149-46528 (1380 bytes)]
[Frame: 3124, payload: 46529-47908 (1380 bytes)]
[Frame: 3125, payload: 47909-49288 (1380 bytes)]
[Frame: 3127, payload: 49289-50668 (1380 bytes)]
[Frame: 3128, payload: 50669-52048 (1380 bytes)]
[Frame: 3130, payload: 52049-53428 (1380 bytes)]
[Frame: 3131, payload: 53429-54808 (1380 bytes)]
[Frame: 3133, payload: 54809-56188 (1380 bytes)]
[Frame: 3134, payload: 56189-57568 (1380 bytes)]
[Frame: 3136, payload: 57569-58948 (1380 bytes)]
[Frame: 3137, payload: 58949-60328 (1380 bytes)]
[Frame: 3139, payload: 60329-61708 (1380 bytes)]
[Frame: 3140, payload: 61709-62016 (308 bytes)]
[Segment count: 48]
[Reassembled TCP length: 62017]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:42 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 61677\r\n
[Content length: 61677]
Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:42 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7157
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 476
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3143 2012-06-20 08:39:01.854438 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 3143: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:01.854438000 GMT Daylight Time
Epoch Time: 1340177941.854438000 seconds
[Time delta from previous captured frame: 0.000039000 seconds]
[Time delta from previous displayed frame: 0.000278000 seconds]
[Time since reference or first frame: 33.832652000 seconds]
Frame Number: 3143
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2661 (9825)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd56e [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 1098, Ack: 124035, Len: 237
Source port: ovtopmd (2532)
Destination port: http (80)
[Stream index: 34]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 124035 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xafb7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #3142(199), #3143(237)]
[Frame: 3142, payload: 0-198 (199 bytes)]
[Frame: 3143, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3216 2012-06-20 08:39:02.292722 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3216: 858 bytes on wire (6864 bits), 858 bytes captured (6864 bits)
Arrival Time: Jun 20, 2012 08:39:02.292722000 GMT Daylight Time
Epoch Time: 1340177942.292722000 seconds
[Time delta from previous captured frame: 0.000046000 seconds]
[Time delta from previous displayed frame: 0.438284000 seconds]
[Time since reference or first frame: 34.270936000 seconds]
Frame Number: 3216
Frame Length: 858 bytes (6864 bits)
Capture Length: 858 bytes (6864 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 844
Identification: 0x381c (14364)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0d7d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ovtopmd (2532), Seq: 185248, Ack: 1335, Len: 804
Source port: http (80)
Destination port: ovtopmd (2532)
[Stream index: 34]
Sequence number: 185248 (relative sequence number)
[Next sequence number: 186052 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x9418 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2184]
TCP segment data (804 bytes)
[48 Reassembled TCP Segments (62017 bytes): #3146(1380), #3147(1380), #3149(1380), #3150(1380), #3152(1380), #3153(1380), #3155(445), #3156(1380), #3158(1380), #3159(1380), #3161(1380), #3162(272), #3164(1380), #3165(1380), #3167(1380), #31]
[Frame: 3146, payload: 0-1379 (1380 bytes)]
[Frame: 3147, payload: 1380-2759 (1380 bytes)]
[Frame: 3149, payload: 2760-4139 (1380 bytes)]
[Frame: 3150, payload: 4140-5519 (1380 bytes)]
[Frame: 3152, payload: 5520-6899 (1380 bytes)]
[Frame: 3153, payload: 6900-8279 (1380 bytes)]
[Frame: 3155, payload: 8280-8724 (445 bytes)]
[Frame: 3156, payload: 8725-10104 (1380 bytes)]
[Frame: 3158, payload: 10105-11484 (1380 bytes)]
[Frame: 3159, payload: 11485-12864 (1380 bytes)]
[Frame: 3161, payload: 12865-14244 (1380 bytes)]
[Frame: 3162, payload: 14245-14516 (272 bytes)]
[Frame: 3164, payload: 14517-15896 (1380 bytes)]
[Frame: 3165, payload: 15897-17276 (1380 bytes)]
[Frame: 3167, payload: 17277-18656 (1380 bytes)]
[Frame: 3168, payload: 18657-20036 (1380 bytes)]
[Frame: 3170, payload: 20037-21416 (1380 bytes)]
[Frame: 3171, payload: 21417-22796 (1380 bytes)]
[Frame: 3173, payload: 22797-24176 (1380 bytes)]
[Frame: 3174, payload: 24177-25556 (1380 bytes)]
[Frame: 3176, payload: 25557-26936 (1380 bytes)]
[Frame: 3177, payload: 26937-28316 (1380 bytes)]
[Frame: 3179, payload: 28317-28996 (680 bytes)]
[Frame: 3180, payload: 28997-30376 (1380 bytes)]
[Frame: 3182, payload: 30377-31756 (1380 bytes)]
[Frame: 3183, payload: 31757-33136 (1380 bytes)]
[Frame: 3185, payload: 33137-34516 (1380 bytes)]
[Frame: 3186, payload: 34517-35896 (1380 bytes)]
[Frame: 3188, payload: 35897-37276 (1380 bytes)]
[Frame: 3189, payload: 37277-38656 (1380 bytes)]
[Frame: 3191, payload: 38657-39132 (476 bytes)]
[Frame: 3192, payload: 39133-40512 (1380 bytes)]
[Frame: 3194, payload: 40513-41892 (1380 bytes)]
[Frame: 3195, payload: 41893-43272 (1380 bytes)]
[Frame: 3197, payload: 43273-44652 (1380 bytes)]
[Frame: 3198, payload: 44653-46032 (1380 bytes)]
[Frame: 3200, payload: 46033-47412 (1380 bytes)]
[Frame: 3201, payload: 47413-48792 (1380 bytes)]
[Frame: 3203, payload: 48793-50172 (1380 bytes)]
[Frame: 3204, payload: 50173-51552 (1380 bytes)]
[Frame: 3206, payload: 51553-52932 (1380 bytes)]
[Frame: 3207, payload: 52933-54312 (1380 bytes)]
[Frame: 3209, payload: 54313-55692 (1380 bytes)]
[Frame: 3210, payload: 55693-57072 (1380 bytes)]
[Frame: 3212, payload: 57073-58452 (1380 bytes)]
[Frame: 3213, payload: 58453-59832 (1380 bytes)]
[Frame: 3215, payload: 59833-61212 (1380 bytes)]
[Frame: 3216, payload: 61213-62016 (804 bytes)]
[Segment count: 48]
[Reassembled TCP length: 62017]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:43 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 61677\r\n
[Content length: 61677]
Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:43 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7157
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 476
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3218 2012-06-20 08:39:02.292981 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 3218: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:02.292981000 GMT Daylight Time
Epoch Time: 1340177942.292981000 seconds
[Time delta from previous captured frame: 0.000235000 seconds]
[Time delta from previous displayed frame: 0.000259000 seconds]
[Time since reference or first frame: 34.271195000 seconds]
Frame Number: 3218
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x267a (9850)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd5bd [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ovtopmd (2532), Dst Port: http (80), Seq: 1335, Ack: 186052, Len: 133
Source port: ovtopmd (2532)
Destination port: http (80)
[Stream index: 34]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 186052 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xdd08 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
No. Time Source Destination Protocol Info
3231 2012-06-20 08:39:02.588467 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 3231: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:02.588467000 GMT Daylight Time
Epoch Time: 1340177942.588467000 seconds
[Time delta from previous captured frame: 0.000129000 seconds]
[Time delta from previous displayed frame: 0.295486000 seconds]
[Time since reference or first frame: 34.566681000 seconds]
Frame Number: 3231
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2680 (9856)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd54f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237
Source port: snifferserver (2533)
Destination port: http (80)
[Stream index: 36]
Sequence number: 227 (relative sequence number)
[Next sequence number: 464 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x9c2c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 463]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (463 bytes): #3230(226), #3231(237)]
[Frame: 3230, payload: 0-225 (226 bytes)]
[Frame: 3231, payload: 226-462 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 463]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3292 2012-06-20 08:39:03.162505 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3292: 1110 bytes on wire (8880 bits), 1110 bytes captured (8880 bits)
Arrival Time: Jun 20, 2012 08:39:03.162505000 GMT Daylight Time
Epoch Time: 1340177943.162505000 seconds
[Time delta from previous captured frame: 0.000071000 seconds]
[Time delta from previous displayed frame: 0.574038000 seconds]
[Time since reference or first frame: 35.140719000 seconds]
Frame Number: 3292
Frame Length: 1110 bytes (8880 bits)
Capture Length: 1110 bytes (8880 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1096
Identification: 0xc1d4 (49620)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x82c8 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: snifferserver (2533), Seq: 49990, Ack: 464, Len: 1056
Source port: http (80)
Destination port: snifferserver (2533)
[Stream index: 36]
Sequence number: 49990 (relative sequence number)
[Next sequence number: 51046 (relative sequence number)]
Acknowledgement number: 464 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x02db [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2436]
TCP segment data (1056 bytes)
[38 Reassembled TCP Segments (51045 bytes): #3236(1380), #3237(1380), #3239(1380), #3240(1380), #3242(309), #3243(1380), #3245(1380), #3246(1380), #3248(1380), #3249(1380), #3252(1380), #3253(1380), #3255(1380), #3256(1380), #3258(1380), #3]
[Frame: 3236, payload: 0-1379 (1380 bytes)]
[Frame: 3237, payload: 1380-2759 (1380 bytes)]
[Frame: 3239, payload: 2760-4139 (1380 bytes)]
[Frame: 3240, payload: 4140-5519 (1380 bytes)]
[Frame: 3242, payload: 5520-5828 (309 bytes)]
[Frame: 3243, payload: 5829-7208 (1380 bytes)]
[Frame: 3245, payload: 7209-8588 (1380 bytes)]
[Frame: 3246, payload: 8589-9968 (1380 bytes)]
[Frame: 3248, payload: 9969-11348 (1380 bytes)]
[Frame: 3249, payload: 11349-12728 (1380 bytes)]
[Frame: 3252, payload: 12729-14108 (1380 bytes)]
[Frame: 3253, payload: 14109-15488 (1380 bytes)]
[Frame: 3255, payload: 15489-16868 (1380 bytes)]
[Frame: 3256, payload: 16869-18248 (1380 bytes)]
[Frame: 3258, payload: 18249-19628 (1380 bytes)]
[Frame: 3259, payload: 19629-21008 (1380 bytes)]
[Frame: 3261, payload: 21009-22388 (1380 bytes)]
[Frame: 3262, payload: 22389-23768 (1380 bytes)]
[Frame: 3264, payload: 23769-25148 (1380 bytes)]
[Frame: 3265, payload: 25149-26528 (1380 bytes)]
[Frame: 3267, payload: 26529-27908 (1380 bytes)]
[Frame: 3268, payload: 27909-29288 (1380 bytes)]
[Frame: 3270, payload: 29289-30668 (1380 bytes)]
[Frame: 3271, payload: 30669-32048 (1380 bytes)]
[Frame: 3273, payload: 32049-33428 (1380 bytes)]
[Frame: 3274, payload: 33429-34808 (1380 bytes)]
[Frame: 3276, payload: 34809-36188 (1380 bytes)]
[Frame: 3277, payload: 36189-37568 (1380 bytes)]
[Frame: 3279, payload: 37569-38948 (1380 bytes)]
[Frame: 3280, payload: 38949-40328 (1380 bytes)]
[Frame: 3282, payload: 40329-41708 (1380 bytes)]
[Frame: 3283, payload: 41709-43088 (1380 bytes)]
[Frame: 3285, payload: 43089-44468 (1380 bytes)]
[Frame: 3286, payload: 44469-45848 (1380 bytes)]
[Frame: 3288, payload: 45849-47228 (1380 bytes)]
[Frame: 3289, payload: 47229-48608 (1380 bytes)]
[Frame: 3291, payload: 48609-49988 (1380 bytes)]
[Frame: 3292, payload: 49989-51044 (1056 bytes)]
[Segment count: 38]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:43 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:43 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3295 2012-06-20 08:39:03.162835 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 3295: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:03.162835000 GMT Daylight Time
Epoch Time: 1340177943.162835000 seconds
[Time delta from previous captured frame: 0.000040000 seconds]
[Time delta from previous displayed frame: 0.000330000 seconds]
[Time since reference or first frame: 35.141049000 seconds]
Frame Number: 3295
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2695 (9877)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd53a [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 664, Ack: 51046, Len: 237
Source port: snifferserver (2533)
Destination port: http (80)
[Stream index: 36]
Sequence number: 664 (relative sequence number)
[Next sequence number: 901 (relative sequence number)]
Acknowledgement number: 51046 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xd311 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #3294(200), #3295(237)]
[Frame: 3294, payload: 0-199 (200 bytes)]
[Frame: 3295, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3358 2012-06-20 08:39:03.597064 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3358: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits)
Arrival Time: Jun 20, 2012 08:39:03.597064000 GMT Daylight Time
Epoch Time: 1340177943.597064000 seconds
[Time delta from previous captured frame: 0.000007000 seconds]
[Time delta from previous displayed frame: 0.434229000 seconds]
[Time since reference or first frame: 35.575278000 seconds]
Frame Number: 3358
Frame Length: 362 bytes (2896 bits)
Capture Length: 362 bytes (2896 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 348
Identification: 0xc1fd (49661)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x858b [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: snifferserver (2533), Seq: 101783, Ack: 901, Len: 308
Source port: http (80)
Destination port: snifferserver (2533)
[Stream index: 36]
Sequence number: 101783 (relative sequence number)
[Next sequence number: 102091 (relative sequence number)]
Acknowledgement number: 901 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xf95a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 308]
TCP segment data (308 bytes)
[39 Reassembled TCP Segments (51045 bytes): #3301(1380), #3302(1380), #3304(1380), #3305(1380), #3307(309), #3308(1380), #3310(1380), #3311(1380), #3313(1380), #3314(1380), #3316(1380), #3317(1380), #3319(1380), #3320(1380), #3322(1380), #3]
[Frame: 3301, payload: 0-1379 (1380 bytes)]
[Frame: 3302, payload: 1380-2759 (1380 bytes)]
[Frame: 3304, payload: 2760-4139 (1380 bytes)]
[Frame: 3305, payload: 4140-5519 (1380 bytes)]
[Frame: 3307, payload: 5520-5828 (309 bytes)]
[Frame: 3308, payload: 5829-7208 (1380 bytes)]
[Frame: 3310, payload: 7209-8588 (1380 bytes)]
[Frame: 3311, payload: 8589-9968 (1380 bytes)]
[Frame: 3313, payload: 9969-11348 (1380 bytes)]
[Frame: 3314, payload: 11349-12728 (1380 bytes)]
[Frame: 3316, payload: 12729-14108 (1380 bytes)]
[Frame: 3317, payload: 14109-15488 (1380 bytes)]
[Frame: 3319, payload: 15489-16868 (1380 bytes)]
[Frame: 3320, payload: 16869-18248 (1380 bytes)]
[Frame: 3322, payload: 18249-19628 (1380 bytes)]
[Frame: 3323, payload: 19629-21008 (1380 bytes)]
[Frame: 3325, payload: 21009-21756 (748 bytes)]
[Frame: 3326, payload: 21757-23136 (1380 bytes)]
[Frame: 3328, payload: 23137-24516 (1380 bytes)]
[Frame: 3329, payload: 24517-25896 (1380 bytes)]
[Frame: 3331, payload: 25897-27276 (1380 bytes)]
[Frame: 3332, payload: 27277-28656 (1380 bytes)]
[Frame: 3334, payload: 28657-30036 (1380 bytes)]
[Frame: 3335, payload: 30037-31416 (1380 bytes)]
[Frame: 3337, payload: 31417-32796 (1380 bytes)]
[Frame: 3338, payload: 32797-34176 (1380 bytes)]
[Frame: 3340, payload: 34177-35556 (1380 bytes)]
[Frame: 3341, payload: 35557-36936 (1380 bytes)]
[Frame: 3343, payload: 36937-38316 (1380 bytes)]
[Frame: 3344, payload: 38317-39696 (1380 bytes)]
[Frame: 3346, payload: 39697-41076 (1380 bytes)]
[Frame: 3347, payload: 41077-42456 (1380 bytes)]
[Frame: 3349, payload: 42457-43836 (1380 bytes)]
[Frame: 3350, payload: 43837-45216 (1380 bytes)]
[Frame: 3352, payload: 45217-46596 (1380 bytes)]
[Frame: 3353, payload: 46597-47976 (1380 bytes)]
[Frame: 3355, payload: 47977-49356 (1380 bytes)]
[Frame: 3356, payload: 49357-50736 (1380 bytes)]
[Frame: 3358, payload: 50737-51044 (308 bytes)]
[Segment count: 39]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:44 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:44 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3360 2012-06-20 08:39:03.597406 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 3360: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:03.597406000 GMT Daylight Time
Epoch Time: 1340177943.597406000 seconds
[Time delta from previous captured frame: 0.000100000 seconds]
[Time delta from previous displayed frame: 0.000342000 seconds]
[Time since reference or first frame: 35.575620000 seconds]
Frame Number: 3360
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x26aa (9898)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd525 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 1101, Ack: 102091, Len: 237
Source port: snifferserver (2533)
Destination port: http (80)
[Stream index: 36]
Sequence number: 1101 (relative sequence number)
[Next sequence number: 1338 (relative sequence number)]
Acknowledgement number: 102091 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0x09f8 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #3359(200), #3360(237)]
[Frame: 3359, payload: 0-199 (200 bytes)]
[Frame: 3360, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3424 2012-06-20 08:39:04.236906 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3424: 634 bytes on wire (5072 bits), 634 bytes captured (5072 bits)
Arrival Time: Jun 20, 2012 08:39:04.236906000 GMT Daylight Time
Epoch Time: 1340177944.236906000 seconds
[Time delta from previous captured frame: 0.000023000 seconds]
[Time delta from previous displayed frame: 0.639500000 seconds]
[Time since reference or first frame: 36.215120000 seconds]
Frame Number: 3424
Frame Length: 634 bytes (5072 bits)
Capture Length: 634 bytes (5072 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 620
Identification: 0xc226 (49702)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x8452 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: snifferserver (2533), Seq: 152556, Ack: 1338, Len: 580
Source port: http (80)
Destination port: snifferserver (2533)
[Stream index: 36]
Sequence number: 152556 (relative sequence number)
[Next sequence number: 153136 (relative sequence number)]
Acknowledgement number: 1338 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x6ebd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 580]
TCP segment data (580 bytes)
[39 Reassembled TCP Segments (51045 bytes): #3366(1380), #3367(1380), #3369(1380), #3370(241), #3372(1380), #3373(1380), #3375(1380), #3376(1380), #3378(1380), #3379(1380), #3381(1380), #3382(1380), #3384(544), #3385(1380), #3387(1380), #33]
[Frame: 3366, payload: 0-1379 (1380 bytes)]
[Frame: 3367, payload: 1380-2759 (1380 bytes)]
[Frame: 3369, payload: 2760-4139 (1380 bytes)]
[Frame: 3370, payload: 4140-4380 (241 bytes)]
[Frame: 3372, payload: 4381-5760 (1380 bytes)]
[Frame: 3373, payload: 5761-7140 (1380 bytes)]
[Frame: 3375, payload: 7141-8520 (1380 bytes)]
[Frame: 3376, payload: 8521-9900 (1380 bytes)]
[Frame: 3378, payload: 9901-11280 (1380 bytes)]
[Frame: 3379, payload: 11281-12660 (1380 bytes)]
[Frame: 3381, payload: 12661-14040 (1380 bytes)]
[Frame: 3382, payload: 14041-15420 (1380 bytes)]
[Frame: 3384, payload: 15421-15964 (544 bytes)]
[Frame: 3385, payload: 15965-17344 (1380 bytes)]
[Frame: 3387, payload: 17345-18724 (1380 bytes)]
[Frame: 3388, payload: 18725-20104 (1380 bytes)]
[Frame: 3391, payload: 20105-21484 (1380 bytes)]
[Frame: 3392, payload: 21485-22864 (1380 bytes)]
[Frame: 3394, payload: 22865-24244 (1380 bytes)]
[Frame: 3395, payload: 24245-25624 (1380 bytes)]
[Frame: 3397, payload: 25625-27004 (1380 bytes)]
[Frame: 3398, payload: 27005-28384 (1380 bytes)]
[Frame: 3400, payload: 28385-29764 (1380 bytes)]
[Frame: 3401, payload: 29765-31144 (1380 bytes)]
[Frame: 3403, payload: 31145-32524 (1380 bytes)]
[Frame: 3404, payload: 32525-33904 (1380 bytes)]
[Frame: 3406, payload: 33905-35284 (1380 bytes)]
[Frame: 3407, payload: 35285-36664 (1380 bytes)]
[Frame: 3409, payload: 36665-38044 (1380 bytes)]
[Frame: 3410, payload: 38045-39424 (1380 bytes)]
[Frame: 3412, payload: 39425-40804 (1380 bytes)]
[Frame: 3413, payload: 40805-42184 (1380 bytes)]
[Frame: 3415, payload: 42185-43564 (1380 bytes)]
[Frame: 3416, payload: 43565-44944 (1380 bytes)]
[Frame: 3418, payload: 44945-46324 (1380 bytes)]
[Frame: 3419, payload: 46325-47704 (1380 bytes)]
[Frame: 3421, payload: 47705-49084 (1380 bytes)]
[Frame: 3422, payload: 49085-50464 (1380 bytes)]
[Frame: 3424, payload: 50465-51044 (580 bytes)]
[Segment count: 39]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:44 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:44 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3425 2012-06-20 08:39:04.237249 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 3425: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Arrival Time: Jun 20, 2012 08:39:04.237249000 GMT Daylight Time
Epoch Time: 1340177944.237249000 seconds
[Time delta from previous captured frame: 0.000343000 seconds]
[Time delta from previous displayed frame: 0.000343000 seconds]
[Time since reference or first frame: 36.215463000 seconds]
Frame Number: 3425
Frame Length: 188 bytes (1504 bits)
Capture Length: 188 bytes (1504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 174
Identification: 0x26be (9918)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd578 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: snifferserver (2533), Dst Port: http (80), Seq: 1338, Ack: 153136, Len: 134
Source port: snifferserver (2533)
Destination port: http (80)
[Stream index: 36]
Sequence number: 1338 (relative sequence number)
[Next sequence number: 1472 (relative sequence number)]
Acknowledgement number: 153136 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x93d7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 3424]
[The RTT to ACK the segment was: 0.000343000 seconds]
[Bytes in flight: 134]
Hypertext Transfer Protocol
HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
No. Time Source Destination Protocol Info
3437 2012-06-20 08:39:04.513020 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 3437: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:04.513020000 GMT Daylight Time
Epoch Time: 1340177944.513020000 seconds
[Time delta from previous captured frame: 0.000132000 seconds]
[Time delta from previous displayed frame: 0.275771000 seconds]
[Time since reference or first frame: 36.491234000 seconds]
Frame Number: 3437
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x26c4 (9924)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd50b [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: combox-web-acc (2534)
Destination port: http (80)
[Stream index: 37]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x55b1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #3436(225), #3437(237)]
[Frame: 3436, payload: 0-224 (225 bytes)]
[Frame: 3437, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3498 2012-06-20 08:39:05.072479 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3498: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits)
Arrival Time: Jun 20, 2012 08:39:05.072479000 GMT Daylight Time
Epoch Time: 1340177945.072479000 seconds
[Time delta from previous captured frame: 0.000016000 seconds]
[Time delta from previous displayed frame: 0.559459000 seconds]
[Time since reference or first frame: 37.050693000 seconds]
Frame Number: 3498
Frame Length: 777 bytes (6216 bits)
Capture Length: 777 bytes (6216 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 763
Identification: 0x7974 (31092)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xcc75 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: combox-web-acc (2534), Seq: 49681, Ack: 463, Len: 723
Source port: http (80)
Destination port: combox-web-acc (2534)
[Stream index: 37]
Sequence number: 49681 (relative sequence number)
[Next sequence number: 50404 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x2d11 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 723]
TCP segment data (723 bytes)
[37 Reassembled TCP Segments (50403 bytes): #3444(1380), #3445(1380), #3447(1380), #3448(1380), #3450(1380), #3451(1380), #3453(1380), #3454(1380), #3456(1380), #3457(1380), #3459(1380), #3460(1380), #3462(1380), #3463(1380), #3465(1380), #]
[Frame: 3444, payload: 0-1379 (1380 bytes)]
[Frame: 3445, payload: 1380-2759 (1380 bytes)]
[Frame: 3447, payload: 2760-4139 (1380 bytes)]
[Frame: 3448, payload: 4140-5519 (1380 bytes)]
[Frame: 3450, payload: 5520-6899 (1380 bytes)]
[Frame: 3451, payload: 6900-8279 (1380 bytes)]
[Frame: 3453, payload: 8280-9659 (1380 bytes)]
[Frame: 3454, payload: 9660-11039 (1380 bytes)]
[Frame: 3456, payload: 11040-12419 (1380 bytes)]
[Frame: 3457, payload: 12420-13799 (1380 bytes)]
[Frame: 3459, payload: 13800-15179 (1380 bytes)]
[Frame: 3460, payload: 15180-16559 (1380 bytes)]
[Frame: 3462, payload: 16560-17939 (1380 bytes)]
[Frame: 3463, payload: 17940-19319 (1380 bytes)]
[Frame: 3465, payload: 19320-20699 (1380 bytes)]
[Frame: 3466, payload: 20700-22079 (1380 bytes)]
[Frame: 3468, payload: 22080-23459 (1380 bytes)]
[Frame: 3469, payload: 23460-24839 (1380 bytes)]
[Frame: 3471, payload: 24840-26219 (1380 bytes)]
[Frame: 3472, payload: 26220-27599 (1380 bytes)]
[Frame: 3474, payload: 27600-28979 (1380 bytes)]
[Frame: 3475, payload: 28980-30359 (1380 bytes)]
[Frame: 3477, payload: 30360-31739 (1380 bytes)]
[Frame: 3478, payload: 31740-33119 (1380 bytes)]
[Frame: 3480, payload: 33120-34499 (1380 bytes)]
[Frame: 3481, payload: 34500-35879 (1380 bytes)]
[Frame: 3483, payload: 35880-37259 (1380 bytes)]
[Frame: 3484, payload: 37260-38639 (1380 bytes)]
[Frame: 3486, payload: 38640-40019 (1380 bytes)]
[Frame: 3487, payload: 40020-41399 (1380 bytes)]
[Frame: 3489, payload: 41400-42779 (1380 bytes)]
[Frame: 3490, payload: 42780-44159 (1380 bytes)]
[Frame: 3492, payload: 44160-45539 (1380 bytes)]
[Frame: 3493, payload: 45540-46919 (1380 bytes)]
[Frame: 3495, payload: 46920-48299 (1380 bytes)]
[Frame: 3496, payload: 48300-49679 (1380 bytes)]
[Frame: 3498, payload: 49680-50402 (723 bytes)]
[Segment count: 37]
[Reassembled TCP length: 50403]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:45 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50063\r\n
[Content length: 50063]
Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:45 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 87\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5629
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 424
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 24
Remaining segment data (22 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3500 2012-06-20 08:39:05.072908 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 3500: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:05.072908000 GMT Daylight Time
Epoch Time: 1340177945.072908000 seconds
[Time delta from previous captured frame: 0.000102000 seconds]
[Time delta from previous displayed frame: 0.000429000 seconds]
[Time since reference or first frame: 37.051122000 seconds]
Frame Number: 3500
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x26d8 (9944)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd4f7 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 662, Ack: 50404, Len: 237
Source port: combox-web-acc (2534)
Destination port: http (80)
[Stream index: 37]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 50404 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0x8f1c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #3499(199), #3500(237)]
[Frame: 3499, payload: 0-198 (199 bytes)]
[Frame: 3500, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3565 2012-06-20 08:39:05.552974 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3565: 1304 bytes on wire (10432 bits), 1304 bytes captured (10432 bits)
Arrival Time: Jun 20, 2012 08:39:05.552974000 GMT Daylight Time
Epoch Time: 1340177945.552974000 seconds
[Time delta from previous captured frame: 0.000049000 seconds]
[Time delta from previous displayed frame: 0.480066000 seconds]
[Time since reference or first frame: 37.531188000 seconds]
Frame Number: 3565
Frame Length: 1304 bytes (10432 bits)
Capture Length: 1304 bytes (10432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1290
Identification: 0x799c (31132)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xca3e [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: combox-web-acc (2534), Seq: 99557, Ack: 899, Len: 1250
Source port: http (80)
Destination port: combox-web-acc (2534)
[Stream index: 37]
Sequence number: 99557 (relative sequence number)
[Next sequence number: 100807 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x2f88 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2630]
TCP segment data (1250 bytes)
[38 Reassembled TCP Segments (50403 bytes): #3507(1380), #3508(1380), #3510(1380), #3511(1380), #3513(1380), #3514(1380), #3516(1380), #3517(513), #3519(1380), #3520(1380), #3522(1380), #3523(1380), #3525(1380), #3526(340), #3528(1380), #35]
[Frame: 3507, payload: 0-1379 (1380 bytes)]
[Frame: 3508, payload: 1380-2759 (1380 bytes)]
[Frame: 3510, payload: 2760-4139 (1380 bytes)]
[Frame: 3511, payload: 4140-5519 (1380 bytes)]
[Frame: 3513, payload: 5520-6899 (1380 bytes)]
[Frame: 3514, payload: 6900-8279 (1380 bytes)]
[Frame: 3516, payload: 8280-9659 (1380 bytes)]
[Frame: 3517, payload: 9660-10172 (513 bytes)]
[Frame: 3519, payload: 10173-11552 (1380 bytes)]
[Frame: 3520, payload: 11553-12932 (1380 bytes)]
[Frame: 3522, payload: 12933-14312 (1380 bytes)]
[Frame: 3523, payload: 14313-15692 (1380 bytes)]
[Frame: 3525, payload: 15693-17072 (1380 bytes)]
[Frame: 3526, payload: 17073-17412 (340 bytes)]
[Frame: 3528, payload: 17413-18792 (1380 bytes)]
[Frame: 3529, payload: 18793-20172 (1380 bytes)]
[Frame: 3531, payload: 20173-21552 (1380 bytes)]
[Frame: 3532, payload: 21553-22932 (1380 bytes)]
[Frame: 3534, payload: 22933-24312 (1380 bytes)]
[Frame: 3535, payload: 24313-25692 (1380 bytes)]
[Frame: 3537, payload: 25693-27072 (1380 bytes)]
[Frame: 3538, payload: 27073-28452 (1380 bytes)]
[Frame: 3543, payload: 28453-29832 (1380 bytes)]
[Frame: 3544, payload: 29833-31212 (1380 bytes)]
[Frame: 3546, payload: 31213-32592 (1380 bytes)]
[Frame: 3547, payload: 32593-33972 (1380 bytes)]
[Frame: 3549, payload: 33973-35352 (1380 bytes)]
[Frame: 3550, payload: 35353-36732 (1380 bytes)]
[Frame: 3552, payload: 36733-38112 (1380 bytes)]
[Frame: 3553, payload: 38113-39492 (1380 bytes)]
[Frame: 3555, payload: 39493-40872 (1380 bytes)]
[Frame: 3556, payload: 40873-42252 (1380 bytes)]
[Frame: 3558, payload: 42253-43632 (1380 bytes)]
[Frame: 3559, payload: 43633-45012 (1380 bytes)]
[Frame: 3561, payload: 45013-46392 (1380 bytes)]
[Frame: 3562, payload: 46393-47772 (1380 bytes)]
[Frame: 3564, payload: 47773-49152 (1380 bytes)]
[Frame: 3565, payload: 49153-50402 (1250 bytes)]
[Segment count: 38]
[Reassembled TCP length: 50403]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:46 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50063\r\n
[Content length: 50063]
Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:46 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 87\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5629
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 424
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 24
Remaining segment data (22 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3568 2012-06-20 08:39:05.553328 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 3568: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:05.553328000 GMT Daylight Time
Epoch Time: 1340177945.553328000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.000354000 seconds]
[Time since reference or first frame: 37.531542000 seconds]
Frame Number: 3568
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x26ed (9965)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd4e2 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 1098, Ack: 100807, Len: 237
Source port: combox-web-acc (2534)
Destination port: http (80)
[Stream index: 37]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 100807 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc881 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #3567(199), #3568(237)]
[Frame: 3567, payload: 0-198 (199 bytes)]
[Frame: 3568, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3631 2012-06-20 08:39:06.010821 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3631: 760 bytes on wire (6080 bits), 760 bytes captured (6080 bits)
Arrival Time: Jun 20, 2012 08:39:06.010821000 GMT Daylight Time
Epoch Time: 1340177946.010821000 seconds
[Time delta from previous captured frame: 0.000015000 seconds]
[Time delta from previous displayed frame: 0.457493000 seconds]
[Time since reference or first frame: 37.989035000 seconds]
Frame Number: 3631
Frame Length: 760 bytes (6080 bits)
Capture Length: 760 bytes (6080 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 746
Identification: 0x79c5 (31173)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xcc35 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: combox-web-acc (2534), Seq: 150504, Ack: 1335, Len: 706
Source port: http (80)
Destination port: combox-web-acc (2534)
[Stream index: 37]
Sequence number: 150504 (relative sequence number)
[Next sequence number: 151210 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x0495 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 706]
TCP segment data (706 bytes)
[39 Reassembled TCP Segments (50403 bytes): #3573(1380), #3574(1380), #3576(1380), #3577(1380), #3579(1380), #3580(1380), #3582(1380), #3583(1380), #3585(1380), #3586(1380), #3588(717), #3589(1380), #3591(1380), #3592(1380), #3594(1380), #3]
[Frame: 3573, payload: 0-1379 (1380 bytes)]
[Frame: 3574, payload: 1380-2759 (1380 bytes)]
[Frame: 3576, payload: 2760-4139 (1380 bytes)]
[Frame: 3577, payload: 4140-5519 (1380 bytes)]
[Frame: 3579, payload: 5520-6899 (1380 bytes)]
[Frame: 3580, payload: 6900-8279 (1380 bytes)]
[Frame: 3582, payload: 8280-9659 (1380 bytes)]
[Frame: 3583, payload: 9660-11039 (1380 bytes)]
[Frame: 3585, payload: 11040-12419 (1380 bytes)]
[Frame: 3586, payload: 12420-13799 (1380 bytes)]
[Frame: 3588, payload: 13800-14516 (717 bytes)]
[Frame: 3589, payload: 14517-15896 (1380 bytes)]
[Frame: 3591, payload: 15897-17276 (1380 bytes)]
[Frame: 3592, payload: 17277-18656 (1380 bytes)]
[Frame: 3594, payload: 18657-20036 (1380 bytes)]
[Frame: 3595, payload: 20037-20308 (272 bytes)]
[Frame: 3597, payload: 20309-21688 (1380 bytes)]
[Frame: 3598, payload: 21689-23068 (1380 bytes)]
[Frame: 3600, payload: 23069-24448 (1380 bytes)]
[Frame: 3601, payload: 24449-25828 (1380 bytes)]
[Frame: 3603, payload: 25829-27208 (1380 bytes)]
[Frame: 3604, payload: 27209-28588 (1380 bytes)]
[Frame: 3606, payload: 28589-28996 (408 bytes)]
[Frame: 3608, payload: 28997-30376 (1380 bytes)]
[Frame: 3610, payload: 30377-31756 (1380 bytes)]
[Frame: 3611, payload: 31757-33136 (1380 bytes)]
[Frame: 3613, payload: 33137-34516 (1380 bytes)]
[Frame: 3614, payload: 34517-35896 (1380 bytes)]
[Frame: 3616, payload: 35897-37276 (1380 bytes)]
[Frame: 3617, payload: 37277-38656 (1380 bytes)]
[Frame: 3619, payload: 38657-40036 (1380 bytes)]
[Frame: 3620, payload: 40037-41416 (1380 bytes)]
[Frame: 3622, payload: 41417-42796 (1380 bytes)]
[Frame: 3623, payload: 42797-44176 (1380 bytes)]
[Frame: 3625, payload: 44177-45556 (1380 bytes)]
[Frame: 3626, payload: 45557-46936 (1380 bytes)]
[Frame: 3628, payload: 46937-48316 (1380 bytes)]
[Frame: 3629, payload: 48317-49696 (1380 bytes)]
[Frame: 3631, payload: 49697-50402 (706 bytes)]
[Segment count: 39]
[Reassembled TCP length: 50403]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:46 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50063\r\n
[Content length: 50063]
Last-Modified: Sun, 01 Nov 2009 09:06:06 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:46 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 87\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5629
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4417
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 424
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 24
Remaining segment data (22 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3632 2012-06-20 08:39:06.011087 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1
Frame 3632: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:06.011087000 GMT Daylight Time
Epoch Time: 1340177946.011087000 seconds
[Time delta from previous captured frame: 0.000266000 seconds]
[Time delta from previous displayed frame: 0.000266000 seconds]
[Time since reference or first frame: 37.989301000 seconds]
Frame Number: 3632
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2701 (9985)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd536 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: combox-web-acc (2534), Dst Port: http (80), Seq: 1335, Ack: 151210, Len: 133
Source port: combox-web-acc (2534)
Destination port: http (80)
[Stream index: 37]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 151210 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0x313d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 3631]
[The RTT to ACK the segment was: 0.000266000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0001.jpg?w=424&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0001.jpg?w=424&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0001.jpg?w=424&h=640]
No. Time Source Destination Protocol Info
3644 2012-06-20 08:39:06.298887 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 3644: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:06.298887000 GMT Daylight Time
Epoch Time: 1340177946.298887000 seconds
[Time delta from previous captured frame: 0.000130000 seconds]
[Time delta from previous displayed frame: 0.287800000 seconds]
[Time since reference or first frame: 38.277101000 seconds]
Frame Number: 3644
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2707 (9991)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd4c8 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: madcap (2535)
Destination port: http (80)
[Stream index: 38]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x85aa [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #3643(225), #3644(237)]
[Frame: 3643, payload: 0-224 (225 bytes)]
[Frame: 3644, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3704 2012-06-20 08:39:06.863526 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3704: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits)
Arrival Time: Jun 20, 2012 08:39:06.863526000 GMT Daylight Time
Epoch Time: 1340177946.863526000 seconds
[Time delta from previous captured frame: 0.000017000 seconds]
[Time delta from previous displayed frame: 0.564639000 seconds]
[Time since reference or first frame: 38.841740000 seconds]
Frame Number: 3704
Frame Length: 210 bytes (1680 bits)
Capture Length: 210 bytes (1680 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 196
Identification: 0x8163 (33123)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xc6bd [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: madcap (2535), Seq: 48406, Ack: 463, Len: 156
Source port: http (80)
Destination port: madcap (2535)
[Stream index: 38]
Sequence number: 48406 (relative sequence number)
[Next sequence number: 48562 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xde52 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 156]
TCP segment data (156 bytes)
[37 Reassembled TCP Segments (48561 bytes): #3648(1380), #3649(105), #3651(1380), #3652(1380), #3654(1380), #3655(1380), #3657(1380), #3658(1380), #3660(1380), #3661(1380), #3663(1380), #3664(1380), #3666(1380), #3667(1380), #3669(1380), #3]
[Frame: 3648, payload: 0-1379 (1380 bytes)]
[Frame: 3649, payload: 1380-1484 (105 bytes)]
[Frame: 3651, payload: 1485-2864 (1380 bytes)]
[Frame: 3652, payload: 2865-4244 (1380 bytes)]
[Frame: 3654, payload: 4245-5624 (1380 bytes)]
[Frame: 3655, payload: 5625-7004 (1380 bytes)]
[Frame: 3657, payload: 7005-8384 (1380 bytes)]
[Frame: 3658, payload: 8385-9764 (1380 bytes)]
[Frame: 3660, payload: 9765-11144 (1380 bytes)]
[Frame: 3661, payload: 11145-12524 (1380 bytes)]
[Frame: 3663, payload: 12525-13904 (1380 bytes)]
[Frame: 3664, payload: 13905-15284 (1380 bytes)]
[Frame: 3666, payload: 15285-16664 (1380 bytes)]
[Frame: 3667, payload: 16665-18044 (1380 bytes)]
[Frame: 3669, payload: 18045-19424 (1380 bytes)]
[Frame: 3670, payload: 19425-20804 (1380 bytes)]
[Frame: 3672, payload: 20805-22184 (1380 bytes)]
[Frame: 3673, payload: 22185-23564 (1380 bytes)]
[Frame: 3675, payload: 23565-24944 (1380 bytes)]
[Frame: 3676, payload: 24945-26324 (1380 bytes)]
[Frame: 3678, payload: 26325-27704 (1380 bytes)]
[Frame: 3679, payload: 27705-29084 (1380 bytes)]
[Frame: 3683, payload: 29085-30464 (1380 bytes)]
[Frame: 3684, payload: 30465-31844 (1380 bytes)]
[Frame: 3686, payload: 31845-33224 (1380 bytes)]
[Frame: 3687, payload: 33225-34604 (1380 bytes)]
[Frame: 3689, payload: 34605-35984 (1380 bytes)]
[Frame: 3690, payload: 35985-37364 (1380 bytes)]
[Frame: 3692, payload: 37365-38744 (1380 bytes)]
[Frame: 3693, payload: 38745-40124 (1380 bytes)]
[Frame: 3695, payload: 40125-41504 (1380 bytes)]
[Frame: 3696, payload: 41505-42884 (1380 bytes)]
[Frame: 3698, payload: 42885-44264 (1380 bytes)]
[Frame: 3699, payload: 44265-45644 (1380 bytes)]
[Frame: 3701, payload: 45645-47024 (1380 bytes)]
[Frame: 3702, payload: 47025-48404 (1380 bytes)]
[Frame: 3704, payload: 48405-48560 (156 bytes)]
[Segment count: 37]
[Reassembled TCP length: 48561]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:47 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48221\r\n
[Content length: 48221]
Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:47 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5828
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 429
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 23
Remaining segment data (21 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3706 2012-06-20 08:39:06.863974 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 3706: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:06.863974000 GMT Daylight Time
Epoch Time: 1340177946.863974000 seconds
[Time delta from previous captured frame: 0.000101000 seconds]
[Time delta from previous displayed frame: 0.000448000 seconds]
[Time since reference or first frame: 38.842188000 seconds]
Frame Number: 3706
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x271b (10011)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd4b4 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 662, Ack: 48562, Len: 237
Source port: madcap (2535)
Destination port: http (80)
[Stream index: 38]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 48562 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc644 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #3705(199), #3706(237)]
[Frame: 3705, payload: 0-198 (199 bytes)]
[Frame: 3706, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3768 2012-06-20 08:39:07.416207 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3768: 842 bytes on wire (6736 bits), 842 bytes captured (6736 bits)
Arrival Time: Jun 20, 2012 08:39:07.416207000 GMT Daylight Time
Epoch Time: 1340177947.416207000 seconds
[Time delta from previous captured frame: 0.000005000 seconds]
[Time delta from previous displayed frame: 0.552233000 seconds]
[Time since reference or first frame: 39.394421000 seconds]
Frame Number: 3768
Frame Length: 842 bytes (6736 bits)
Capture Length: 842 bytes (6736 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 828
Identification: 0x818b (33163)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xc41d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: madcap (2535), Seq: 96335, Ack: 899, Len: 788
Source port: http (80)
Destination port: madcap (2535)
[Stream index: 38]
Sequence number: 96335 (relative sequence number)
[Next sequence number: 97123 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x19c3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2168]
TCP segment data (788 bytes)
[38 Reassembled TCP Segments (48561 bytes): #3710(1380), #3711(1380), #3713(1380), #3714(1380), #3716(1380), #3717(1380), #3719(445), #3720(1380), #3722(1380), #3723(1380), #3725(1380), #3726(272), #3728(1380), #3729(1380), #3731(136), #373]
[Frame: 3710, payload: 0-1379 (1380 bytes)]
[Frame: 3711, payload: 1380-2759 (1380 bytes)]
[Frame: 3713, payload: 2760-4139 (1380 bytes)]
[Frame: 3714, payload: 4140-5519 (1380 bytes)]
[Frame: 3716, payload: 5520-6899 (1380 bytes)]
[Frame: 3717, payload: 6900-8279 (1380 bytes)]
[Frame: 3719, payload: 8280-8724 (445 bytes)]
[Frame: 3720, payload: 8725-10104 (1380 bytes)]
[Frame: 3722, payload: 10105-11484 (1380 bytes)]
[Frame: 3723, payload: 11485-12864 (1380 bytes)]
[Frame: 3725, payload: 12865-14244 (1380 bytes)]
[Frame: 3726, payload: 14245-14516 (272 bytes)]
[Frame: 3728, payload: 14517-15896 (1380 bytes)]
[Frame: 3729, payload: 15897-17276 (1380 bytes)]
[Frame: 3731, payload: 17277-17412 (136 bytes)]
[Frame: 3733, payload: 17413-18792 (1380 bytes)]
[Frame: 3735, payload: 18793-20172 (1380 bytes)]
[Frame: 3736, payload: 20173-21552 (1380 bytes)]
[Frame: 3738, payload: 21553-22932 (1380 bytes)]
[Frame: 3739, payload: 22933-24312 (1380 bytes)]
[Frame: 3741, payload: 24313-25692 (1380 bytes)]
[Frame: 3742, payload: 25693-27072 (1380 bytes)]
[Frame: 3744, payload: 27073-28452 (1380 bytes)]
[Frame: 3745, payload: 28453-29832 (1380 bytes)]
[Frame: 3747, payload: 29833-31212 (1380 bytes)]
[Frame: 3748, payload: 31213-32592 (1380 bytes)]
[Frame: 3750, payload: 32593-33972 (1380 bytes)]
[Frame: 3751, payload: 33973-35352 (1380 bytes)]
[Frame: 3753, payload: 35353-36732 (1380 bytes)]
[Frame: 3754, payload: 36733-38112 (1380 bytes)]
[Frame: 3756, payload: 38113-39492 (1380 bytes)]
[Frame: 3757, payload: 39493-40872 (1380 bytes)]
[Frame: 3759, payload: 40873-42252 (1380 bytes)]
[Frame: 3760, payload: 42253-43632 (1380 bytes)]
[Frame: 3764, payload: 43633-45012 (1380 bytes)]
[Frame: 3765, payload: 45013-46392 (1380 bytes)]
[Frame: 3767, payload: 46393-47772 (1380 bytes)]
[Frame: 3768, payload: 47773-48560 (788 bytes)]
[Segment count: 38]
[Reassembled TCP length: 48561]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:48 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48221\r\n
[Content length: 48221]
Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:48 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5828
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 429
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 23
Remaining segment data (21 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3771 2012-06-20 08:39:07.416601 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 3771: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:07.416601000 GMT Daylight Time
Epoch Time: 1340177947.416601000 seconds
[Time delta from previous captured frame: 0.000135000 seconds]
[Time delta from previous displayed frame: 0.000394000 seconds]
[Time since reference or first frame: 39.394815000 seconds]
Frame Number: 3771
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2730 (10032)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd49f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 1098, Ack: 97123, Len: 237
Source port: madcap (2535)
Destination port: http (80)
[Stream index: 38]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 97123 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x06df [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #3770(199), #3771(237)]
[Frame: 3770, payload: 0-198 (199 bytes)]
[Frame: 3771, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3833 2012-06-20 08:39:07.846154 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3833: 1338 bytes on wire (10704 bits), 1338 bytes captured (10704 bits)
Arrival Time: Jun 20, 2012 08:39:07.846154000 GMT Daylight Time
Epoch Time: 1340177947.846154000 seconds
[Time delta from previous captured frame: 0.000121000 seconds]
[Time delta from previous displayed frame: 0.429553000 seconds]
[Time since reference or first frame: 39.824368000 seconds]
Frame Number: 3833
Frame Length: 1338 bytes (10704 bits)
Capture Length: 1338 bytes (10704 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1324
Identification: 0x81b2 (33202)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xc206 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: madcap (2535), Seq: 144400, Ack: 1335, Len: 1284
Source port: http (80)
Destination port: madcap (2535)
[Stream index: 38]
Sequence number: 144400 (relative sequence number)
[Next sequence number: 145684 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x38fa [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1284]
TCP segment data (1284 bytes)
[37 Reassembled TCP Segments (48561 bytes): #3777(1380), #3778(1380), #3780(1380), #3781(1380), #3783(1380), #3784(377), #3786(1380), #3787(1380), #3789(1380), #3790(1380), #3792(1380), #3793(1380), #3795(1380), #3796(1380), #3798(1380), #3]
[Frame: 3777, payload: 0-1379 (1380 bytes)]
[Frame: 3778, payload: 1380-2759 (1380 bytes)]
[Frame: 3780, payload: 2760-4139 (1380 bytes)]
[Frame: 3781, payload: 4140-5519 (1380 bytes)]
[Frame: 3783, payload: 5520-6899 (1380 bytes)]
[Frame: 3784, payload: 6900-7276 (377 bytes)]
[Frame: 3786, payload: 7277-8656 (1380 bytes)]
[Frame: 3787, payload: 8657-10036 (1380 bytes)]
[Frame: 3789, payload: 10037-11416 (1380 bytes)]
[Frame: 3790, payload: 11417-12796 (1380 bytes)]
[Frame: 3792, payload: 12797-14176 (1380 bytes)]
[Frame: 3793, payload: 14177-15556 (1380 bytes)]
[Frame: 3795, payload: 15557-16936 (1380 bytes)]
[Frame: 3796, payload: 16937-18316 (1380 bytes)]
[Frame: 3798, payload: 18317-19696 (1380 bytes)]
[Frame: 3799, payload: 19697-21076 (1380 bytes)]
[Frame: 3801, payload: 21077-21756 (680 bytes)]
[Frame: 3802, payload: 21757-23136 (1380 bytes)]
[Frame: 3804, payload: 23137-24516 (1380 bytes)]
[Frame: 3805, payload: 24517-25896 (1380 bytes)]
[Frame: 3807, payload: 25897-27276 (1380 bytes)]
[Frame: 3808, payload: 27277-28656 (1380 bytes)]
[Frame: 3810, payload: 28657-30036 (1380 bytes)]
[Frame: 3811, payload: 30037-31416 (1380 bytes)]
[Frame: 3813, payload: 31417-32796 (1380 bytes)]
[Frame: 3814, payload: 32797-34176 (1380 bytes)]
[Frame: 3816, payload: 34177-35556 (1380 bytes)]
[Frame: 3817, payload: 35557-36236 (680 bytes)]
[Frame: 3821, payload: 36237-37616 (1380 bytes)]
[Frame: 3822, payload: 37617-38996 (1380 bytes)]
[Frame: 3824, payload: 38997-40376 (1380 bytes)]
[Frame: 3825, payload: 40377-41756 (1380 bytes)]
[Frame: 3827, payload: 41757-43136 (1380 bytes)]
[Frame: 3828, payload: 43137-44516 (1380 bytes)]
[Frame: 3830, payload: 44517-45896 (1380 bytes)]
[Frame: 3831, payload: 45897-47276 (1380 bytes)]
[Frame: 3833, payload: 47277-48560 (1284 bytes)]
[Segment count: 37]
[Reassembled TCP length: 48561]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:48 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48221\r\n
[Content length: 48221]
Last-Modified: Sun, 01 Nov 2009 09:29:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:48 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5828
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4616
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 429
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 23
Remaining segment data (21 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3834 2012-06-20 08:39:07.846525 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1
Frame 3834: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:07.846525000 GMT Daylight Time
Epoch Time: 1340177947.846525000 seconds
[Time delta from previous captured frame: 0.000371000 seconds]
[Time delta from previous displayed frame: 0.000371000 seconds]
[Time since reference or first frame: 39.824739000 seconds]
Frame Number: 3834
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2743 (10051)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd4f4 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: madcap (2535), Dst Port: http (80), Seq: 1335, Ack: 145684, Len: 133
Source port: madcap (2535)
Destination port: http (80)
[Stream index: 38]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 145684 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0x75c6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 3833]
[The RTT to ACK the segment was: 0.000371000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0014.jpg?w=429&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0014.jpg?w=429&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0014.jpg?w=429&h=640]
No. Time Source Destination Protocol Info
3859 2012-06-20 08:39:08.337431 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 3859: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:08.337431000 GMT Daylight Time
Epoch Time: 1340177948.337431000 seconds
[Time delta from previous captured frame: 0.000127000 seconds]
[Time delta from previous displayed frame: 0.490906000 seconds]
[Time since reference or first frame: 40.315645000 seconds]
Frame Number: 3859
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2750 (10064)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd47f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 225, Ack: 1, Len: 237
Source port: upgrade (2537)
Destination port: http (80)
[Stream index: 41]
Sequence number: 225 (relative sequence number)
[Next sequence number: 462 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x1d0d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 461]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (461 bytes): #3858(224), #3859(237)]
[Frame: 3858, payload: 0-223 (224 bytes)]
[Frame: 3859, payload: 224-460 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 461]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3866 2012-06-20 08:39:08.668052 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3866: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits)
Arrival Time: Jun 20, 2012 08:39:08.668052000 GMT Daylight Time
Epoch Time: 1340177948.668052000 seconds
[Time delta from previous captured frame: 0.000032000 seconds]
[Time delta from previous displayed frame: 0.330621000 seconds]
[Time since reference or first frame: 40.646266000 seconds]
Frame Number: 3866
Frame Length: 250 bytes (2000 bits)
Capture Length: 250 bytes (2000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 236
Identification: 0x390d (14605)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0eec [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: upgrade (2537), Seq: 4141, Ack: 462, Len: 196
Source port: http (80)
Destination port: upgrade (2537)
[Stream index: 41]
Sequence number: 4141 (relative sequence number)
[Next sequence number: 4337 (relative sequence number)]
Acknowledgement number: 462 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x9d78 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1576]
TCP segment data (196 bytes)
[4 Reassembled TCP Segments (4336 bytes): #3862(1380), #3863(1380), #3865(1380), #3866(196)]
[Frame: 3862, payload: 0-1379 (1380 bytes)]
[Frame: 3863, payload: 1380-2759 (1380 bytes)]
[Frame: 3865, payload: 2760-4139 (1380 bytes)]
[Frame: 3866, payload: 4140-4335 (196 bytes)]
[Segment count: 4]
[Reassembled TCP length: 4336]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:49 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 3997\r\n
[Content length: 3997]
Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:49 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 1106
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 64
Samples per line: 134
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3869 2012-06-20 08:39:08.668386 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 3869: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:08.668386000 GMT Daylight Time
Epoch Time: 1340177948.668386000 seconds
[Time delta from previous captured frame: 0.000061000 seconds]
[Time delta from previous displayed frame: 0.000334000 seconds]
[Time since reference or first frame: 40.646600000 seconds]
Frame Number: 3869
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2754 (10068)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd47b [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 660, Ack: 4337, Len: 237
Source port: upgrade (2537)
Destination port: http (80)
[Stream index: 41]
Sequence number: 660 (relative sequence number)
[Next sequence number: 897 (relative sequence number)]
Acknowledgement number: 4337 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x0a6a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 435]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (435 bytes): #3868(198), #3869(237)]
[Frame: 3868, payload: 0-197 (198 bytes)]
[Frame: 3869, payload: 198-434 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 435]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3878 2012-06-20 08:39:08.960975 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3878: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits)
Arrival Time: Jun 20, 2012 08:39:08.960975000 GMT Daylight Time
Epoch Time: 1340177948.960975000 seconds
[Time delta from previous captured frame: 0.000045000 seconds]
[Time delta from previous displayed frame: 0.292589000 seconds]
[Time since reference or first frame: 40.939189000 seconds]
Frame Number: 3878
Frame Length: 250 bytes (2000 bits)
Capture Length: 250 bytes (2000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 236
Identification: 0x3913 (14611)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0ee6 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: upgrade (2537), Seq: 8477, Ack: 897, Len: 196
Source port: http (80)
Destination port: upgrade (2537)
[Stream index: 41]
Sequence number: 8477 (relative sequence number)
[Next sequence number: 8673 (relative sequence number)]
Acknowledgement number: 897 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x8ad1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1576]
TCP segment data (196 bytes)
[4 Reassembled TCP Segments (4336 bytes): #3874(1380), #3875(1380), #3877(1380), #3878(196)]
[Frame: 3874, payload: 0-1379 (1380 bytes)]
[Frame: 3875, payload: 1380-2759 (1380 bytes)]
[Frame: 3877, payload: 2760-4139 (1380 bytes)]
[Frame: 3878, payload: 4140-4335 (196 bytes)]
[Segment count: 4]
[Reassembled TCP length: 4336]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:49 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 3997\r\n
[Content length: 3997]
Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:49 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 1106
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 64
Samples per line: 134
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3881 2012-06-20 08:39:08.961322 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 3881: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:08.961322000 GMT Daylight Time
Epoch Time: 1340177948.961322000 seconds
[Time delta from previous captured frame: 0.000100000 seconds]
[Time delta from previous displayed frame: 0.000347000 seconds]
[Time since reference or first frame: 40.939536000 seconds]
Frame Number: 3881
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2758 (10072)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd477 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 1095, Ack: 8673, Len: 237
Source port: upgrade (2537)
Destination port: http (80)
[Stream index: 41]
Sequence number: 1095 (relative sequence number)
[Next sequence number: 1332 (relative sequence number)]
Acknowledgement number: 8673 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xf7c6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 435]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (435 bytes): #3880(198), #3881(237)]
[Frame: 3880, payload: 0-197 (198 bytes)]
[Frame: 3881, payload: 198-434 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 435]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3891 2012-06-20 08:39:09.245792 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3891: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits)
Arrival Time: Jun 20, 2012 08:39:09.245792000 GMT Daylight Time
Epoch Time: 1340177949.245792000 seconds
[Time delta from previous captured frame: 0.000024000 seconds]
[Time delta from previous displayed frame: 0.284470000 seconds]
[Time since reference or first frame: 41.224006000 seconds]
Frame Number: 3891
Frame Length: 250 bytes (2000 bits)
Capture Length: 250 bytes (2000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 236
Identification: 0x3919 (14617)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0ee0 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: upgrade (2537), Seq: 12813, Ack: 1332, Len: 196
Source port: http (80)
Destination port: upgrade (2537)
[Stream index: 41]
Sequence number: 12813 (relative sequence number)
[Next sequence number: 13009 (relative sequence number)]
Acknowledgement number: 1332 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x7829 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1576]
TCP segment data (196 bytes)
[4 Reassembled TCP Segments (4336 bytes): #3887(1380), #3888(1380), #3890(1380), #3891(196)]
[Frame: 3887, payload: 0-1379 (1380 bytes)]
[Frame: 3888, payload: 1380-2759 (1380 bytes)]
[Frame: 3890, payload: 2760-4139 (1380 bytes)]
[Frame: 3891, payload: 4140-4335 (196 bytes)]
[Segment count: 4]
[Reassembled TCP length: 4336]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:50 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 3997\r\n
[Content length: 3997]
Last-Modified: Sun, 01 Nov 2009 09:50:18 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:50 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 1106
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 64
Samples per line: 134
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3893 2012-06-20 08:39:09.246078 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1
Frame 3893: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Arrival Time: Jun 20, 2012 08:39:09.246078000 GMT Daylight Time
Epoch Time: 1340177949.246078000 seconds
[Time delta from previous captured frame: 0.000272000 seconds]
[Time delta from previous displayed frame: 0.000286000 seconds]
[Time since reference or first frame: 41.224292000 seconds]
Frame Number: 3893
Frame Length: 186 bytes (1488 bits)
Capture Length: 186 bytes (1488 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 172
Identification: 0x275b (10075)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd4dd [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: upgrade (2537), Dst Port: http (80), Seq: 1332, Ack: 13009, Len: 132
Source port: upgrade (2537)
Destination port: http (80)
[Stream index: 41]
Sequence number: 1332 (relative sequence number)
[Next sequence number: 1464 (relative sequence number)]
Acknowledgement number: 13009 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xffb9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 132]
Hypertext Transfer Protocol
HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0020.jpg?w=134&h=64 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0020.jpg?w=134&h=64
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0020.jpg?w=134&h=64]
No. Time Source Destination Protocol Info
3906 2012-06-20 08:39:09.516294 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 3906: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:09.516294000 GMT Daylight Time
Epoch Time: 1340177949.516294000 seconds
[Time delta from previous captured frame: 0.000101000 seconds]
[Time delta from previous displayed frame: 0.270216000 seconds]
[Time since reference or first frame: 41.494508000 seconds]
Frame Number: 3906
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2761 (10081)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd46e [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: vnwk-prapi (2538)
Destination port: http (80)
[Stream index: 42]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x173d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #3905(225), #3906(237)]
[Frame: 3905, payload: 0-224 (225 bytes)]
[Frame: 3906, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
3967 2012-06-20 08:39:10.107330 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 3967: 1048 bytes on wire (8384 bits), 1048 bytes captured (8384 bits)
Arrival Time: Jun 20, 2012 08:39:10.107330000 GMT Daylight Time
Epoch Time: 1340177950.107330000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.591036000 seconds]
[Time since reference or first frame: 42.085544000 seconds]
Frame Number: 3967
Frame Length: 1048 bytes (8384 bits)
Capture Length: 1048 bytes (8384 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1034
Identification: 0x3373 (13171)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x1168 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vnwk-prapi (2538), Seq: 47434, Ack: 463, Len: 994
Source port: http (80)
Destination port: vnwk-prapi (2538)
[Stream index: 42]
Sequence number: 47434 (relative sequence number)
[Next sequence number: 48428 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x3100 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 994]
TCP segment data (994 bytes)
[37 Reassembled TCP Segments (48427 bytes): #3910(1380), #3911(1380), #3913(1380), #3914(241), #3916(1380), #3917(1380), #3919(1380), #3920(1380), #3922(272), #3923(1380), #3926(1380), #3927(1380), #3929(1380), #3930(1380), #3932(1380), #39]
[Frame: 3910, payload: 0-1379 (1380 bytes)]
[Frame: 3911, payload: 1380-2759 (1380 bytes)]
[Frame: 3913, payload: 2760-4139 (1380 bytes)]
[Frame: 3914, payload: 4140-4380 (241 bytes)]
[Frame: 3916, payload: 4381-5760 (1380 bytes)]
[Frame: 3917, payload: 5761-7140 (1380 bytes)]
[Frame: 3919, payload: 7141-8520 (1380 bytes)]
[Frame: 3920, payload: 8521-9900 (1380 bytes)]
[Frame: 3922, payload: 9901-10172 (272 bytes)]
[Frame: 3923, payload: 10173-11552 (1380 bytes)]
[Frame: 3926, payload: 11553-12932 (1380 bytes)]
[Frame: 3927, payload: 12933-14312 (1380 bytes)]
[Frame: 3929, payload: 14313-15692 (1380 bytes)]
[Frame: 3930, payload: 15693-17072 (1380 bytes)]
[Frame: 3932, payload: 17073-18452 (1380 bytes)]
[Frame: 3933, payload: 18453-19832 (1380 bytes)]
[Frame: 3935, payload: 19833-21212 (1380 bytes)]
[Frame: 3936, payload: 21213-22592 (1380 bytes)]
[Frame: 3938, payload: 22593-23972 (1380 bytes)]
[Frame: 3939, payload: 23973-25352 (1380 bytes)]
[Frame: 3941, payload: 25353-26732 (1380 bytes)]
[Frame: 3942, payload: 26733-28112 (1380 bytes)]
[Frame: 3944, payload: 28113-29492 (1380 bytes)]
[Frame: 3945, payload: 29493-30872 (1380 bytes)]
[Frame: 3947, payload: 30873-32252 (1380 bytes)]
[Frame: 3950, payload: 32253-33632 (1380 bytes)]
[Frame: 3952, payload: 33633-35012 (1380 bytes)]
[Frame: 3953, payload: 35013-36392 (1380 bytes)]
[Frame: 3955, payload: 36393-37772 (1380 bytes)]
[Frame: 3956, payload: 37773-39152 (1380 bytes)]
[Frame: 3958, payload: 39153-40532 (1380 bytes)]
[Frame: 3959, payload: 40533-41912 (1380 bytes)]
[Frame: 3961, payload: 41913-43292 (1380 bytes)]
[Frame: 3962, payload: 43293-44672 (1380 bytes)]
[Frame: 3964, payload: 44673-46052 (1380 bytes)]
[Frame: 3965, payload: 46053-47432 (1380 bytes)]
[Frame: 3967, payload: 47433-48426 (994 bytes)]
[Segment count: 37]
[Reassembled TCP length: 48427]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:50 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48087\r\n
[Content length: 48087]
Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:50 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5134
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 405
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
3969 2012-06-20 08:39:10.107824 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 3969: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:10.107824000 GMT Daylight Time
Epoch Time: 1340177950.107824000 seconds
[Time delta from previous captured frame: 0.000127000 seconds]
[Time delta from previous displayed frame: 0.000494000 seconds]
[Time since reference or first frame: 42.086038000 seconds]
Frame Number: 3969
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2775 (10101)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd45a [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 662, Ack: 48428, Len: 237
Source port: vnwk-prapi (2538)
Destination port: http (80)
[Stream index: 42]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 48428 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 254
[Calculated window size: 65024]
[Window size scaling factor: 256]
Checksum: 0x5861 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #3968(199), #3969(237)]
[Frame: 3968, payload: 0-198 (199 bytes)]
[Frame: 3969, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4030 2012-06-20 08:39:10.680140 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4030: 708 bytes on wire (5664 bits), 708 bytes captured (5664 bits)
Arrival Time: Jun 20, 2012 08:39:10.680140000 GMT Daylight Time
Epoch Time: 1340177950.680140000 seconds
[Time delta from previous captured frame: 0.000009000 seconds]
[Time delta from previous displayed frame: 0.572316000 seconds]
[Time since reference or first frame: 42.658354000 seconds]
Frame Number: 4030
Frame Length: 708 bytes (5664 bits)
Capture Length: 708 bytes (5664 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 694
Identification: 0x339b (13211)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x1294 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vnwk-prapi (2538), Seq: 96201, Ack: 899, Len: 654
Source port: http (80)
Destination port: vnwk-prapi (2538)
[Stream index: 42]
Sequence number: 96201 (relative sequence number)
[Next sequence number: 96855 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xb226 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2034]
TCP segment data (654 bytes)
[38 Reassembled TCP Segments (48427 bytes): #3973(1380), #3974(1380), #3976(1380), #3977(241), #3979(1380), #3980(1380), #3982(1380), #3983(1380), #3985(272), #3986(1380), #3988(1380), #3989(1380), #3991(1380), #3992(1380), #3994(340), #399]
[Frame: 3973, payload: 0-1379 (1380 bytes)]
[Frame: 3974, payload: 1380-2759 (1380 bytes)]
[Frame: 3976, payload: 2760-4139 (1380 bytes)]
[Frame: 3977, payload: 4140-4380 (241 bytes)]
[Frame: 3979, payload: 4381-5760 (1380 bytes)]
[Frame: 3980, payload: 5761-7140 (1380 bytes)]
[Frame: 3982, payload: 7141-8520 (1380 bytes)]
[Frame: 3983, payload: 8521-9900 (1380 bytes)]
[Frame: 3985, payload: 9901-10172 (272 bytes)]
[Frame: 3986, payload: 10173-11552 (1380 bytes)]
[Frame: 3988, payload: 11553-12932 (1380 bytes)]
[Frame: 3989, payload: 12933-14312 (1380 bytes)]
[Frame: 3991, payload: 14313-15692 (1380 bytes)]
[Frame: 3992, payload: 15693-17072 (1380 bytes)]
[Frame: 3994, payload: 17073-17412 (340 bytes)]
[Frame: 3997, payload: 17413-18792 (1380 bytes)]
[Frame: 3999, payload: 18793-20172 (1380 bytes)]
[Frame: 4000, payload: 20173-21552 (1380 bytes)]
[Frame: 4002, payload: 21553-22932 (1380 bytes)]
[Frame: 4003, payload: 22933-24312 (1380 bytes)]
[Frame: 4005, payload: 24313-25692 (1380 bytes)]
[Frame: 4006, payload: 25693-27072 (1380 bytes)]
[Frame: 4008, payload: 27073-28452 (1380 bytes)]
[Frame: 4009, payload: 28453-29832 (1380 bytes)]
[Frame: 4011, payload: 29833-31212 (1380 bytes)]
[Frame: 4012, payload: 31213-32592 (1380 bytes)]
[Frame: 4014, payload: 32593-33972 (1380 bytes)]
[Frame: 4015, payload: 33973-35352 (1380 bytes)]
[Frame: 4017, payload: 35353-36732 (1380 bytes)]
[Frame: 4018, payload: 36733-38112 (1380 bytes)]
[Frame: 4020, payload: 38113-39492 (1380 bytes)]
[Frame: 4021, payload: 39493-40872 (1380 bytes)]
[Frame: 4023, payload: 40873-42252 (1380 bytes)]
[Frame: 4024, payload: 42253-43632 (1380 bytes)]
[Frame: 4026, payload: 43633-45012 (1380 bytes)]
[Frame: 4027, payload: 45013-46392 (1380 bytes)]
[Frame: 4029, payload: 46393-47772 (1380 bytes)]
[Frame: 4030, payload: 47773-48426 (654 bytes)]
[Segment count: 38]
[Reassembled TCP length: 48427]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:51 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48087\r\n
[Content length: 48087]
Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:51 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5134
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 405
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4033 2012-06-20 08:39:10.680573 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 4033: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:10.680573000 GMT Daylight Time
Epoch Time: 1340177950.680573000 seconds
[Time delta from previous captured frame: 0.000132000 seconds]
[Time delta from previous displayed frame: 0.000433000 seconds]
[Time since reference or first frame: 42.658787000 seconds]
Frame Number: 4033
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x278a (10122)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd445 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 1098, Ack: 96855, Len: 237
Source port: vnwk-prapi (2538)
Destination port: http (80)
[Stream index: 42]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 96855 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x997d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #4032(199), #4033(237)]
[Frame: 4032, payload: 0-198 (199 bytes)]
[Frame: 4033, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4101 2012-06-20 08:39:11.126571 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4101: 300 bytes on wire (2400 bits), 300 bytes captured (2400 bits)
Arrival Time: Jun 20, 2012 08:39:11.126571000 GMT Daylight Time
Epoch Time: 1340177951.126571000 seconds
[Time delta from previous captured frame: 0.000008000 seconds]
[Time delta from previous displayed frame: 0.445998000 seconds]
[Time since reference or first frame: 43.104785000 seconds]
Frame Number: 4101
Frame Length: 300 bytes (2400 bits)
Capture Length: 300 bytes (2400 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 286
Identification: 0x33c4 (13252)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x1403 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vnwk-prapi (2538), Seq: 145036, Ack: 1335, Len: 246
Source port: http (80)
Destination port: vnwk-prapi (2538)
[Stream index: 42]
Sequence number: 145036 (relative sequence number)
[Next sequence number: 145282 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xcf72 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 246]
TCP segment data (246 bytes)
[39 Reassembled TCP Segments (48427 bytes): #4041(1380), #4042(1380), #4044(1380), #4045(241), #4047(1380), #4048(1380), #4050(1380), #4051(1380), #4053(272), #4054(1380), #4056(1380), #4057(1380), #4059(1380), #4060(1380), #4062(340), #406]
[Frame: 4041, payload: 0-1379 (1380 bytes)]
[Frame: 4042, payload: 1380-2759 (1380 bytes)]
[Frame: 4044, payload: 2760-4139 (1380 bytes)]
[Frame: 4045, payload: 4140-4380 (241 bytes)]
[Frame: 4047, payload: 4381-5760 (1380 bytes)]
[Frame: 4048, payload: 5761-7140 (1380 bytes)]
[Frame: 4050, payload: 7141-8520 (1380 bytes)]
[Frame: 4051, payload: 8521-9900 (1380 bytes)]
[Frame: 4053, payload: 9901-10172 (272 bytes)]
[Frame: 4054, payload: 10173-11552 (1380 bytes)]
[Frame: 4056, payload: 11553-12932 (1380 bytes)]
[Frame: 4057, payload: 12933-14312 (1380 bytes)]
[Frame: 4059, payload: 14313-15692 (1380 bytes)]
[Frame: 4060, payload: 15693-17072 (1380 bytes)]
[Frame: 4062, payload: 17073-17412 (340 bytes)]
[Frame: 4063, payload: 17413-18792 (1380 bytes)]
[Frame: 4065, payload: 18793-20172 (1380 bytes)]
[Frame: 4066, payload: 20173-21552 (1380 bytes)]
[Frame: 4068, payload: 21553-22932 (1380 bytes)]
[Frame: 4069, payload: 22933-24312 (1380 bytes)]
[Frame: 4071, payload: 24313-25692 (1380 bytes)]
[Frame: 4072, payload: 25693-26100 (408 bytes)]
[Frame: 4077, payload: 26101-27480 (1380 bytes)]
[Frame: 4078, payload: 27481-28860 (1380 bytes)]
[Frame: 4080, payload: 28861-30240 (1380 bytes)]
[Frame: 4081, payload: 30241-31620 (1380 bytes)]
[Frame: 4083, payload: 31621-33000 (1380 bytes)]
[Frame: 4084, payload: 33001-34380 (1380 bytes)]
[Frame: 4086, payload: 34381-35760 (1380 bytes)]
[Frame: 4087, payload: 35761-37140 (1380 bytes)]
[Frame: 4089, payload: 37141-38520 (1380 bytes)]
[Frame: 4090, payload: 38521-39900 (1380 bytes)]
[Frame: 4092, payload: 39901-41280 (1380 bytes)]
[Frame: 4093, payload: 41281-42660 (1380 bytes)]
[Frame: 4095, payload: 42661-44040 (1380 bytes)]
[Frame: 4096, payload: 44041-45420 (1380 bytes)]
[Frame: 4098, payload: 45421-46800 (1380 bytes)]
[Frame: 4099, payload: 46801-48180 (1380 bytes)]
[Frame: 4101, payload: 48181-48426 (246 bytes)]
[Segment count: 39]
[Reassembled TCP length: 48427]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:51 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 48087\r\n
[Content length: 48087]
Last-Modified: Sun, 01 Nov 2009 09:52:23 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:51 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5134
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 3922
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 405
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4102 2012-06-20 08:39:11.126799 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1
Frame 4102: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:11.126799000 GMT Daylight Time
Epoch Time: 1340177951.126799000 seconds
[Time delta from previous captured frame: 0.000228000 seconds]
[Time delta from previous displayed frame: 0.000228000 seconds]
[Time since reference or first frame: 43.105013000 seconds]
Frame Number: 4102
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x279e (10142)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd499 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vnwk-prapi (2538), Dst Port: http (80), Seq: 1335, Ack: 145282, Len: 133
Source port: vnwk-prapi (2538)
Destination port: http (80)
[Stream index: 42]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 145282 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0x03ec [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4101]
[The RTT to ACK the segment was: 0.000228000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0083.jpg?w=405&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0083.jpg?w=405&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0083.jpg?w=405&h=640]
No. Time Source Destination Protocol Info
4114 2012-06-20 08:39:11.397443 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 4114: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:11.397443000 GMT Daylight Time
Epoch Time: 1340177951.397443000 seconds
[Time delta from previous captured frame: 0.000039000 seconds]
[Time delta from previous displayed frame: 0.270644000 seconds]
[Time since reference or first frame: 43.375657000 seconds]
Frame Number: 4114
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x27a4 (10148)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd42b [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237
Source port: vsiadmin (2539)
Destination port: http (80)
[Stream index: 43]
Sequence number: 227 (relative sequence number)
[Next sequence number: 464 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xd25e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 463]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (463 bytes): #4113(226), #4114(237)]
[Frame: 4113, payload: 0-225 (226 bytes)]
[Frame: 4114, payload: 226-462 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 463]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4158 2012-06-20 08:39:11.982307 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4158: 399 bytes on wire (3192 bits), 399 bytes captured (3192 bits)
Arrival Time: Jun 20, 2012 08:39:11.982307000 GMT Daylight Time
Epoch Time: 1340177951.982307000 seconds
[Time delta from previous captured frame: 0.000009000 seconds]
[Time delta from previous displayed frame: 0.584864000 seconds]
[Time since reference or first frame: 43.960521000 seconds]
Frame Number: 4158
Frame Length: 399 bytes (3192 bits)
Capture Length: 399 bytes (3192 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 385
Identification: 0xfde0 (64992)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x4983 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vsiadmin (2539), Seq: 34946, Ack: 464, Len: 345
Source port: http (80)
Destination port: vsiadmin (2539)
[Stream index: 43]
Sequence number: 34946 (relative sequence number)
[Next sequence number: 35291 (relative sequence number)]
Acknowledgement number: 464 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xd897 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 345]
TCP segment data (345 bytes)
[27 Reassembled TCP Segments (35290 bytes): #4117(1380), #4118(1380), #4120(1380), #4121(1380), #4123(1380), #4124(1380), #4126(445), #4128(1380), #4130(1380), #4131(1380), #4133(1380), #4134(1380), #4136(1380), #4137(1380), #4139(1380), #4]
[Frame: 4117, payload: 0-1379 (1380 bytes)]
[Frame: 4118, payload: 1380-2759 (1380 bytes)]
[Frame: 4120, payload: 2760-4139 (1380 bytes)]
[Frame: 4121, payload: 4140-5519 (1380 bytes)]
[Frame: 4123, payload: 5520-6899 (1380 bytes)]
[Frame: 4124, payload: 6900-8279 (1380 bytes)]
[Frame: 4126, payload: 8280-8724 (445 bytes)]
[Frame: 4128, payload: 8725-10104 (1380 bytes)]
[Frame: 4130, payload: 10105-11484 (1380 bytes)]
[Frame: 4131, payload: 11485-12864 (1380 bytes)]
[Frame: 4133, payload: 12865-14244 (1380 bytes)]
[Frame: 4134, payload: 14245-15624 (1380 bytes)]
[Frame: 4136, payload: 15625-17004 (1380 bytes)]
[Frame: 4137, payload: 17005-18384 (1380 bytes)]
[Frame: 4139, payload: 18385-19764 (1380 bytes)]
[Frame: 4140, payload: 19765-21144 (1380 bytes)]
[Frame: 4142, payload: 21145-22524 (1380 bytes)]
[Frame: 4143, payload: 22525-23904 (1380 bytes)]
[Frame: 4145, payload: 23905-25284 (1380 bytes)]
[Frame: 4147, payload: 25285-26664 (1380 bytes)]
[Frame: 4149, payload: 26665-28044 (1380 bytes)]
[Frame: 4150, payload: 28045-29424 (1380 bytes)]
[Frame: 4152, payload: 29425-30804 (1380 bytes)]
[Frame: 4153, payload: 30805-32184 (1380 bytes)]
[Frame: 4155, payload: 32185-33564 (1380 bytes)]
[Frame: 4156, payload: 33565-34944 (1380 bytes)]
[Frame: 4158, payload: 34945-35289 (345 bytes)]
[Segment count: 27]
[Reassembled TCP length: 35290]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:52 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 34949\r\n
[Content length: 34949]
Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:52 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7221
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 238
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4160 2012-06-20 08:39:11.982772 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 4160: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:11.982772000 GMT Daylight Time
Epoch Time: 1340177951.982772000 seconds
[Time delta from previous captured frame: 0.000132000 seconds]
[Time delta from previous displayed frame: 0.000465000 seconds]
[Time since reference or first frame: 43.960986000 seconds]
Frame Number: 4160
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x27b3 (10163)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd41c [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 664, Ack: 35291, Len: 237
Source port: vsiadmin (2539)
Destination port: http (80)
[Stream index: 43]
Sequence number: 664 (relative sequence number)
[Next sequence number: 901 (relative sequence number)]
Acknowledgement number: 35291 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0x46d0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #4159(200), #4160(237)]
[Frame: 4159, payload: 0-199 (200 bytes)]
[Frame: 4160, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4206 2012-06-20 08:39:12.401090 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4206: 1303 bytes on wire (10424 bits), 1303 bytes captured (10424 bits)
Arrival Time: Jun 20, 2012 08:39:12.401090000 GMT Daylight Time
Epoch Time: 1340177952.401090000 seconds
[Time delta from previous captured frame: 0.000053000 seconds]
[Time delta from previous displayed frame: 0.418318000 seconds]
[Time since reference or first frame: 44.379304000 seconds]
Frame Number: 4206
Frame Length: 1303 bytes (10424 bits)
Capture Length: 1303 bytes (10424 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1289
Identification: 0xfdfe (65022)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x45dd [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vsiadmin (2539), Seq: 69332, Ack: 901, Len: 1249
Source port: http (80)
Destination port: vsiadmin (2539)
[Stream index: 43]
Sequence number: 69332 (relative sequence number)
[Next sequence number: 70581 (relative sequence number)]
Acknowledgement number: 901 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xe1ad [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2629]
TCP segment data (1249 bytes)
[28 Reassembled TCP Segments (35290 bytes): #4166(1380), #4167(1380), #4169(1380), #4170(1380), #4172(1380), #4173(377), #4175(1380), #4176(1380), #4178(1380), #4179(1380), #4181(1380), #4182(340), #4184(1380), #4185(1380), #4187(1380), #41]
[Frame: 4166, payload: 0-1379 (1380 bytes)]
[Frame: 4167, payload: 1380-2759 (1380 bytes)]
[Frame: 4169, payload: 2760-4139 (1380 bytes)]
[Frame: 4170, payload: 4140-5519 (1380 bytes)]
[Frame: 4172, payload: 5520-6899 (1380 bytes)]
[Frame: 4173, payload: 6900-7276 (377 bytes)]
[Frame: 4175, payload: 7277-8656 (1380 bytes)]
[Frame: 4176, payload: 8657-10036 (1380 bytes)]
[Frame: 4178, payload: 10037-11416 (1380 bytes)]
[Frame: 4179, payload: 11417-12796 (1380 bytes)]
[Frame: 4181, payload: 12797-14176 (1380 bytes)]
[Frame: 4182, payload: 14177-14516 (340 bytes)]
[Frame: 4184, payload: 14517-15896 (1380 bytes)]
[Frame: 4185, payload: 15897-17276 (1380 bytes)]
[Frame: 4187, payload: 17277-18656 (1380 bytes)]
[Frame: 4188, payload: 18657-18860 (204 bytes)]
[Frame: 4190, payload: 18861-20240 (1380 bytes)]
[Frame: 4191, payload: 20241-21620 (1380 bytes)]
[Frame: 4193, payload: 21621-23000 (1380 bytes)]
[Frame: 4194, payload: 23001-24380 (1380 bytes)]
[Frame: 4196, payload: 24381-25760 (1380 bytes)]
[Frame: 4197, payload: 25761-27140 (1380 bytes)]
[Frame: 4199, payload: 27141-28520 (1380 bytes)]
[Frame: 4200, payload: 28521-29900 (1380 bytes)]
[Frame: 4202, payload: 29901-31280 (1380 bytes)]
[Frame: 4203, payload: 31281-32660 (1380 bytes)]
[Frame: 4205, payload: 32661-34040 (1380 bytes)]
[Frame: 4206, payload: 34041-35289 (1249 bytes)]
[Segment count: 28]
[Reassembled TCP length: 35290]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:53 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 34949\r\n
[Content length: 34949]
Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:53 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7221
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 238
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4209 2012-06-20 08:39:12.401515 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 4209: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:12.401515000 GMT Daylight Time
Epoch Time: 1340177952.401515000 seconds
[Time delta from previous captured frame: 0.000101000 seconds]
[Time delta from previous displayed frame: 0.000425000 seconds]
[Time since reference or first frame: 44.379729000 seconds]
Frame Number: 4209
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x27c3 (10179)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd40c [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 1101, Ack: 70581, Len: 237
Source port: vsiadmin (2539)
Destination port: http (80)
[Stream index: 43]
Sequence number: 1101 (relative sequence number)
[Next sequence number: 1338 (relative sequence number)]
Acknowledgement number: 70581 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xbb3f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #4208(200), #4209(237)]
[Frame: 4208, payload: 0-199 (200 bytes)]
[Frame: 4209, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4257 2012-06-20 08:39:12.844995 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4257: 1031 bytes on wire (8248 bits), 1031 bytes captured (8248 bits)
Arrival Time: Jun 20, 2012 08:39:12.844995000 GMT Daylight Time
Epoch Time: 1340177952.844995000 seconds
[Time delta from previous captured frame: 0.000010000 seconds]
[Time delta from previous displayed frame: 0.443480000 seconds]
[Time since reference or first frame: 44.823209000 seconds]
Frame Number: 4257
Frame Length: 1031 bytes (8248 bits)
Capture Length: 1031 bytes (8248 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1017
Identification: 0xfe1c (65052)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x46cf [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vsiadmin (2539), Seq: 104894, Ack: 1338, Len: 977
Source port: http (80)
Destination port: vsiadmin (2539)
[Stream index: 43]
Sequence number: 104894 (relative sequence number)
[Next sequence number: 105871 (relative sequence number)]
Acknowledgement number: 1338 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xbd37 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2357]
TCP segment data (977 bytes)
[28 Reassembled TCP Segments (35290 bytes): #4216(1380), #4217(1380), #4219(1380), #4220(1380), #4222(1380), #4223(377), #4225(1380), #4226(1380), #4228(1380), #4229(1380), #4231(1380), #4232(340), #4234(1380), #4235(1380), #4237(1380), #42]
[Frame: 4216, payload: 0-1379 (1380 bytes)]
[Frame: 4217, payload: 1380-2759 (1380 bytes)]
[Frame: 4219, payload: 2760-4139 (1380 bytes)]
[Frame: 4220, payload: 4140-5519 (1380 bytes)]
[Frame: 4222, payload: 5520-6899 (1380 bytes)]
[Frame: 4223, payload: 6900-7276 (377 bytes)]
[Frame: 4225, payload: 7277-8656 (1380 bytes)]
[Frame: 4226, payload: 8657-10036 (1380 bytes)]
[Frame: 4228, payload: 10037-11416 (1380 bytes)]
[Frame: 4229, payload: 11417-12796 (1380 bytes)]
[Frame: 4231, payload: 12797-14176 (1380 bytes)]
[Frame: 4232, payload: 14177-14516 (340 bytes)]
[Frame: 4234, payload: 14517-15896 (1380 bytes)]
[Frame: 4235, payload: 15897-17276 (1380 bytes)]
[Frame: 4237, payload: 17277-18656 (1380 bytes)]
[Frame: 4238, payload: 18657-20036 (1380 bytes)]
[Frame: 4240, payload: 20037-21416 (1380 bytes)]
[Frame: 4241, payload: 21417-22796 (1380 bytes)]
[Frame: 4243, payload: 22797-24176 (1380 bytes)]
[Frame: 4244, payload: 24177-24652 (476 bytes)]
[Frame: 4247, payload: 24653-26032 (1380 bytes)]
[Frame: 4248, payload: 26033-27412 (1380 bytes)]
[Frame: 4250, payload: 27413-28792 (1380 bytes)]
[Frame: 4251, payload: 28793-30172 (1380 bytes)]
[Frame: 4253, payload: 30173-31552 (1380 bytes)]
[Frame: 4254, payload: 31553-32932 (1380 bytes)]
[Frame: 4256, payload: 32933-34312 (1380 bytes)]
[Frame: 4257, payload: 34313-35289 (977 bytes)]
[Segment count: 28]
[Reassembled TCP length: 35290]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:53 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 34949\r\n
[Content length: 34949]
Last-Modified: Sun, 01 Nov 2009 10:31:29 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:53 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7221
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6009
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 238
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4259 2012-06-20 08:39:12.845275 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1
Frame 4259: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Arrival Time: Jun 20, 2012 08:39:12.845275000 GMT Daylight Time
Epoch Time: 1340177952.845275000 seconds
[Time delta from previous captured frame: 0.000252000 seconds]
[Time delta from previous displayed frame: 0.000280000 seconds]
[Time since reference or first frame: 44.823489000 seconds]
Frame Number: 4259
Frame Length: 188 bytes (1504 bits)
Capture Length: 188 bytes (1504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 174
Identification: 0x27d2 (10194)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd464 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vsiadmin (2539), Dst Port: http (80), Seq: 1338, Ack: 105871, Len: 134
Source port: vsiadmin (2539)
Destination port: http (80)
[Stream index: 43]
Sequence number: 1338 (relative sequence number)
[Next sequence number: 1472 (relative sequence number)]
Acknowledgement number: 105871 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x78ad [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 134]
Hypertext Transfer Protocol
HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_00931.jpg?w=238&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_00931.jpg?w=238&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00931.jpg?w=238&h=400]
No. Time Source Destination Protocol Info
4272 2012-06-20 08:39:13.113510 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 4272: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:13.113510000 GMT Daylight Time
Epoch Time: 1340177953.113510000 seconds
[Time delta from previous captured frame: 0.000101000 seconds]
[Time delta from previous displayed frame: 0.268235000 seconds]
[Time since reference or first frame: 45.091724000 seconds]
Frame Number: 4272
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x27d8 (10200)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3f7 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237
Source port: lonworks (2540)
Destination port: http (80)
[Stream index: 44]
Sequence number: 227 (relative sequence number)
[Next sequence number: 464 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x6166 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 463]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (463 bytes): #4271(226), #4272(237)]
[Frame: 4271, payload: 0-225 (226 bytes)]
[Frame: 4272, payload: 226-462 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 463]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4311 2012-06-20 08:39:13.688346 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4311: 1288 bytes on wire (10304 bits), 1288 bytes captured (10304 bits)
Arrival Time: Jun 20, 2012 08:39:13.688346000 GMT Daylight Time
Epoch Time: 1340177953.688346000 seconds
[Time delta from previous captured frame: 0.000134000 seconds]
[Time delta from previous displayed frame: 0.574836000 seconds]
[Time since reference or first frame: 45.666560000 seconds]
Frame Number: 4311
Frame Length: 1288 bytes (10304 bits)
Capture Length: 1288 bytes (10304 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1274
Identification: 0xfaf6 (64246)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x48f4 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks (2540), Seq: 26734, Ack: 464, Len: 1234
Source port: http (80)
Destination port: lonworks (2540)
[Stream index: 44]
Sequence number: 26734 (relative sequence number)
[Next sequence number: 27968 (relative sequence number)]
Acknowledgement number: 464 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x6884 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2614]
TCP segment data (1234 bytes)
[22 Reassembled TCP Segments (27967 bytes): #4278(1380), #4279(1380), #4281(1380), #4282(241), #4284(1380), #4285(1380), #4287(1380), #4288(1380), #4290(272), #4292(1380), #4294(1380), #4295(1380), #4297(1380), #4298(1380), #4300(1380), #43]
[Frame: 4278, payload: 0-1379 (1380 bytes)]
[Frame: 4279, payload: 1380-2759 (1380 bytes)]
[Frame: 4281, payload: 2760-4139 (1380 bytes)]
[Frame: 4282, payload: 4140-4380 (241 bytes)]
[Frame: 4284, payload: 4381-5760 (1380 bytes)]
[Frame: 4285, payload: 5761-7140 (1380 bytes)]
[Frame: 4287, payload: 7141-8520 (1380 bytes)]
[Frame: 4288, payload: 8521-9900 (1380 bytes)]
[Frame: 4290, payload: 9901-10172 (272 bytes)]
[Frame: 4292, payload: 10173-11552 (1380 bytes)]
[Frame: 4294, payload: 11553-12932 (1380 bytes)]
[Frame: 4295, payload: 12933-14312 (1380 bytes)]
[Frame: 4297, payload: 14313-15692 (1380 bytes)]
[Frame: 4298, payload: 15693-17072 (1380 bytes)]
[Frame: 4300, payload: 17073-18452 (1380 bytes)]
[Frame: 4301, payload: 18453-19832 (1380 bytes)]
[Frame: 4303, payload: 19833-21212 (1380 bytes)]
[Frame: 4304, payload: 21213-22592 (1380 bytes)]
[Frame: 4306, payload: 22593-23972 (1380 bytes)]
[Frame: 4308, payload: 23973-25352 (1380 bytes)]
[Frame: 4310, payload: 25353-26732 (1380 bytes)]
[Frame: 4311, payload: 26733-27966 (1234 bytes)]
[Segment count: 22]
[Reassembled TCP length: 27967]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:54 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 27627\r\n
[Content length: 27627]
Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:54 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6304
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 237
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4314 2012-06-20 08:39:13.688793 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 4314: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:13.688793000 GMT Daylight Time
Epoch Time: 1340177953.688793000 seconds
[Time delta from previous captured frame: 0.000136000 seconds]
[Time delta from previous displayed frame: 0.000447000 seconds]
[Time since reference or first frame: 45.667007000 seconds]
Frame Number: 4314
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x27e5 (10213)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3ea [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 664, Ack: 27968, Len: 237
Source port: lonworks (2540)
Destination port: http (80)
[Stream index: 44]
Sequence number: 664 (relative sequence number)
[Next sequence number: 901 (relative sequence number)]
Acknowledgement number: 27968 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xf271 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #4313(200), #4314(237)]
[Frame: 4313, payload: 0-199 (200 bytes)]
[Frame: 4314, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4352 2012-06-20 08:39:14.116379 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4352: 1084 bytes on wire (8672 bits), 1084 bytes captured (8672 bits)
Arrival Time: Jun 20, 2012 08:39:14.116379000 GMT Daylight Time
Epoch Time: 1340177954.116379000 seconds
[Time delta from previous captured frame: 0.000087000 seconds]
[Time delta from previous displayed frame: 0.427586000 seconds]
[Time since reference or first frame: 46.094593000 seconds]
Frame Number: 4352
Frame Length: 1084 bytes (8672 bits)
Capture Length: 1084 bytes (8672 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1070
Identification: 0xfb0f (64271)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x49a7 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks (2540), Seq: 54905, Ack: 901, Len: 1030
Source port: http (80)
Destination port: lonworks (2540)
[Stream index: 44]
Sequence number: 54905 (relative sequence number)
[Next sequence number: 55935 (relative sequence number)]
Acknowledgement number: 901 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xd2ee [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1030]
TCP segment data (1030 bytes)
[23 Reassembled TCP Segments (27967 bytes): #4318(1380), #4319(105), #4321(1380), #4322(1380), #4324(1380), #4325(204), #4327(1380), #4328(1380), #4330(1380), #4331(1380), #4333(1380), #4334(1380), #4336(408), #4338(1380), #4340(1380), #434]
[Frame: 4318, payload: 0-1379 (1380 bytes)]
[Frame: 4319, payload: 1380-1484 (105 bytes)]
[Frame: 4321, payload: 1485-2864 (1380 bytes)]
[Frame: 4322, payload: 2865-4244 (1380 bytes)]
[Frame: 4324, payload: 4245-5624 (1380 bytes)]
[Frame: 4325, payload: 5625-5828 (204 bytes)]
[Frame: 4327, payload: 5829-7208 (1380 bytes)]
[Frame: 4328, payload: 7209-8588 (1380 bytes)]
[Frame: 4330, payload: 8589-9968 (1380 bytes)]
[Frame: 4331, payload: 9969-11348 (1380 bytes)]
[Frame: 4333, payload: 11349-12728 (1380 bytes)]
[Frame: 4334, payload: 12729-14108 (1380 bytes)]
[Frame: 4336, payload: 14109-14516 (408 bytes)]
[Frame: 4338, payload: 14517-15896 (1380 bytes)]
[Frame: 4340, payload: 15897-17276 (1380 bytes)]
[Frame: 4341, payload: 17277-18656 (1380 bytes)]
[Frame: 4343, payload: 18657-20036 (1380 bytes)]
[Frame: 4344, payload: 20037-21416 (1380 bytes)]
[Frame: 4346, payload: 21417-22796 (1380 bytes)]
[Frame: 4347, payload: 22797-24176 (1380 bytes)]
[Frame: 4349, payload: 24177-25556 (1380 bytes)]
[Frame: 4350, payload: 25557-26936 (1380 bytes)]
[Frame: 4352, payload: 26937-27966 (1030 bytes)]
[Segment count: 23]
[Reassembled TCP length: 27967]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:54 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 27627\r\n
[Content length: 27627]
Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:54 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6304
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 237
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4354 2012-06-20 08:39:14.116838 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 4354: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:14.116838000 GMT Daylight Time
Epoch Time: 1340177954.116838000 seconds
[Time delta from previous captured frame: 0.000099000 seconds]
[Time delta from previous displayed frame: 0.000459000 seconds]
[Time since reference or first frame: 46.095052000 seconds]
Frame Number: 4354
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x27f2 (10226)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3dd [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 1101, Ack: 55935, Len: 237
Source port: lonworks (2540)
Destination port: http (80)
[Stream index: 44]
Sequence number: 1101 (relative sequence number)
[Next sequence number: 1338 (relative sequence number)]
Acknowledgement number: 55935 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 254
[Calculated window size: 65024]
[Window size scaling factor: 256]
Checksum: 0x8381 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #4353(200), #4354(237)]
[Frame: 4353, payload: 0-199 (200 bytes)]
[Frame: 4354, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4395 2012-06-20 08:39:14.513441 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4395: 948 bytes on wire (7584 bits), 948 bytes captured (7584 bits)
Arrival Time: Jun 20, 2012 08:39:14.513441000 GMT Daylight Time
Epoch Time: 1340177954.513441000 seconds
[Time delta from previous captured frame: 0.000042000 seconds]
[Time delta from previous displayed frame: 0.396603000 seconds]
[Time since reference or first frame: 46.491655000 seconds]
Frame Number: 4395
Frame Length: 948 bytes (7584 bits)
Capture Length: 948 bytes (7584 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 934
Identification: 0xfb28 (64296)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x4a16 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks (2540), Seq: 83008, Ack: 1338, Len: 894
Source port: http (80)
Destination port: lonworks (2540)
[Stream index: 44]
Sequence number: 83008 (relative sequence number)
[Next sequence number: 83902 (relative sequence number)]
Acknowledgement number: 1338 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x691d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 894]
TCP segment data (894 bytes)
[23 Reassembled TCP Segments (27967 bytes): #4360(1380), #4361(1380), #4363(1380), #4364(241), #4366(1380), #4367(1380), #4369(1380), #4370(1380), #4372(272), #4373(1380), #4375(1380), #4376(1380), #4378(1380), #4379(1380), #4381(340), #438]
[Frame: 4360, payload: 0-1379 (1380 bytes)]
[Frame: 4361, payload: 1380-2759 (1380 bytes)]
[Frame: 4363, payload: 2760-4139 (1380 bytes)]
[Frame: 4364, payload: 4140-4380 (241 bytes)]
[Frame: 4366, payload: 4381-5760 (1380 bytes)]
[Frame: 4367, payload: 5761-7140 (1380 bytes)]
[Frame: 4369, payload: 7141-8520 (1380 bytes)]
[Frame: 4370, payload: 8521-9900 (1380 bytes)]
[Frame: 4372, payload: 9901-10172 (272 bytes)]
[Frame: 4373, payload: 10173-11552 (1380 bytes)]
[Frame: 4375, payload: 11553-12932 (1380 bytes)]
[Frame: 4376, payload: 12933-14312 (1380 bytes)]
[Frame: 4378, payload: 14313-15692 (1380 bytes)]
[Frame: 4379, payload: 15693-17072 (1380 bytes)]
[Frame: 4381, payload: 17073-17412 (340 bytes)]
[Frame: 4384, payload: 17413-18792 (1380 bytes)]
[Frame: 4386, payload: 18793-20172 (1380 bytes)]
[Frame: 4387, payload: 20173-21552 (1380 bytes)]
[Frame: 4389, payload: 21553-22932 (1380 bytes)]
[Frame: 4390, payload: 22933-24312 (1380 bytes)]
[Frame: 4392, payload: 24313-25692 (1380 bytes)]
[Frame: 4393, payload: 25693-27072 (1380 bytes)]
[Frame: 4395, payload: 27073-27966 (894 bytes)]
[Segment count: 23]
[Reassembled TCP length: 27967]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:55 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 27627\r\n
[Content length: 27627]
Last-Modified: Sun, 01 Nov 2009 10:30:49 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:55 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6304
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5092
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 237
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4396 2012-06-20 08:39:14.513737 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1
Frame 4396: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Arrival Time: Jun 20, 2012 08:39:14.513737000 GMT Daylight Time
Epoch Time: 1340177954.513737000 seconds
[Time delta from previous captured frame: 0.000296000 seconds]
[Time delta from previous displayed frame: 0.000296000 seconds]
[Time since reference or first frame: 46.491951000 seconds]
Frame Number: 4396
Frame Length: 188 bytes (1504 bits)
Capture Length: 188 bytes (1504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 174
Identification: 0x27fe (10238)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd438 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks (2540), Dst Port: http (80), Seq: 1338, Ack: 83902, Len: 134
Source port: lonworks (2540)
Destination port: http (80)
[Stream index: 44]
Sequence number: 1338 (relative sequence number)
[Next sequence number: 1472 (relative sequence number)]
Acknowledgement number: 83902 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0x5e8a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4395]
[The RTT to ACK the segment was: 0.000296000 seconds]
[Bytes in flight: 134]
Hypertext Transfer Protocol
HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_00921.jpg?w=237&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_00921.jpg?w=237&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_00921.jpg?w=237&h=400]
No. Time Source Destination Protocol Info
4407 2012-06-20 08:39:14.782502 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 4407: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:14.782502000 GMT Daylight Time
Epoch Time: 1340177954.782502000 seconds
[Time delta from previous captured frame: 0.000128000 seconds]
[Time delta from previous displayed frame: 0.268765000 seconds]
[Time since reference or first frame: 46.760716000 seconds]
Frame Number: 4407
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2804 (10244)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3cb [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: lonworks2 (2541)
Destination port: http (80)
[Stream index: 46]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x3022 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #4406(225), #4407(237)]
[Frame: 4406, payload: 0-224 (225 bytes)]
[Frame: 4407, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4465 2012-06-20 08:39:15.329019 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4465: 817 bytes on wire (6536 bits), 817 bytes captured (6536 bits)
Arrival Time: Jun 20, 2012 08:39:15.329019000 GMT Daylight Time
Epoch Time: 1340177955.329019000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.546517000 seconds]
[Time since reference or first frame: 47.307233000 seconds]
Frame Number: 4465
Frame Length: 817 bytes (6536 bits)
Capture Length: 817 bytes (6536 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 803
Identification: 0xab47 (43847)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x9a7a [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks2 (2541), Seq: 46122, Ack: 463, Len: 763
Source port: http (80)
Destination port: lonworks2 (2541)
[Stream index: 46]
Sequence number: 46122 (relative sequence number)
[Next sequence number: 46885 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x493e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 763]
TCP segment data (763 bytes)
[35 Reassembled TCP Segments (46884 bytes): #4412(1380), #4413(1380), #4415(1380), #4416(1380), #4418(1380), #4419(1380), #4421(1380), #4422(1380), #4424(581), #4425(1380), #4428(1380), #4429(1380), #4431(1380), #4432(1380), #4434(1380), #4]
[Frame: 4412, payload: 0-1379 (1380 bytes)]
[Frame: 4413, payload: 1380-2759 (1380 bytes)]
[Frame: 4415, payload: 2760-4139 (1380 bytes)]
[Frame: 4416, payload: 4140-5519 (1380 bytes)]
[Frame: 4418, payload: 5520-6899 (1380 bytes)]
[Frame: 4419, payload: 6900-8279 (1380 bytes)]
[Frame: 4421, payload: 8280-9659 (1380 bytes)]
[Frame: 4422, payload: 9660-11039 (1380 bytes)]
[Frame: 4424, payload: 11040-11620 (581 bytes)]
[Frame: 4425, payload: 11621-13000 (1380 bytes)]
[Frame: 4428, payload: 13001-14380 (1380 bytes)]
[Frame: 4429, payload: 14381-15760 (1380 bytes)]
[Frame: 4431, payload: 15761-17140 (1380 bytes)]
[Frame: 4432, payload: 17141-18520 (1380 bytes)]
[Frame: 4434, payload: 18521-19900 (1380 bytes)]
[Frame: 4435, payload: 19901-21280 (1380 bytes)]
[Frame: 4437, payload: 21281-22660 (1380 bytes)]
[Frame: 4438, payload: 22661-24040 (1380 bytes)]
[Frame: 4440, payload: 24041-25420 (1380 bytes)]
[Frame: 4441, payload: 25421-26800 (1380 bytes)]
[Frame: 4443, payload: 26801-28180 (1380 bytes)]
[Frame: 4444, payload: 28181-29560 (1380 bytes)]
[Frame: 4446, payload: 29561-30940 (1380 bytes)]
[Frame: 4447, payload: 30941-32320 (1380 bytes)]
[Frame: 4449, payload: 32321-33700 (1380 bytes)]
[Frame: 4451, payload: 33701-35080 (1380 bytes)]
[Frame: 4453, payload: 35081-36460 (1380 bytes)]
[Frame: 4454, payload: 36461-37840 (1380 bytes)]
[Frame: 4456, payload: 37841-39220 (1380 bytes)]
[Frame: 4457, payload: 39221-40600 (1380 bytes)]
[Frame: 4459, payload: 40601-41980 (1380 bytes)]
[Frame: 4460, payload: 41981-43360 (1380 bytes)]
[Frame: 4462, payload: 43361-44740 (1380 bytes)]
[Frame: 4463, payload: 44741-46120 (1380 bytes)]
[Frame: 4465, payload: 46121-46883 (763 bytes)]
[Segment count: 35]
[Reassembled TCP length: 46884]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:56 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 46544\r\n
[Content length: 46544]
Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:56 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 80\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7881
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4467 2012-06-20 08:39:15.329484 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 4467: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:15.329484000 GMT Daylight Time
Epoch Time: 1340177955.329484000 seconds
[Time delta from previous captured frame: 0.000102000 seconds]
[Time delta from previous displayed frame: 0.000465000 seconds]
[Time since reference or first frame: 47.307698000 seconds]
Frame Number: 4467
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2817 (10263)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3b8 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 662, Ack: 46885, Len: 237
Source port: lonworks2 (2541)
Destination port: http (80)
[Stream index: 46]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 46885 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0x774c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #4466(199), #4467(237)]
[Frame: 4466, payload: 0-198 (199 bytes)]
[Frame: 4467, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4528 2012-06-20 08:39:15.740510 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4528: 409 bytes on wire (3272 bits), 409 bytes captured (3272 bits)
Arrival Time: Jun 20, 2012 08:39:15.740510000 GMT Daylight Time
Epoch Time: 1340177955.740510000 seconds
[Time delta from previous captured frame: 0.000024000 seconds]
[Time delta from previous displayed frame: 0.411026000 seconds]
[Time since reference or first frame: 47.718724000 seconds]
Frame Number: 4528
Frame Length: 409 bytes (3272 bits)
Capture Length: 409 bytes (3272 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 395
Identification: 0xab6e (43886)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x9beb [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks2 (2541), Seq: 93414, Ack: 899, Len: 355
Source port: http (80)
Destination port: lonworks2 (2541)
[Stream index: 46]
Sequence number: 93414 (relative sequence number)
[Next sequence number: 93769 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x6d07 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 355]
TCP segment data (355 bytes)
[37 Reassembled TCP Segments (46884 bytes): #4474(1380), #4475(1380), #4477(1380), #4478(1380), #4480(309), #4481(1380), #4483(1380), #4484(1380), #4486(1380), #4487(1380), #4489(1380), #4490(408), #4492(1380), #4493(1380), #4495(1380), #44]
[Frame: 4474, payload: 0-1379 (1380 bytes)]
[Frame: 4475, payload: 1380-2759 (1380 bytes)]
[Frame: 4477, payload: 2760-4139 (1380 bytes)]
[Frame: 4478, payload: 4140-5519 (1380 bytes)]
[Frame: 4480, payload: 5520-5828 (309 bytes)]
[Frame: 4481, payload: 5829-7208 (1380 bytes)]
[Frame: 4483, payload: 7209-8588 (1380 bytes)]
[Frame: 4484, payload: 8589-9968 (1380 bytes)]
[Frame: 4486, payload: 9969-11348 (1380 bytes)]
[Frame: 4487, payload: 11349-12728 (1380 bytes)]
[Frame: 4489, payload: 12729-14108 (1380 bytes)]
[Frame: 4490, payload: 14109-14516 (408 bytes)]
[Frame: 4492, payload: 14517-15896 (1380 bytes)]
[Frame: 4493, payload: 15897-17276 (1380 bytes)]
[Frame: 4495, payload: 17277-18656 (1380 bytes)]
[Frame: 4496, payload: 18657-20036 (1380 bytes)]
[Frame: 4498, payload: 20037-20308 (272 bytes)]
[Frame: 4499, payload: 20309-21688 (1380 bytes)]
[Frame: 4501, payload: 21689-23068 (1380 bytes)]
[Frame: 4502, payload: 23069-24448 (1380 bytes)]
[Frame: 4504, payload: 24449-25828 (1380 bytes)]
[Frame: 4505, payload: 25829-27208 (1380 bytes)]
[Frame: 4507, payload: 27209-28588 (1380 bytes)]
[Frame: 4508, payload: 28589-29968 (1380 bytes)]
[Frame: 4510, payload: 29969-31348 (1380 bytes)]
[Frame: 4511, payload: 31349-32728 (1380 bytes)]
[Frame: 4513, payload: 32729-34108 (1380 bytes)]
[Frame: 4514, payload: 34109-35488 (1380 bytes)]
[Frame: 4516, payload: 35489-36868 (1380 bytes)]
[Frame: 4517, payload: 36869-38248 (1380 bytes)]
[Frame: 4519, payload: 38249-39628 (1380 bytes)]
[Frame: 4520, payload: 39629-41008 (1380 bytes)]
[Frame: 4522, payload: 41009-42388 (1380 bytes)]
[Frame: 4523, payload: 42389-43768 (1380 bytes)]
[Frame: 4525, payload: 43769-45148 (1380 bytes)]
[Frame: 4526, payload: 45149-46528 (1380 bytes)]
[Frame: 4528, payload: 46529-46883 (355 bytes)]
[Segment count: 37]
[Reassembled TCP length: 46884]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:56 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 46544\r\n
[Content length: 46544]
Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:56 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 80\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7881
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4530 2012-06-20 08:39:15.740812 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 4530: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:15.740812000 GMT Daylight Time
Epoch Time: 1340177955.740812000 seconds
[Time delta from previous captured frame: 0.000046000 seconds]
[Time delta from previous displayed frame: 0.000302000 seconds]
[Time since reference or first frame: 47.719026000 seconds]
Frame Number: 4530
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x282b (10283)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3a4 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 1098, Ack: 93769, Len: 237
Source port: lonworks2 (2541)
Destination port: http (80)
[Stream index: 46]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 93769 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0xbe71 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #4529(199), #4530(237)]
[Frame: 4529, payload: 0-198 (199 bytes)]
[Frame: 4530, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4587 2012-06-20 08:39:16.154182 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4587: 1041 bytes on wire (8328 bits), 1041 bytes captured (8328 bits)
Arrival Time: Jun 20, 2012 08:39:16.154182000 GMT Daylight Time
Epoch Time: 1340177956.154182000 seconds
[Time delta from previous captured frame: 0.000022000 seconds]
[Time delta from previous displayed frame: 0.413370000 seconds]
[Time since reference or first frame: 48.132396000 seconds]
Frame Number: 4587
Frame Length: 1041 bytes (8328 bits)
Capture Length: 1041 bytes (8328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1027
Identification: 0xab95 (43925)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x994c [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: lonworks2 (2541), Seq: 139666, Ack: 1335, Len: 987
Source port: http (80)
Destination port: lonworks2 (2541)
[Stream index: 46]
Sequence number: 139666 (relative sequence number)
[Next sequence number: 140653 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x02ab [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 987]
TCP segment data (987 bytes)
[37 Reassembled TCP Segments (46884 bytes): #4533(1380), #4534(1380), #4536(1380), #4537(1380), #4539(1380), #4540(1380), #4542(1380), #4543(513), #4545(1380), #4546(1380), #4548(1380), #4549(204), #4551(1380), #4552(1380), #4554(136), #455]
[Frame: 4533, payload: 0-1379 (1380 bytes)]
[Frame: 4534, payload: 1380-2759 (1380 bytes)]
[Frame: 4536, payload: 2760-4139 (1380 bytes)]
[Frame: 4537, payload: 4140-5519 (1380 bytes)]
[Frame: 4539, payload: 5520-6899 (1380 bytes)]
[Frame: 4540, payload: 6900-8279 (1380 bytes)]
[Frame: 4542, payload: 8280-9659 (1380 bytes)]
[Frame: 4543, payload: 9660-10172 (513 bytes)]
[Frame: 4545, payload: 10173-11552 (1380 bytes)]
[Frame: 4546, payload: 11553-12932 (1380 bytes)]
[Frame: 4548, payload: 12933-14312 (1380 bytes)]
[Frame: 4549, payload: 14313-14516 (204 bytes)]
[Frame: 4551, payload: 14517-15896 (1380 bytes)]
[Frame: 4552, payload: 15897-17276 (1380 bytes)]
[Frame: 4554, payload: 17277-17412 (136 bytes)]
[Frame: 4555, payload: 17413-18792 (1380 bytes)]
[Frame: 4557, payload: 18793-20172 (1380 bytes)]
[Frame: 4558, payload: 20173-21552 (1380 bytes)]
[Frame: 4560, payload: 21553-22932 (1380 bytes)]
[Frame: 4561, payload: 22933-24312 (1380 bytes)]
[Frame: 4563, payload: 24313-25692 (1380 bytes)]
[Frame: 4564, payload: 25693-27072 (1380 bytes)]
[Frame: 4566, payload: 27073-28452 (1380 bytes)]
[Frame: 4567, payload: 28453-29832 (1380 bytes)]
[Frame: 4569, payload: 29833-31212 (1380 bytes)]
[Frame: 4570, payload: 31213-32592 (1380 bytes)]
[Frame: 4572, payload: 32593-33972 (1380 bytes)]
[Frame: 4573, payload: 33973-35352 (1380 bytes)]
[Frame: 4575, payload: 35353-36236 (884 bytes)]
[Frame: 4576, payload: 36237-37616 (1380 bytes)]
[Frame: 4578, payload: 37617-38996 (1380 bytes)]
[Frame: 4579, payload: 38997-40376 (1380 bytes)]
[Frame: 4581, payload: 40377-41756 (1380 bytes)]
[Frame: 4582, payload: 41757-43136 (1380 bytes)]
[Frame: 4584, payload: 43137-44516 (1380 bytes)]
[Frame: 4585, payload: 44517-45896 (1380 bytes)]
[Frame: 4587, payload: 45897-46883 (987 bytes)]
[Segment count: 37]
[Reassembled TCP length: 46884]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:57 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 46544\r\n
[Content length: 46544]
Last-Modified: Sun, 01 Nov 2009 15:23:12 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:57 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 80\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7881
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 6669
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4588 2012-06-20 08:39:16.154521 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1
Frame 4588: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:16.154521000 GMT Daylight Time
Epoch Time: 1340177956.154521000 seconds
[Time delta from previous captured frame: 0.000339000 seconds]
[Time delta from previous displayed frame: 0.000339000 seconds]
[Time since reference or first frame: 48.132735000 seconds]
Frame Number: 4588
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x283e (10302)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3f9 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: lonworks2 (2541), Dst Port: http (80), Seq: 1335, Ack: 140653, Len: 133
Source port: lonworks2 (2541)
Destination port: http (80)
[Stream index: 46]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 140653 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 254
[Calculated window size: 65024]
[Window size scaling factor: 256]
Checksum: 0x33f3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4587]
[The RTT to ACK the segment was: 0.000339000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0101.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0101.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0101.jpg?w=270&h=400]
No. Time Source Destination Protocol Info
4599 2012-06-20 08:39:16.424284 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 4599: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:16.424284000 GMT Daylight Time
Epoch Time: 1340177956.424284000 seconds
[Time delta from previous captured frame: 0.000130000 seconds]
[Time delta from previous displayed frame: 0.269763000 seconds]
[Time since reference or first frame: 48.402498000 seconds]
Frame Number: 4599
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2844 (10308)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd38b [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: udrawgraph (2542)
Destination port: http (80)
[Stream index: 47]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xb43c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #4598(225), #4599(237)]
[Frame: 4598, payload: 0-224 (225 bytes)]
[Frame: 4599, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4650 2012-06-20 08:39:16.962154 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4650: 1013 bytes on wire (8104 bits), 1013 bytes captured (8104 bits)
Arrival Time: Jun 20, 2012 08:39:16.962154000 GMT Daylight Time
Epoch Time: 1340177956.962154000 seconds
[Time delta from previous captured frame: 0.000014000 seconds]
[Time delta from previous displayed frame: 0.537870000 seconds]
[Time since reference or first frame: 48.940368000 seconds]
Frame Number: 4650
Frame Length: 1013 bytes (8104 bits)
Capture Length: 1013 bytes (8104 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 999
Identification: 0x0a92 (2706)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x3a6c [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: udrawgraph (2542), Seq: 34946, Ack: 463, Len: 959
Source port: http (80)
Destination port: udrawgraph (2542)
[Stream index: 47]
Sequence number: 34946 (relative sequence number)
[Next sequence number: 35905 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x3bd9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 959]
TCP segment data (959 bytes)
[27 Reassembled TCP Segments (35904 bytes): #4609(1380), #4610(1380), #4612(1380), #4613(1380), #4615(1380), #4616(1380), #4618(445), #4620(1380), #4622(1380), #4623(1380), #4625(1380), #4626(1380), #4628(1380), #4629(1380), #4631(1380), #4]
[Frame: 4609, payload: 0-1379 (1380 bytes)]
[Frame: 4610, payload: 1380-2759 (1380 bytes)]
[Frame: 4612, payload: 2760-4139 (1380 bytes)]
[Frame: 4613, payload: 4140-5519 (1380 bytes)]
[Frame: 4615, payload: 5520-6899 (1380 bytes)]
[Frame: 4616, payload: 6900-8279 (1380 bytes)]
[Frame: 4618, payload: 8280-8724 (445 bytes)]
[Frame: 4620, payload: 8725-10104 (1380 bytes)]
[Frame: 4622, payload: 10105-11484 (1380 bytes)]
[Frame: 4623, payload: 11485-12864 (1380 bytes)]
[Frame: 4625, payload: 12865-14244 (1380 bytes)]
[Frame: 4626, payload: 14245-15624 (1380 bytes)]
[Frame: 4628, payload: 15625-17004 (1380 bytes)]
[Frame: 4629, payload: 17005-18384 (1380 bytes)]
[Frame: 4631, payload: 18385-19764 (1380 bytes)]
[Frame: 4632, payload: 19765-21144 (1380 bytes)]
[Frame: 4634, payload: 21145-22524 (1380 bytes)]
[Frame: 4635, payload: 22525-23904 (1380 bytes)]
[Frame: 4637, payload: 23905-25284 (1380 bytes)]
[Frame: 4639, payload: 25285-26664 (1380 bytes)]
[Frame: 4641, payload: 26665-28044 (1380 bytes)]
[Frame: 4642, payload: 28045-29424 (1380 bytes)]
[Frame: 4644, payload: 29425-30804 (1380 bytes)]
[Frame: 4645, payload: 30805-32184 (1380 bytes)]
[Frame: 4647, payload: 32185-33564 (1380 bytes)]
[Frame: 4648, payload: 33565-34944 (1380 bytes)]
[Frame: 4650, payload: 34945-35903 (959 bytes)]
[Segment count: 27]
[Reassembled TCP length: 35904]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:57 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 35564\r\n
[Content length: 35564]
Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:57 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7094
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4652 2012-06-20 08:39:16.962552 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 4652: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:16.962552000 GMT Daylight Time
Epoch Time: 1340177956.962552000 seconds
[Time delta from previous captured frame: 0.000102000 seconds]
[Time delta from previous displayed frame: 0.000398000 seconds]
[Time since reference or first frame: 48.940766000 seconds]
Frame Number: 4652
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2853 (10323)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd37c [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 662, Ack: 35905, Len: 237
Source port: udrawgraph (2542)
Destination port: http (80)
[Stream index: 47]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 35905 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0x264b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #4651(199), #4652(237)]
[Frame: 4651, payload: 0-198 (199 bytes)]
[Frame: 4652, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4702 2012-06-20 08:39:17.434443 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4702: 741 bytes on wire (5928 bits), 741 bytes captured (5928 bits)
Arrival Time: Jun 20, 2012 08:39:17.434443000 GMT Daylight Time
Epoch Time: 1340177957.434443000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.471891000 seconds]
[Time since reference or first frame: 49.412657000 seconds]
Frame Number: 4702
Frame Length: 741 bytes (5928 bits)
Capture Length: 741 bytes (5928 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 727
Identification: 0x0ab1 (2737)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x3b5d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: udrawgraph (2542), Seq: 71122, Ack: 899, Len: 687
Source port: http (80)
Destination port: udrawgraph (2542)
[Stream index: 47]
Sequence number: 71122 (relative sequence number)
[Next sequence number: 71809 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x202c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 687]
TCP segment data (687 bytes)
[29 Reassembled TCP Segments (35904 bytes): #4659(1380), #4660(1380), #4662(1380), #4663(1380), #4665(1380), #4666(377), #4668(1380), #4669(1380), #4671(1380), #4672(1380), #4674(272), #4675(1380), #4677(68), #4679(1380), #4681(1380), #4682]
[Frame: 4659, payload: 0-1379 (1380 bytes)]
[Frame: 4660, payload: 1380-2759 (1380 bytes)]
[Frame: 4662, payload: 2760-4139 (1380 bytes)]
[Frame: 4663, payload: 4140-5519 (1380 bytes)]
[Frame: 4665, payload: 5520-6899 (1380 bytes)]
[Frame: 4666, payload: 6900-7276 (377 bytes)]
[Frame: 4668, payload: 7277-8656 (1380 bytes)]
[Frame: 4669, payload: 8657-10036 (1380 bytes)]
[Frame: 4671, payload: 10037-11416 (1380 bytes)]
[Frame: 4672, payload: 11417-12796 (1380 bytes)]
[Frame: 4674, payload: 12797-13068 (272 bytes)]
[Frame: 4675, payload: 13069-14448 (1380 bytes)]
[Frame: 4677, payload: 14449-14516 (68 bytes)]
[Frame: 4679, payload: 14517-15896 (1380 bytes)]
[Frame: 4681, payload: 15897-17276 (1380 bytes)]
[Frame: 4682, payload: 17277-18656 (1380 bytes)]
[Frame: 4684, payload: 18657-20036 (1380 bytes)]
[Frame: 4685, payload: 20037-21416 (1380 bytes)]
[Frame: 4687, payload: 21417-22796 (1380 bytes)]
[Frame: 4688, payload: 22797-24176 (1380 bytes)]
[Frame: 4690, payload: 24177-25556 (1380 bytes)]
[Frame: 4691, payload: 25557-26936 (1380 bytes)]
[Frame: 4693, payload: 26937-28316 (1380 bytes)]
[Frame: 4694, payload: 28317-29696 (1380 bytes)]
[Frame: 4696, payload: 29697-31076 (1380 bytes)]
[Frame: 4697, payload: 31077-32456 (1380 bytes)]
[Frame: 4699, payload: 32457-33836 (1380 bytes)]
[Frame: 4700, payload: 33837-35216 (1380 bytes)]
[Frame: 4702, payload: 35217-35903 (687 bytes)]
[Segment count: 29]
[Reassembled TCP length: 35904]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:58 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 35564\r\n
[Content length: 35564]
Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:58 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7094
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4704 2012-06-20 08:39:17.434788 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 4704: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:17.434788000 GMT Daylight Time
Epoch Time: 1340177957.434788000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.000345000 seconds]
[Time since reference or first frame: 49.413002000 seconds]
Frame Number: 4704
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2863 (10339)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd36c [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 1098, Ack: 71809, Len: 237
Source port: udrawgraph (2542)
Destination port: http (80)
[Stream index: 47]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 71809 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 256
[Calculated window size: 65536]
[Window size scaling factor: 256]
Checksum: 0x9855 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #4703(199), #4704(237)]
[Frame: 4703, payload: 0-198 (199 bytes)]
[Frame: 4704, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4754 2012-06-20 08:39:17.845530 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4754: 1373 bytes on wire (10984 bits), 1373 bytes captured (10984 bits)
Arrival Time: Jun 20, 2012 08:39:17.845530000 GMT Daylight Time
Epoch Time: 1340177957.845530000 seconds
[Time delta from previous captured frame: 0.000084000 seconds]
[Time delta from previous displayed frame: 0.410742000 seconds]
[Time since reference or first frame: 49.823744000 seconds]
Frame Number: 4754
Frame Length: 1373 bytes (10984 bits)
Capture Length: 1373 bytes (10984 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1359
Identification: 0x0ad0 (2768)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x38c6 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: udrawgraph (2542), Seq: 106394, Ack: 1335, Len: 1319
Source port: http (80)
Destination port: udrawgraph (2542)
[Stream index: 47]
Sequence number: 106394 (relative sequence number)
[Next sequence number: 107713 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x622c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1319]
TCP segment data (1319 bytes)
[29 Reassembled TCP Segments (35904 bytes): #4711(1380), #4712(1380), #4714(173), #4715(1380), #4717(1380), #4718(1380), #4720(1380), #4721(1380), #4723(1380), #4724(1380), #4726(476), #4727(1380), #4729(1380), #4730(136), #4732(1380), #473]
[Frame: 4711, payload: 0-1379 (1380 bytes)]
[Frame: 4712, payload: 1380-2759 (1380 bytes)]
[Frame: 4714, payload: 2760-2932 (173 bytes)]
[Frame: 4715, payload: 2933-4312 (1380 bytes)]
[Frame: 4717, payload: 4313-5692 (1380 bytes)]
[Frame: 4718, payload: 5693-7072 (1380 bytes)]
[Frame: 4720, payload: 7073-8452 (1380 bytes)]
[Frame: 4721, payload: 8453-9832 (1380 bytes)]
[Frame: 4723, payload: 9833-11212 (1380 bytes)]
[Frame: 4724, payload: 11213-12592 (1380 bytes)]
[Frame: 4726, payload: 12593-13068 (476 bytes)]
[Frame: 4727, payload: 13069-14448 (1380 bytes)]
[Frame: 4729, payload: 14449-15828 (1380 bytes)]
[Frame: 4730, payload: 15829-15964 (136 bytes)]
[Frame: 4732, payload: 15965-17344 (1380 bytes)]
[Frame: 4733, payload: 17345-18724 (1380 bytes)]
[Frame: 4735, payload: 18725-20104 (1380 bytes)]
[Frame: 4736, payload: 20105-21484 (1380 bytes)]
[Frame: 4738, payload: 21485-22864 (1380 bytes)]
[Frame: 4739, payload: 22865-24244 (1380 bytes)]
[Frame: 4741, payload: 24245-25624 (1380 bytes)]
[Frame: 4742, payload: 25625-27004 (1380 bytes)]
[Frame: 4744, payload: 27005-28384 (1380 bytes)]
[Frame: 4745, payload: 28385-29764 (1380 bytes)]
[Frame: 4747, payload: 29765-30444 (680 bytes)]
[Frame: 4749, payload: 30445-31824 (1380 bytes)]
[Frame: 4751, payload: 31825-33204 (1380 bytes)]
[Frame: 4752, payload: 33205-34584 (1380 bytes)]
[Frame: 4754, payload: 34585-35903 (1319 bytes)]
[Segment count: 29]
[Reassembled TCP length: 35904]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:58 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 35564\r\n
[Content length: 35564]
Last-Modified: Sun, 01 Nov 2009 15:22:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:58 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7094
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5882
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 270
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4755 2012-06-20 08:39:17.845874 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1
Frame 4755: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:17.845874000 GMT Daylight Time
Epoch Time: 1340177957.845874000 seconds
[Time delta from previous captured frame: 0.000344000 seconds]
[Time delta from previous displayed frame: 0.000344000 seconds]
[Time since reference or first frame: 49.824088000 seconds]
Frame Number: 4755
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2872 (10354)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd3c5 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: udrawgraph (2542), Dst Port: http (80), Seq: 1335, Ack: 107713, Len: 133
Source port: udrawgraph (2542)
Destination port: http (80)
[Stream index: 47]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 107713 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0x38bc [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4754]
[The RTT to ACK the segment was: 0.000344000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0100.jpg?w=270&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0100.jpg?w=270&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0100.jpg?w=270&h=400]
No. Time Source Destination Protocol Info
4771 2012-06-20 08:39:18.115729 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 4771: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:18.115729000 GMT Daylight Time
Epoch Time: 1340177958.115729000 seconds
[Time delta from previous captured frame: 0.000128000 seconds]
[Time delta from previous displayed frame: 0.269855000 seconds]
[Time since reference or first frame: 50.093943000 seconds]
Frame Number: 4771
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x287a (10362)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd355 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: reftek (2543)
Destination port: http (80)
[Stream index: 48]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x646f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #4770(225), #4771(237)]
[Frame: 4770, payload: 0-224 (225 bytes)]
[Frame: 4771, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4840 2012-06-20 08:39:18.688221 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4840: 281 bytes on wire (2248 bits), 281 bytes captured (2248 bits)
Arrival Time: Jun 20, 2012 08:39:18.688221000 GMT Daylight Time
Epoch Time: 1340177958.688221000 seconds
[Time delta from previous captured frame: 0.000062000 seconds]
[Time delta from previous displayed frame: 0.572492000 seconds]
[Time since reference or first frame: 50.666435000 seconds]
Frame Number: 4840
Frame Length: 281 bytes (2248 bits)
Capture Length: 281 bytes (2248 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 267
Identification: 0x7e5b (32347)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xc97e [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: reftek (2543), Seq: 52954, Ack: 463, Len: 227
Source port: http (80)
Destination port: reftek (2543)
[Stream index: 48]
Sequence number: 52954 (relative sequence number)
[Next sequence number: 53181 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xf412 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1607]
TCP segment data (227 bytes)
[40 Reassembled TCP Segments (53180 bytes): #4778(1380), #4779(1380), #4781(1380), #4782(1380), #4784(1380), #4785(1380), #4787(1380), #4788(513), #4790(1380), #4791(1380), #4796(1380), #4797(1380), #4799(1380), #4800(1380), #4802(1380), #4]
[Frame: 4778, payload: 0-1379 (1380 bytes)]
[Frame: 4779, payload: 1380-2759 (1380 bytes)]
[Frame: 4781, payload: 2760-4139 (1380 bytes)]
[Frame: 4782, payload: 4140-5519 (1380 bytes)]
[Frame: 4784, payload: 5520-6899 (1380 bytes)]
[Frame: 4785, payload: 6900-8279 (1380 bytes)]
[Frame: 4787, payload: 8280-9659 (1380 bytes)]
[Frame: 4788, payload: 9660-10172 (513 bytes)]
[Frame: 4790, payload: 10173-11552 (1380 bytes)]
[Frame: 4791, payload: 11553-12932 (1380 bytes)]
[Frame: 4796, payload: 12933-14312 (1380 bytes)]
[Frame: 4797, payload: 14313-15692 (1380 bytes)]
[Frame: 4799, payload: 15693-17072 (1380 bytes)]
[Frame: 4800, payload: 17073-18452 (1380 bytes)]
[Frame: 4802, payload: 18453-19832 (1380 bytes)]
[Frame: 4803, payload: 19833-21212 (1380 bytes)]
[Frame: 4805, payload: 21213-22592 (1380 bytes)]
[Frame: 4806, payload: 22593-23972 (1380 bytes)]
[Frame: 4808, payload: 23973-25352 (1380 bytes)]
[Frame: 4809, payload: 25353-26732 (1380 bytes)]
[Frame: 4811, payload: 26733-28112 (1380 bytes)]
[Frame: 4812, payload: 28113-29492 (1380 bytes)]
[Frame: 4814, payload: 29493-30872 (1380 bytes)]
[Frame: 4815, payload: 30873-32252 (1380 bytes)]
[Frame: 4817, payload: 32253-33632 (1380 bytes)]
[Frame: 4819, payload: 33633-35012 (1380 bytes)]
[Frame: 4821, payload: 35013-36392 (1380 bytes)]
[Frame: 4822, payload: 36393-37772 (1380 bytes)]
[Frame: 4824, payload: 37773-39152 (1380 bytes)]
[Frame: 4825, payload: 39153-40532 (1380 bytes)]
[Frame: 4827, payload: 40533-41912 (1380 bytes)]
[Frame: 4828, payload: 41913-43292 (1380 bytes)]
[Frame: 4830, payload: 43293-44672 (1380 bytes)]
[Frame: 4831, payload: 44673-46052 (1380 bytes)]
[Frame: 4833, payload: 46053-47432 (1380 bytes)]
[Frame: 4834, payload: 47433-48812 (1380 bytes)]
[Frame: 4836, payload: 48813-50192 (1380 bytes)]
[Frame: 4837, payload: 50193-51572 (1380 bytes)]
[Frame: 4839, payload: 51573-52952 (1380 bytes)]
[Frame: 4840, payload: 52953-53179 (227 bytes)]
[Segment count: 40]
[Reassembled TCP length: 53180]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:40:59 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 52840\r\n
[Content length: 52840]
Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n
Expires: Thu, 20 Jun 2013 07:40:59 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 70\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10026
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 379
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4843 2012-06-20 08:39:18.688587 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 4843: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:18.688587000 GMT Daylight Time
Epoch Time: 1340177958.688587000 seconds
[Time delta from previous captured frame: 0.000103000 seconds]
[Time delta from previous displayed frame: 0.000366000 seconds]
[Time since reference or first frame: 50.666801000 seconds]
Frame Number: 4843
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2890 (10384)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd33f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 662, Ack: 53181, Len: 237
Source port: reftek (2543)
Destination port: http (80)
[Stream index: 48]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 53181 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x92fe [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #4842(199), #4843(237)]
[Frame: 4842, payload: 0-198 (199 bytes)]
[Frame: 4843, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4906 2012-06-20 08:39:19.136230 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4906: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits)
Arrival Time: Jun 20, 2012 08:39:19.136230000 GMT Daylight Time
Epoch Time: 1340177959.136230000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.447643000 seconds]
[Time since reference or first frame: 51.114444000 seconds]
Frame Number: 4906
Frame Length: 777 bytes (6216 bits)
Capture Length: 777 bytes (6216 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 763
Identification: 0x7e85 (32389)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xc764 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: reftek (2543), Seq: 105638, Ack: 899, Len: 723
Source port: http (80)
Destination port: reftek (2543)
[Stream index: 48]
Sequence number: 105638 (relative sequence number)
[Next sequence number: 106361 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x7416 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2103]
TCP segment data (723 bytes)
[40 Reassembled TCP Segments (53180 bytes): #4847(1380), #4848(1380), #4850(1380), #4851(1380), #4853(1380), #4854(1380), #4856(1380), #4857(1380), #4859(1380), #4860(1380), #4862(717), #4863(1380), #4865(1380), #4866(1380), #4868(1380), #4]
[Frame: 4847, payload: 0-1379 (1380 bytes)]
[Frame: 4848, payload: 1380-2759 (1380 bytes)]
[Frame: 4850, payload: 2760-4139 (1380 bytes)]
[Frame: 4851, payload: 4140-5519 (1380 bytes)]
[Frame: 4853, payload: 5520-6899 (1380 bytes)]
[Frame: 4854, payload: 6900-8279 (1380 bytes)]
[Frame: 4856, payload: 8280-9659 (1380 bytes)]
[Frame: 4857, payload: 9660-11039 (1380 bytes)]
[Frame: 4859, payload: 11040-12419 (1380 bytes)]
[Frame: 4860, payload: 12420-13799 (1380 bytes)]
[Frame: 4862, payload: 13800-14516 (717 bytes)]
[Frame: 4863, payload: 14517-15896 (1380 bytes)]
[Frame: 4865, payload: 15897-17276 (1380 bytes)]
[Frame: 4866, payload: 17277-18656 (1380 bytes)]
[Frame: 4868, payload: 18657-20036 (1380 bytes)]
[Frame: 4869, payload: 20037-21416 (1380 bytes)]
[Frame: 4871, payload: 21417-22796 (1380 bytes)]
[Frame: 4872, payload: 22797-24176 (1380 bytes)]
[Frame: 4874, payload: 24177-25556 (1380 bytes)]
[Frame: 4875, payload: 25557-26936 (1380 bytes)]
[Frame: 4877, payload: 26937-28316 (1380 bytes)]
[Frame: 4878, payload: 28317-28996 (680 bytes)]
[Frame: 4881, payload: 28997-30376 (1380 bytes)]
[Frame: 4882, payload: 30377-31756 (1380 bytes)]
[Frame: 4884, payload: 31757-33136 (1380 bytes)]
[Frame: 4885, payload: 33137-34516 (1380 bytes)]
[Frame: 4887, payload: 34517-35896 (1380 bytes)]
[Frame: 4888, payload: 35897-37276 (1380 bytes)]
[Frame: 4890, payload: 37277-38656 (1380 bytes)]
[Frame: 4891, payload: 38657-40036 (1380 bytes)]
[Frame: 4893, payload: 40037-41416 (1380 bytes)]
[Frame: 4894, payload: 41417-42796 (1380 bytes)]
[Frame: 4896, payload: 42797-44176 (1380 bytes)]
[Frame: 4897, payload: 44177-45556 (1380 bytes)]
[Frame: 4899, payload: 45557-46936 (1380 bytes)]
[Frame: 4900, payload: 46937-48316 (1380 bytes)]
[Frame: 4902, payload: 48317-49696 (1380 bytes)]
[Frame: 4903, payload: 49697-51076 (1380 bytes)]
[Frame: 4905, payload: 51077-52456 (1380 bytes)]
[Frame: 4906, payload: 52457-53179 (723 bytes)]
[Segment count: 40]
[Reassembled TCP length: 53180]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:00 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 52840\r\n
[Content length: 52840]
Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:00 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 70\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10026
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 379
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4909 2012-06-20 08:39:19.136533 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 4909: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:19.136533000 GMT Daylight Time
Epoch Time: 1340177959.136533000 seconds
[Time delta from previous captured frame: 0.000042000 seconds]
[Time delta from previous displayed frame: 0.000303000 seconds]
[Time since reference or first frame: 51.114747000 seconds]
Frame Number: 4909
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x28a6 (10406)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd329 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 1098, Ack: 106361, Len: 237
Source port: reftek (2543)
Destination port: http (80)
[Stream index: 48]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 106361 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc18d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #4908(199), #4909(237)]
[Frame: 4908, payload: 0-198 (199 bytes)]
[Frame: 4909, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
4977 2012-06-20 08:39:19.558417 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 4977: 777 bytes on wire (6216 bits), 777 bytes captured (6216 bits)
Arrival Time: Jun 20, 2012 08:39:19.558417000 GMT Daylight Time
Epoch Time: 1340177959.558417000 seconds
[Time delta from previous captured frame: 0.000020000 seconds]
[Time delta from previous displayed frame: 0.421884000 seconds]
[Time since reference or first frame: 51.536631000 seconds]
Frame Number: 4977
Frame Length: 777 bytes (6216 bits)
Capture Length: 777 bytes (6216 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 763
Identification: 0x7eb1 (32433)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xc738 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: reftek (2543), Seq: 158818, Ack: 1335, Len: 723
Source port: http (80)
Destination port: reftek (2543)
[Stream index: 48]
Sequence number: 158818 (relative sequence number)
[Next sequence number: 159541 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xa2a0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2103]
TCP segment data (723 bytes)
[42 Reassembled TCP Segments (53180 bytes): #4915(1380), #4916(1380), #4918(1380), #4919(1380), #4921(1380), #4922(1380), #4924(445), #4925(1380), #4927(1380), #4928(1380), #4930(1380), #4931(272), #4933(1380), #4934(1380), #4936(1380), #49]
[Frame: 4915, payload: 0-1379 (1380 bytes)]
[Frame: 4916, payload: 1380-2759 (1380 bytes)]
[Frame: 4918, payload: 2760-4139 (1380 bytes)]
[Frame: 4919, payload: 4140-5519 (1380 bytes)]
[Frame: 4921, payload: 5520-6899 (1380 bytes)]
[Frame: 4922, payload: 6900-8279 (1380 bytes)]
[Frame: 4924, payload: 8280-8724 (445 bytes)]
[Frame: 4925, payload: 8725-10104 (1380 bytes)]
[Frame: 4927, payload: 10105-11484 (1380 bytes)]
[Frame: 4928, payload: 11485-12864 (1380 bytes)]
[Frame: 4930, payload: 12865-14244 (1380 bytes)]
[Frame: 4931, payload: 14245-14516 (272 bytes)]
[Frame: 4933, payload: 14517-15896 (1380 bytes)]
[Frame: 4934, payload: 15897-17276 (1380 bytes)]
[Frame: 4936, payload: 17277-18656 (1380 bytes)]
[Frame: 4937, payload: 18657-20036 (1380 bytes)]
[Frame: 4939, payload: 20037-21416 (1380 bytes)]
[Frame: 4940, payload: 21417-21756 (340 bytes)]
[Frame: 4942, payload: 21757-23136 (1380 bytes)]
[Frame: 4943, payload: 23137-24516 (1380 bytes)]
[Frame: 4945, payload: 24517-25896 (1380 bytes)]
[Frame: 4946, payload: 25897-27276 (1380 bytes)]
[Frame: 4948, payload: 27277-28656 (1380 bytes)]
[Frame: 4949, payload: 28657-28996 (340 bytes)]
[Frame: 4952, payload: 28997-30376 (1380 bytes)]
[Frame: 4953, payload: 30377-31756 (1380 bytes)]
[Frame: 4955, payload: 31757-33136 (1380 bytes)]
[Frame: 4956, payload: 33137-34516 (1380 bytes)]
[Frame: 4958, payload: 34517-35896 (1380 bytes)]
[Frame: 4959, payload: 35897-37276 (1380 bytes)]
[Frame: 4961, payload: 37277-38656 (1380 bytes)]
[Frame: 4962, payload: 38657-40036 (1380 bytes)]
[Frame: 4964, payload: 40037-41416 (1380 bytes)]
[Frame: 4965, payload: 41417-42796 (1380 bytes)]
[Frame: 4967, payload: 42797-44176 (1380 bytes)]
[Frame: 4968, payload: 44177-45556 (1380 bytes)]
[Frame: 4970, payload: 45557-46936 (1380 bytes)]
[Frame: 4971, payload: 46937-48316 (1380 bytes)]
[Frame: 4973, payload: 48317-49696 (1380 bytes)]
[Frame: 4974, payload: 49697-51076 (1380 bytes)]
[Frame: 4976, payload: 51077-52456 (1380 bytes)]
[Frame: 4977, payload: 52457-53179 (723 bytes)]
[Segment count: 42]
[Reassembled TCP length: 53180]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:00 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 52840\r\n
[Content length: 52840]
Last-Modified: Sun, 01 Nov 2009 15:33:01 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:00 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 70\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10026
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8814
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 379
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
4979 2012-06-20 08:39:19.558696 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1
Frame 4979: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:19.558696000 GMT Daylight Time
Epoch Time: 1340177959.558696000 seconds
[Time delta from previous captured frame: 0.000252000 seconds]
[Time delta from previous displayed frame: 0.000279000 seconds]
[Time since reference or first frame: 51.536910000 seconds]
Frame Number: 4979
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x28bc (10428)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd37b [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: reftek (2543), Dst Port: http (80), Seq: 1335, Ack: 159541, Len: 133
Source port: reftek (2543)
Destination port: http (80)
[Stream index: 48]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 159541 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x1d69 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0112.jpg?w=379&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0112.jpg?w=379&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0112.jpg?w=379&h=400]
No. Time Source Destination Protocol Info
4992 2012-06-20 08:39:19.829004 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 4992: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:19.829004000 GMT Daylight Time
Epoch Time: 1340177959.829004000 seconds
[Time delta from previous captured frame: 0.000125000 seconds]
[Time delta from previous displayed frame: 0.270308000 seconds]
[Time since reference or first frame: 51.807218000 seconds]
Frame Number: 4992
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x28c2 (10434)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd30d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: novell-zen (2544)
Destination port: http (80)
[Stream index: 49]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x48d0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #4991(225), #4992(237)]
[Frame: 4991, payload: 0-224 (225 bytes)]
[Frame: 4992, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5089 2012-06-20 08:39:20.536813 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5089: 1295 bytes on wire (10360 bits), 1295 bytes captured (10360 bits)
Arrival Time: Jun 20, 2012 08:39:20.536813000 GMT Daylight Time
Epoch Time: 1340177960.536813000 seconds
[Time delta from previous captured frame: 0.000038000 seconds]
[Time delta from previous displayed frame: 0.707809000 seconds]
[Time since reference or first frame: 52.515027000 seconds]
Frame Number: 5089
Frame Length: 1295 bytes (10360 bits)
Capture Length: 1295 bytes (10360 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1281
Identification: 0xec18 (60440)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x57cb [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: novell-zen (2544), Seq: 78970, Ack: 463, Len: 1241
Source port: http (80)
Destination port: novell-zen (2544)
[Stream index: 49]
Sequence number: 78970 (relative sequence number)
[Next sequence number: 80211 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xb217 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1241]
TCP segment data (1241 bytes)
[59 Reassembled TCP Segments (80210 bytes): #4998(1380), #4999(1380), #5001(1380), #5002(1380), #5004(309), #5005(1380), #5007(1380), #5008(1380), #5010(1380), #5011(1380), #5014(1380), #5015(1380), #5017(1380), #5018(1380), #5020(1380), #5]
[Frame: 4998, payload: 0-1379 (1380 bytes)]
[Frame: 4999, payload: 1380-2759 (1380 bytes)]
[Frame: 5001, payload: 2760-4139 (1380 bytes)]
[Frame: 5002, payload: 4140-5519 (1380 bytes)]
[Frame: 5004, payload: 5520-5828 (309 bytes)]
[Frame: 5005, payload: 5829-7208 (1380 bytes)]
[Frame: 5007, payload: 7209-8588 (1380 bytes)]
[Frame: 5008, payload: 8589-9968 (1380 bytes)]
[Frame: 5010, payload: 9969-11348 (1380 bytes)]
[Frame: 5011, payload: 11349-12728 (1380 bytes)]
[Frame: 5014, payload: 12729-14108 (1380 bytes)]
[Frame: 5015, payload: 14109-15488 (1380 bytes)]
[Frame: 5017, payload: 15489-16868 (1380 bytes)]
[Frame: 5018, payload: 16869-18248 (1380 bytes)]
[Frame: 5020, payload: 18249-19628 (1380 bytes)]
[Frame: 5021, payload: 19629-21008 (1380 bytes)]
[Frame: 5023, payload: 21009-22388 (1380 bytes)]
[Frame: 5024, payload: 22389-23768 (1380 bytes)]
[Frame: 5026, payload: 23769-25148 (1380 bytes)]
[Frame: 5027, payload: 25149-26528 (1380 bytes)]
[Frame: 5029, payload: 26529-27908 (1380 bytes)]
[Frame: 5030, payload: 27909-29288 (1380 bytes)]
[Frame: 5033, payload: 29289-30668 (1380 bytes)]
[Frame: 5034, payload: 30669-32048 (1380 bytes)]
[Frame: 5036, payload: 32049-33428 (1380 bytes)]
[Frame: 5037, payload: 33429-34808 (1380 bytes)]
[Frame: 5039, payload: 34809-36188 (1380 bytes)]
[Frame: 5040, payload: 36189-37568 (1380 bytes)]
[Frame: 5042, payload: 37569-38948 (1380 bytes)]
[Frame: 5043, payload: 38949-40328 (1380 bytes)]
[Frame: 5045, payload: 40329-41708 (1380 bytes)]
[Frame: 5046, payload: 41709-43088 (1380 bytes)]
[Frame: 5048, payload: 43089-44468 (1380 bytes)]
[Frame: 5049, payload: 44469-45848 (1380 bytes)]
[Frame: 5051, payload: 45849-47228 (1380 bytes)]
[Frame: 5052, payload: 47229-48608 (1380 bytes)]
[Frame: 5054, payload: 48609-49988 (1380 bytes)]
[Frame: 5055, payload: 49989-51368 (1380 bytes)]
[Frame: 5057, payload: 51369-52748 (1380 bytes)]
[Frame: 5058, payload: 52749-54128 (1380 bytes)]
[Frame: 5062, payload: 54129-55508 (1380 bytes)]
[Frame: 5063, payload: 55509-56888 (1380 bytes)]
[Frame: 5065, payload: 56889-58268 (1380 bytes)]
[Frame: 5066, payload: 58269-59648 (1380 bytes)]
[Frame: 5068, payload: 59649-61028 (1380 bytes)]
[Frame: 5069, payload: 61029-62408 (1380 bytes)]
[Frame: 5071, payload: 62409-63788 (1380 bytes)]
[Frame: 5072, payload: 63789-65168 (1380 bytes)]
[Frame: 5074, payload: 65169-66548 (1380 bytes)]
[Frame: 5075, payload: 66549-67928 (1380 bytes)]
[Frame: 5077, payload: 67929-69308 (1380 bytes)]
[Frame: 5078, payload: 69309-70688 (1380 bytes)]
[Frame: 5080, payload: 70689-72068 (1380 bytes)]
[Frame: 5081, payload: 72069-73448 (1380 bytes)]
[Frame: 5083, payload: 73449-74828 (1380 bytes)]
[Frame: 5084, payload: 74829-76208 (1380 bytes)]
[Frame: 5086, payload: 76209-77588 (1380 bytes)]
[Frame: 5087, payload: 77589-78968 (1380 bytes)]
[Frame: 5089, payload: 78969-80209 (1241 bytes)]
[Segment count: 59]
[Reassembled TCP length: 80210]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:01 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 79869\r\n
[Content length: 79869]
Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:01 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6704
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5091 2012-06-20 08:39:20.537110 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 5091: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:20.537110000 GMT Daylight Time
Epoch Time: 1340177960.537110000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.000297000 seconds]
[Time since reference or first frame: 52.515324000 seconds]
Frame Number: 5091
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x28e1 (10465)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd2ee [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 662, Ack: 80211, Len: 237
Source port: novell-zen (2544)
Destination port: http (80)
[Stream index: 49]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 80211 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0x0dce [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5090(199), #5091(237)]
[Frame: 5090, payload: 0-198 (199 bytes)]
[Frame: 5091, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5189 2012-06-20 08:39:21.023619 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5189: 207 bytes on wire (1656 bits), 207 bytes captured (1656 bits)
Arrival Time: Jun 20, 2012 08:39:21.023619000 GMT Daylight Time
Epoch Time: 1340177961.023619000 seconds
[Time delta from previous captured frame: 0.000006000 seconds]
[Time delta from previous displayed frame: 0.486509000 seconds]
[Time since reference or first frame: 53.001833000 seconds]
Frame Number: 5189
Frame Length: 207 bytes (1656 bits)
Capture Length: 207 bytes (1656 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 193
Identification: 0xec57 (60503)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x5bcc [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: novell-zen (2544), Seq: 160268, Ack: 899, Len: 153
Source port: http (80)
Destination port: novell-zen (2544)
[Stream index: 49]
Sequence number: 160268 (relative sequence number)
[Next sequence number: 160421 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x2005 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 153]
TCP segment data (153 bytes)
[61 Reassembled TCP Segments (80210 bytes): #5098(1380), #5099(1380), #5101(1380), #5102(1380), #5104(1380), #5105(1380), #5107(1380), #5108(1380), #5110(1380), #5111(1380), #5113(717), #5114(1380), #5116(1380), #5117(1380), #5119(1380), #5]
[Frame: 5098, payload: 0-1379 (1380 bytes)]
[Frame: 5099, payload: 1380-2759 (1380 bytes)]
[Frame: 5101, payload: 2760-4139 (1380 bytes)]
[Frame: 5102, payload: 4140-5519 (1380 bytes)]
[Frame: 5104, payload: 5520-6899 (1380 bytes)]
[Frame: 5105, payload: 6900-8279 (1380 bytes)]
[Frame: 5107, payload: 8280-9659 (1380 bytes)]
[Frame: 5108, payload: 9660-11039 (1380 bytes)]
[Frame: 5110, payload: 11040-12419 (1380 bytes)]
[Frame: 5111, payload: 12420-13799 (1380 bytes)]
[Frame: 5113, payload: 13800-14516 (717 bytes)]
[Frame: 5114, payload: 14517-15896 (1380 bytes)]
[Frame: 5116, payload: 15897-17276 (1380 bytes)]
[Frame: 5117, payload: 17277-18656 (1380 bytes)]
[Frame: 5119, payload: 18657-20036 (1380 bytes)]
[Frame: 5120, payload: 20037-21416 (1380 bytes)]
[Frame: 5122, payload: 21417-22796 (1380 bytes)]
[Frame: 5123, payload: 22797-24176 (1380 bytes)]
[Frame: 5125, payload: 24177-24652 (476 bytes)]
[Frame: 5126, payload: 24653-26032 (1380 bytes)]
[Frame: 5128, payload: 26033-27412 (1380 bytes)]
[Frame: 5129, payload: 27413-28792 (1380 bytes)]
[Frame: 5131, payload: 28793-28996 (204 bytes)]
[Frame: 5132, payload: 28997-30376 (1380 bytes)]
[Frame: 5134, payload: 30377-31756 (1380 bytes)]
[Frame: 5135, payload: 31757-33136 (1380 bytes)]
[Frame: 5137, payload: 33137-34516 (1380 bytes)]
[Frame: 5138, payload: 34517-35896 (1380 bytes)]
[Frame: 5140, payload: 35897-37276 (1380 bytes)]
[Frame: 5141, payload: 37277-38656 (1380 bytes)]
[Frame: 5144, payload: 38657-40036 (1380 bytes)]
[Frame: 5145, payload: 40037-41416 (1380 bytes)]
[Frame: 5147, payload: 41417-42796 (1380 bytes)]
[Frame: 5148, payload: 42797-44176 (1380 bytes)]
[Frame: 5150, payload: 44177-45556 (1380 bytes)]
[Frame: 5151, payload: 45557-46936 (1380 bytes)]
[Frame: 5153, payload: 46937-48316 (1380 bytes)]
[Frame: 5154, payload: 48317-49696 (1380 bytes)]
[Frame: 5156, payload: 49697-51076 (1380 bytes)]
[Frame: 5157, payload: 51077-52456 (1380 bytes)]
[Frame: 5159, payload: 52457-53836 (1380 bytes)]
[Frame: 5160, payload: 53837-55216 (1380 bytes)]
[Frame: 5162, payload: 55217-56596 (1380 bytes)]
[Frame: 5163, payload: 56597-57976 (1380 bytes)]
[Frame: 5165, payload: 57977-59356 (1380 bytes)]
[Frame: 5166, payload: 59357-60736 (1380 bytes)]
[Frame: 5168, payload: 60737-62116 (1380 bytes)]
[Frame: 5169, payload: 62117-63496 (1380 bytes)]
[Frame: 5171, payload: 63497-64876 (1380 bytes)]
[Frame: 5172, payload: 64877-66256 (1380 bytes)]
[Frame: 5174, payload: 66257-67636 (1380 bytes)]
[Frame: 5175, payload: 67637-69016 (1380 bytes)]
[Frame: 5177, payload: 69017-70396 (1380 bytes)]
[Frame: 5178, payload: 70397-71776 (1380 bytes)]
[Frame: 5180, payload: 71777-73156 (1380 bytes)]
[Frame: 5181, payload: 73157-74536 (1380 bytes)]
[Frame: 5183, payload: 74537-75916 (1380 bytes)]
[Frame: 5184, payload: 75917-77296 (1380 bytes)]
[Frame: 5186, payload: 77297-78676 (1380 bytes)]
[Frame: 5187, payload: 78677-80056 (1380 bytes)]
[Frame: 5189, payload: 80057-80209 (153 bytes)]
[Segment count: 61]
[Reassembled TCP length: 80210]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:01 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 79869\r\n
[Content length: 79869]
Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:01 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6704
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5191 2012-06-20 08:39:21.023926 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 5191: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:21.023926000 GMT Daylight Time
Epoch Time: 1340177961.023926000 seconds
[Time delta from previous captured frame: 0.000045000 seconds]
[Time delta from previous displayed frame: 0.000307000 seconds]
[Time since reference or first frame: 53.002140000 seconds]
Frame Number: 5191
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2901 (10497)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd2ce [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 1098, Ack: 160421, Len: 237
Source port: novell-zen (2544)
Destination port: http (80)
[Stream index: 49]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 160421 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xd2c1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5190(199), #5191(237)]
[Frame: 5190, payload: 0-198 (199 bytes)]
[Frame: 5191, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5288 2012-06-20 08:39:21.469116 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5288: 1179 bytes on wire (9432 bits), 1179 bytes captured (9432 bits)
Arrival Time: Jun 20, 2012 08:39:21.469116000 GMT Daylight Time
Epoch Time: 1340177961.469116000 seconds
[Time delta from previous captured frame: 0.000110000 seconds]
[Time delta from previous displayed frame: 0.445190000 seconds]
[Time since reference or first frame: 53.447330000 seconds]
Frame Number: 5288
Frame Length: 1179 bytes (9432 bits)
Capture Length: 1179 bytes (9432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1165
Identification: 0xec97 (60567)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x57c0 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: novell-zen (2544), Seq: 239506, Ack: 1335, Len: 1125
Source port: http (80)
Destination port: novell-zen (2544)
[Stream index: 49]
Sequence number: 239506 (relative sequence number)
[Next sequence number: 240631 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x215d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2505]
TCP segment data (1125 bytes)
[62 Reassembled TCP Segments (80210 bytes): #5197(1380), #5198(1380), #5200(1380), #5201(1380), #5203(1380), #5204(1380), #5206(1380), #5207(513), #5209(1380), #5210(1380), #5212(1380), #5213(204), #5215(1380), #5216(68), #5218(1380), #5219]
[Frame: 5197, payload: 0-1379 (1380 bytes)]
[Frame: 5198, payload: 1380-2759 (1380 bytes)]
[Frame: 5200, payload: 2760-4139 (1380 bytes)]
[Frame: 5201, payload: 4140-5519 (1380 bytes)]
[Frame: 5203, payload: 5520-6899 (1380 bytes)]
[Frame: 5204, payload: 6900-8279 (1380 bytes)]
[Frame: 5206, payload: 8280-9659 (1380 bytes)]
[Frame: 5207, payload: 9660-10172 (513 bytes)]
[Frame: 5209, payload: 10173-11552 (1380 bytes)]
[Frame: 5210, payload: 11553-12932 (1380 bytes)]
[Frame: 5212, payload: 12933-14312 (1380 bytes)]
[Frame: 5213, payload: 14313-14516 (204 bytes)]
[Frame: 5215, payload: 14517-15896 (1380 bytes)]
[Frame: 5216, payload: 15897-15964 (68 bytes)]
[Frame: 5218, payload: 15965-17344 (1380 bytes)]
[Frame: 5219, payload: 17345-18724 (1380 bytes)]
[Frame: 5221, payload: 18725-20104 (1380 bytes)]
[Frame: 5222, payload: 20105-21484 (1380 bytes)]
[Frame: 5224, payload: 21485-22864 (1380 bytes)]
[Frame: 5225, payload: 22865-24244 (1380 bytes)]
[Frame: 5227, payload: 24245-25624 (1380 bytes)]
[Frame: 5228, payload: 25625-27004 (1380 bytes)]
[Frame: 5230, payload: 27005-28384 (1380 bytes)]
[Frame: 5231, payload: 28385-28996 (612 bytes)]
[Frame: 5233, payload: 28997-30376 (1380 bytes)]
[Frame: 5234, payload: 30377-31756 (1380 bytes)]
[Frame: 5236, payload: 31757-33136 (1380 bytes)]
[Frame: 5237, payload: 33137-34516 (1380 bytes)]
[Frame: 5239, payload: 34517-35896 (1380 bytes)]
[Frame: 5240, payload: 35897-37276 (1380 bytes)]
[Frame: 5242, payload: 37277-37684 (408 bytes)]
[Frame: 5243, payload: 37685-39064 (1380 bytes)]
[Frame: 5245, payload: 39065-40444 (1380 bytes)]
[Frame: 5246, payload: 40445-41824 (1380 bytes)]
[Frame: 5248, payload: 41825-43204 (1380 bytes)]
[Frame: 5249, payload: 43205-44584 (1380 bytes)]
[Frame: 5251, payload: 44585-45964 (1380 bytes)]
[Frame: 5252, payload: 45965-47344 (1380 bytes)]
[Frame: 5254, payload: 47345-48724 (1380 bytes)]
[Frame: 5255, payload: 48725-50104 (1380 bytes)]
[Frame: 5257, payload: 50105-51484 (1380 bytes)]
[Frame: 5258, payload: 51485-52864 (1380 bytes)]
[Frame: 5260, payload: 52865-54244 (1380 bytes)]
[Frame: 5261, payload: 54245-55624 (1380 bytes)]
[Frame: 5263, payload: 55625-57004 (1380 bytes)]
[Frame: 5264, payload: 57005-58384 (1380 bytes)]
[Frame: 5266, payload: 58385-59764 (1380 bytes)]
[Frame: 5267, payload: 59765-61144 (1380 bytes)]
[Frame: 5269, payload: 61145-62524 (1380 bytes)]
[Frame: 5270, payload: 62525-63904 (1380 bytes)]
[Frame: 5272, payload: 63905-65284 (1380 bytes)]
[Frame: 5273, payload: 65285-66664 (1380 bytes)]
[Frame: 5275, payload: 66665-68044 (1380 bytes)]
[Frame: 5276, payload: 68045-69424 (1380 bytes)]
[Frame: 5278, payload: 69425-70804 (1380 bytes)]
[Frame: 5279, payload: 70805-72184 (1380 bytes)]
[Frame: 5281, payload: 72185-73564 (1380 bytes)]
[Frame: 5282, payload: 73565-74944 (1380 bytes)]
[Frame: 5284, payload: 74945-76324 (1380 bytes)]
[Frame: 5285, payload: 76325-77704 (1380 bytes)]
[Frame: 5287, payload: 77705-79084 (1380 bytes)]
[Frame: 5288, payload: 79085-80209 (1125 bytes)]
[Segment count: 62]
[Reassembled TCP length: 80210]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:02 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 79869\r\n
[Content length: 79869]
Last-Modified: Sun, 01 Nov 2009 15:41:21 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:02 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 239\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6704
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5492
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 26
Remaining segment data (24 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5290 2012-06-20 08:39:21.469474 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1
Frame 5290: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:21.469474000 GMT Daylight Time
Epoch Time: 1340177961.469474000 seconds
[Time delta from previous captured frame: 0.000294000 seconds]
[Time delta from previous displayed frame: 0.000358000 seconds]
[Time since reference or first frame: 53.447688000 seconds]
Frame Number: 5290
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2921 (10529)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd316 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: novell-zen (2544), Dst Port: http (80), Seq: 1335, Ack: 240631, Len: 133
Source port: novell-zen (2544)
Destination port: http (80)
[Stream index: 49]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 240631 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc806 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0110.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0110.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0110.jpg?w=648&h=400]
No. Time Source Destination Protocol Info
5300 2012-06-20 08:39:21.739001 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 5300: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:21.739001000 GMT Daylight Time
Epoch Time: 1340177961.739001000 seconds
[Time delta from previous captured frame: 0.000125000 seconds]
[Time delta from previous displayed frame: 0.269527000 seconds]
[Time since reference or first frame: 53.717215000 seconds]
Frame Number: 5300
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2926 (10534)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd2a9 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: sis-emt (2545)
Destination port: http (80)
[Stream index: 51]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xf5ec [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #5299(225), #5300(237)]
[Frame: 5299, payload: 0-224 (225 bytes)]
[Frame: 5300, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5369 2012-06-20 08:39:22.303679 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5369: 95 bytes on wire (760 bits), 95 bytes captured (760 bits)
Arrival Time: Jun 20, 2012 08:39:22.303679000 GMT Daylight Time
Epoch Time: 1340177962.303679000 seconds
[Time delta from previous captured frame: 0.000009000 seconds]
[Time delta from previous displayed frame: 0.564678000 seconds]
[Time since reference or first frame: 54.281893000 seconds]
Frame Number: 5369
Frame Length: 95 bytes (760 bits)
Capture Length: 95 bytes (760 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 81
Identification: 0x0212 (530)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x4682 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: sis-emt (2545), Seq: 54130, Ack: 463, Len: 41
Source port: http (80)
Destination port: sis-emt (2545)
[Stream index: 51]
Sequence number: 54130 (relative sequence number)
[Next sequence number: 54171 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x67a9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 41]
TCP segment data (41 bytes)
[41 Reassembled TCP Segments (54170 bytes): #5307(1380), #5308(1380), #5310(1380), #5311(1380), #5313(309), #5314(1380), #5316(1380), #5317(1380), #5319(1380), #5320(1380), #5324(1380), #5325(1380), #5327(1380), #5328(1380), #5330(1380), #5]
[Frame: 5307, payload: 0-1379 (1380 bytes)]
[Frame: 5308, payload: 1380-2759 (1380 bytes)]
[Frame: 5310, payload: 2760-4139 (1380 bytes)]
[Frame: 5311, payload: 4140-5519 (1380 bytes)]
[Frame: 5313, payload: 5520-5828 (309 bytes)]
[Frame: 5314, payload: 5829-7208 (1380 bytes)]
[Frame: 5316, payload: 7209-8588 (1380 bytes)]
[Frame: 5317, payload: 8589-9968 (1380 bytes)]
[Frame: 5319, payload: 9969-11348 (1380 bytes)]
[Frame: 5320, payload: 11349-12728 (1380 bytes)]
[Frame: 5324, payload: 12729-14108 (1380 bytes)]
[Frame: 5325, payload: 14109-15488 (1380 bytes)]
[Frame: 5327, payload: 15489-16868 (1380 bytes)]
[Frame: 5328, payload: 16869-18248 (1380 bytes)]
[Frame: 5330, payload: 18249-19628 (1380 bytes)]
[Frame: 5331, payload: 19629-21008 (1380 bytes)]
[Frame: 5333, payload: 21009-22388 (1380 bytes)]
[Frame: 5334, payload: 22389-23768 (1380 bytes)]
[Frame: 5336, payload: 23769-25148 (1380 bytes)]
[Frame: 5337, payload: 25149-26528 (1380 bytes)]
[Frame: 5339, payload: 26529-27908 (1380 bytes)]
[Frame: 5340, payload: 27909-29288 (1380 bytes)]
[Frame: 5342, payload: 29289-30668 (1380 bytes)]
[Frame: 5343, payload: 30669-32048 (1380 bytes)]
[Frame: 5345, payload: 32049-33428 (1380 bytes)]
[Frame: 5346, payload: 33429-34808 (1380 bytes)]
[Frame: 5348, payload: 34809-36188 (1380 bytes)]
[Frame: 5349, payload: 36189-37568 (1380 bytes)]
[Frame: 5351, payload: 37569-38948 (1380 bytes)]
[Frame: 5352, payload: 38949-40328 (1380 bytes)]
[Frame: 5354, payload: 40329-41708 (1380 bytes)]
[Frame: 5355, payload: 41709-43088 (1380 bytes)]
[Frame: 5357, payload: 43089-44468 (1380 bytes)]
[Frame: 5358, payload: 44469-45848 (1380 bytes)]
[Frame: 5360, payload: 45849-47228 (1380 bytes)]
[Frame: 5361, payload: 47229-48608 (1380 bytes)]
[Frame: 5363, payload: 48609-49988 (1380 bytes)]
[Frame: 5364, payload: 49989-51368 (1380 bytes)]
[Frame: 5366, payload: 51369-52748 (1380 bytes)]
[Frame: 5367, payload: 52749-54128 (1380 bytes)]
[Frame: 5369, payload: 54129-54169 (41 bytes)]
[Segment count: 41]
[Reassembled TCP length: 54170]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:03 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 53829\r\n
[Content length: 53829]
Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:03 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 237\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10024
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 400
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5371 2012-06-20 08:39:22.304016 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 5371: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:22.304016000 GMT Daylight Time
Epoch Time: 1340177962.304016000 seconds
[Time delta from previous captured frame: 0.000042000 seconds]
[Time delta from previous displayed frame: 0.000337000 seconds]
[Time since reference or first frame: 54.282230000 seconds]
Frame Number: 5371
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x293d (10557)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd292 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 662, Ack: 54171, Len: 237
Source port: sis-emt (2545)
Destination port: http (80)
[Stream index: 51]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 54171 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x209e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5370(199), #5371(237)]
[Frame: 5370, payload: 0-198 (199 bytes)]
[Frame: 5371, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5435 2012-06-20 08:39:22.733578 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5435: 795 bytes on wire (6360 bits), 795 bytes captured (6360 bits)
Arrival Time: Jun 20, 2012 08:39:22.733578000 GMT Daylight Time
Epoch Time: 1340177962.733578000 seconds
[Time delta from previous captured frame: 0.000040000 seconds]
[Time delta from previous displayed frame: 0.429562000 seconds]
[Time since reference or first frame: 54.711792000 seconds]
Frame Number: 5435
Frame Length: 795 bytes (6360 bits)
Capture Length: 795 bytes (6360 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 781
Identification: 0x023d (573)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x439b [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: sis-emt (2545), Seq: 107600, Ack: 899, Len: 741
Source port: http (80)
Destination port: sis-emt (2545)
[Stream index: 51]
Sequence number: 107600 (relative sequence number)
[Next sequence number: 108341 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x2bcd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 741]
TCP segment data (741 bytes)
[41 Reassembled TCP Segments (54170 bytes): #5375(1380), #5376(1380), #5378(1380), #5379(1380), #5381(1380), #5382(1380), #5384(1380), #5385(1380), #5387(1380), #5388(1380), #5390(717), #5391(1380), #5393(1380), #5394(1380), #5396(1380), #5]
[Frame: 5375, payload: 0-1379 (1380 bytes)]
[Frame: 5376, payload: 1380-2759 (1380 bytes)]
[Frame: 5378, payload: 2760-4139 (1380 bytes)]
[Frame: 5379, payload: 4140-5519 (1380 bytes)]
[Frame: 5381, payload: 5520-6899 (1380 bytes)]
[Frame: 5382, payload: 6900-8279 (1380 bytes)]
[Frame: 5384, payload: 8280-9659 (1380 bytes)]
[Frame: 5385, payload: 9660-11039 (1380 bytes)]
[Frame: 5387, payload: 11040-12419 (1380 bytes)]
[Frame: 5388, payload: 12420-13799 (1380 bytes)]
[Frame: 5390, payload: 13800-14516 (717 bytes)]
[Frame: 5391, payload: 14517-15896 (1380 bytes)]
[Frame: 5393, payload: 15897-17276 (1380 bytes)]
[Frame: 5394, payload: 17277-18656 (1380 bytes)]
[Frame: 5396, payload: 18657-20036 (1380 bytes)]
[Frame: 5397, payload: 20037-20308 (272 bytes)]
[Frame: 5399, payload: 20309-21688 (1380 bytes)]
[Frame: 5400, payload: 21689-23068 (1380 bytes)]
[Frame: 5402, payload: 23069-24448 (1380 bytes)]
[Frame: 5403, payload: 24449-25828 (1380 bytes)]
[Frame: 5405, payload: 25829-27208 (1380 bytes)]
[Frame: 5406, payload: 27209-28588 (1380 bytes)]
[Frame: 5408, payload: 28589-29968 (1380 bytes)]
[Frame: 5409, payload: 29969-31348 (1380 bytes)]
[Frame: 5411, payload: 31349-32728 (1380 bytes)]
[Frame: 5412, payload: 32729-34108 (1380 bytes)]
[Frame: 5414, payload: 34109-35488 (1380 bytes)]
[Frame: 5415, payload: 35489-36868 (1380 bytes)]
[Frame: 5417, payload: 36869-38248 (1380 bytes)]
[Frame: 5418, payload: 38249-39628 (1380 bytes)]
[Frame: 5420, payload: 39629-41008 (1380 bytes)]
[Frame: 5421, payload: 41009-42388 (1380 bytes)]
[Frame: 5423, payload: 42389-43768 (1380 bytes)]
[Frame: 5424, payload: 43769-45148 (1380 bytes)]
[Frame: 5426, payload: 45149-46528 (1380 bytes)]
[Frame: 5427, payload: 46529-47908 (1380 bytes)]
[Frame: 5429, payload: 47909-49288 (1380 bytes)]
[Frame: 5430, payload: 49289-50668 (1380 bytes)]
[Frame: 5432, payload: 50669-52048 (1380 bytes)]
[Frame: 5433, payload: 52049-53428 (1380 bytes)]
[Frame: 5435, payload: 53429-54169 (741 bytes)]
[Segment count: 41]
[Reassembled TCP length: 54170]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:03 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 53829\r\n
[Content length: 53829]
Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:03 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 237\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10024
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 400
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5437 2012-06-20 08:39:22.733884 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 5437: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:22.733884000 GMT Daylight Time
Epoch Time: 1340177962.733884000 seconds
[Time delta from previous captured frame: 0.000047000 seconds]
[Time delta from previous displayed frame: 0.000306000 seconds]
[Time since reference or first frame: 54.712098000 seconds]
Frame Number: 5437
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2953 (10579)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd27c [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 1098, Ack: 108341, Len: 237
Source port: sis-emt (2545)
Destination port: http (80)
[Stream index: 51]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 108341 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 255
[Calculated window size: 65280]
[Window size scaling factor: 256]
Checksum: 0x4b52 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5436(199), #5437(237)]
[Frame: 5436, payload: 0-198 (199 bytes)]
[Frame: 5437, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5506 2012-06-20 08:39:23.190326 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5506: 115 bytes on wire (920 bits), 115 bytes captured (920 bits)
Arrival Time: Jun 20, 2012 08:39:23.190326000 GMT Daylight Time
Epoch Time: 1340177963.190326000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.456442000 seconds]
[Time since reference or first frame: 55.168540000 seconds]
Frame Number: 5506
Frame Length: 115 bytes (920 bits)
Capture Length: 115 bytes (920 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 101
Identification: 0x026a (618)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x4616 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: sis-emt (2545), Seq: 162450, Ack: 1335, Len: 61
Source port: http (80)
Destination port: sis-emt (2545)
[Stream index: 51]
Sequence number: 162450 (relative sequence number)
[Next sequence number: 162511 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xd9f2 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 61]
TCP segment data (61 bytes)
[43 Reassembled TCP Segments (54170 bytes): #5441(1380), #5442(1380), #5444(1380), #5445(1380), #5447(1380), #5448(1380), #5450(445), #5451(1380), #5453(1380), #5454(1380), #5456(204), #5457(1380), #5459(1380), #5460(1380), #5462(1380), #54]
[Frame: 5441, payload: 0-1379 (1380 bytes)]
[Frame: 5442, payload: 1380-2759 (1380 bytes)]
[Frame: 5444, payload: 2760-4139 (1380 bytes)]
[Frame: 5445, payload: 4140-5519 (1380 bytes)]
[Frame: 5447, payload: 5520-6899 (1380 bytes)]
[Frame: 5448, payload: 6900-8279 (1380 bytes)]
[Frame: 5450, payload: 8280-8724 (445 bytes)]
[Frame: 5451, payload: 8725-10104 (1380 bytes)]
[Frame: 5453, payload: 10105-11484 (1380 bytes)]
[Frame: 5454, payload: 11485-12864 (1380 bytes)]
[Frame: 5456, payload: 12865-13068 (204 bytes)]
[Frame: 5457, payload: 13069-14448 (1380 bytes)]
[Frame: 5459, payload: 14449-15828 (1380 bytes)]
[Frame: 5460, payload: 15829-17208 (1380 bytes)]
[Frame: 5462, payload: 17209-18588 (1380 bytes)]
[Frame: 5463, payload: 18589-19968 (1380 bytes)]
[Frame: 5465, payload: 19969-21348 (1380 bytes)]
[Frame: 5466, payload: 21349-22728 (1380 bytes)]
[Frame: 5468, payload: 22729-24108 (1380 bytes)]
[Frame: 5469, payload: 24109-25488 (1380 bytes)]
[Frame: 5471, payload: 25489-26868 (1380 bytes)]
[Frame: 5472, payload: 26869-27548 (680 bytes)]
[Frame: 5474, payload: 27549-28928 (1380 bytes)]
[Frame: 5475, payload: 28929-30308 (1380 bytes)]
[Frame: 5477, payload: 30309-31688 (1380 bytes)]
[Frame: 5478, payload: 31689-33068 (1380 bytes)]
[Frame: 5480, payload: 33069-34448 (1380 bytes)]
[Frame: 5481, payload: 34449-34788 (340 bytes)]
[Frame: 5485, payload: 34789-36168 (1380 bytes)]
[Frame: 5486, payload: 36169-37548 (1380 bytes)]
[Frame: 5488, payload: 37549-38928 (1380 bytes)]
[Frame: 5489, payload: 38929-40308 (1380 bytes)]
[Frame: 5491, payload: 40309-41688 (1380 bytes)]
[Frame: 5492, payload: 41689-43068 (1380 bytes)]
[Frame: 5494, payload: 43069-44448 (1380 bytes)]
[Frame: 5495, payload: 44449-45828 (1380 bytes)]
[Frame: 5497, payload: 45829-47208 (1380 bytes)]
[Frame: 5498, payload: 47209-48588 (1380 bytes)]
[Frame: 5500, payload: 48589-49968 (1380 bytes)]
[Frame: 5501, payload: 49969-51348 (1380 bytes)]
[Frame: 5503, payload: 51349-52728 (1380 bytes)]
[Frame: 5504, payload: 52729-54108 (1380 bytes)]
[Frame: 5506, payload: 54109-54169 (61 bytes)]
[Segment count: 43]
[Reassembled TCP length: 54170]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:04 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 53829\r\n
[Content length: 53829]
Last-Modified: Sun, 01 Nov 2009 15:46:33 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:04 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 237\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 10024
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 8812
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 400
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5507 2012-06-20 08:39:23.190557 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1
Frame 5507: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:23.190557000 GMT Daylight Time
Epoch Time: 1340177963.190557000 seconds
[Time delta from previous captured frame: 0.000231000 seconds]
[Time delta from previous displayed frame: 0.000231000 seconds]
[Time since reference or first frame: 55.168771000 seconds]
Frame Number: 5507
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2969 (10601)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd2ce [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: sis-emt (2545), Dst Port: http (80), Seq: 1335, Ack: 162511, Len: 133
Source port: sis-emt (2545)
Destination port: http (80)
[Stream index: 51]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 162511 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xa252 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 5506]
[The RTT to ACK the segment was: 0.000231000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0095.jpg?w=400&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0095.jpg?w=400&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0095.jpg?w=400&h=400]
No. Time Source Destination Protocol Info
5523 2012-06-20 08:39:23.461501 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 5523: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:23.461501000 GMT Daylight Time
Epoch Time: 1340177963.461501000 seconds
[Time delta from previous captured frame: 0.000133000 seconds]
[Time delta from previous displayed frame: 0.270944000 seconds]
[Time since reference or first frame: 55.439715000 seconds]
Frame Number: 5523
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2971 (10609)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd25e [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: vytalvaultbrtp (2546)
Destination port: http (80)
[Stream index: 54]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xa818 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #5522(225), #5523(237)]
[Frame: 5522, payload: 0-224 (225 bytes)]
[Frame: 5523, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5594 2012-06-20 08:39:24.164089 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5594: 1194 bytes on wire (9552 bits), 1194 bytes captured (9552 bits)
Arrival Time: Jun 20, 2012 08:39:24.164089000 GMT Daylight Time
Epoch Time: 1340177964.164089000 seconds
[Time delta from previous captured frame: 0.000102000 seconds]
[Time delta from previous displayed frame: 0.702588000 seconds]
[Time since reference or first frame: 56.142303000 seconds]
Frame Number: 5594
Frame Length: 1194 bytes (9552 bits)
Capture Length: 1194 bytes (9552 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1180
Identification: 0x4e48 (20040)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xf600 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultbrtp (2546), Seq: 57162, Ack: 463, Len: 1140
Source port: http (80)
Destination port: vytalvaultbrtp (2546)
[Stream index: 54]
Sequence number: 57162 (relative sequence number)
[Next sequence number: 58302 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xd735 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2520]
TCP segment data (1140 bytes)
[44 Reassembled TCP Segments (58301 bytes): #5528(1380), #5529(1380), #5531(1380), #5532(241), #5534(1380), #5535(1380), #5537(1380), #5538(1380), #5540(1380), #5541(340), #5543(1380), #5544(1380), #5546(1380), #5547(1380), #5549(1380), #55]
[Frame: 5528, payload: 0-1379 (1380 bytes)]
[Frame: 5529, payload: 1380-2759 (1380 bytes)]
[Frame: 5531, payload: 2760-4139 (1380 bytes)]
[Frame: 5532, payload: 4140-4380 (241 bytes)]
[Frame: 5534, payload: 4381-5760 (1380 bytes)]
[Frame: 5535, payload: 5761-7140 (1380 bytes)]
[Frame: 5537, payload: 7141-8520 (1380 bytes)]
[Frame: 5538, payload: 8521-9900 (1380 bytes)]
[Frame: 5540, payload: 9901-11280 (1380 bytes)]
[Frame: 5541, payload: 11281-11620 (340 bytes)]
[Frame: 5543, payload: 11621-13000 (1380 bytes)]
[Frame: 5544, payload: 13001-14380 (1380 bytes)]
[Frame: 5546, payload: 14381-15760 (1380 bytes)]
[Frame: 5547, payload: 15761-17140 (1380 bytes)]
[Frame: 5549, payload: 17141-18520 (1380 bytes)]
[Frame: 5550, payload: 18521-19900 (1380 bytes)]
[Frame: 5552, payload: 19901-21280 (1380 bytes)]
[Frame: 5553, payload: 21281-22660 (1380 bytes)]
[Frame: 5555, payload: 22661-24040 (1380 bytes)]
[Frame: 5556, payload: 24041-25420 (1380 bytes)]
[Frame: 5558, payload: 25421-26800 (1380 bytes)]
[Frame: 5559, payload: 26801-28180 (1380 bytes)]
[Frame: 5562, payload: 28181-29560 (1380 bytes)]
[Frame: 5563, payload: 29561-30940 (1380 bytes)]
[Frame: 5565, payload: 30941-32320 (1380 bytes)]
[Frame: 5566, payload: 32321-33700 (1380 bytes)]
[Frame: 5568, payload: 33701-35080 (1380 bytes)]
[Frame: 5569, payload: 35081-36460 (1380 bytes)]
[Frame: 5571, payload: 36461-37840 (1380 bytes)]
[Frame: 5572, payload: 37841-39220 (1380 bytes)]
[Frame: 5574, payload: 39221-40600 (1380 bytes)]
[Frame: 5575, payload: 40601-41980 (1380 bytes)]
[Frame: 5577, payload: 41981-43360 (1380 bytes)]
[Frame: 5578, payload: 43361-44740 (1380 bytes)]
[Frame: 5580, payload: 44741-46120 (1380 bytes)]
[Frame: 5581, payload: 46121-47500 (1380 bytes)]
[Frame: 5583, payload: 47501-48880 (1380 bytes)]
[Frame: 5584, payload: 48881-50260 (1380 bytes)]
[Frame: 5586, payload: 50261-51640 (1380 bytes)]
[Frame: 5587, payload: 51641-53020 (1380 bytes)]
[Frame: 5590, payload: 53021-54400 (1380 bytes)]
[Frame: 5591, payload: 54401-55780 (1380 bytes)]
[Frame: 5593, payload: 55781-57160 (1380 bytes)]
[Frame: 5594, payload: 57161-58300 (1140 bytes)]
[Segment count: 44]
[Reassembled TCP length: 58301]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:04 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57961\r\n
[Content length: 57961]
Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:04 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6507
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5597 2012-06-20 08:39:24.164484 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 5597: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:24.164484000 GMT Daylight Time
Epoch Time: 1340177964.164484000 seconds
[Time delta from previous captured frame: 0.000134000 seconds]
[Time delta from previous displayed frame: 0.000395000 seconds]
[Time since reference or first frame: 56.142698000 seconds]
Frame Number: 5597
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2989 (10633)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd246 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 662, Ack: 58302, Len: 237
Source port: vytalvaultbrtp (2546)
Destination port: http (80)
[Stream index: 54]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 58302 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xc2a6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5596(199), #5597(237)]
[Frame: 5596, payload: 0-198 (199 bytes)]
[Frame: 5597, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5676 2012-06-20 08:39:24.605775 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5676: 1126 bytes on wire (9008 bits), 1126 bytes captured (9008 bits)
Arrival Time: Jun 20, 2012 08:39:24.605775000 GMT Daylight Time
Epoch Time: 1340177964.605775000 seconds
[Time delta from previous captured frame: 0.000080000 seconds]
[Time delta from previous displayed frame: 0.441291000 seconds]
[Time since reference or first frame: 56.583989000 seconds]
Frame Number: 5676
Frame Length: 1126 bytes (9008 bits)
Capture Length: 1126 bytes (9008 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1112
Identification: 0x4e78 (20088)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xf614 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultbrtp (2546), Seq: 115531, Ack: 899, Len: 1072
Source port: http (80)
Destination port: vytalvaultbrtp (2546)
[Stream index: 54]
Sequence number: 115531 (relative sequence number)
[Next sequence number: 116603 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0xea85 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2452]
TCP segment data (1072 bytes)
[46 Reassembled TCP Segments (58301 bytes): #5606(1380), #5607(1380), #5609(1380), #5610(241), #5612(1380), #5613(68), #5615(1380), #5616(1380), #5618(1380), #5619(1380), #5621(272), #5622(1380), #5624(68), #5625(1380), #5627(1380), #5628(1]
[Frame: 5606, payload: 0-1379 (1380 bytes)]
[Frame: 5607, payload: 1380-2759 (1380 bytes)]
[Frame: 5609, payload: 2760-4139 (1380 bytes)]
[Frame: 5610, payload: 4140-4380 (241 bytes)]
[Frame: 5612, payload: 4381-5760 (1380 bytes)]
[Frame: 5613, payload: 5761-5828 (68 bytes)]
[Frame: 5615, payload: 5829-7208 (1380 bytes)]
[Frame: 5616, payload: 7209-8588 (1380 bytes)]
[Frame: 5618, payload: 8589-9968 (1380 bytes)]
[Frame: 5619, payload: 9969-11348 (1380 bytes)]
[Frame: 5621, payload: 11349-11620 (272 bytes)]
[Frame: 5622, payload: 11621-13000 (1380 bytes)]
[Frame: 5624, payload: 13001-13068 (68 bytes)]
[Frame: 5625, payload: 13069-14448 (1380 bytes)]
[Frame: 5627, payload: 14449-15828 (1380 bytes)]
[Frame: 5628, payload: 15829-17208 (1380 bytes)]
[Frame: 5630, payload: 17209-18588 (1380 bytes)]
[Frame: 5631, payload: 18589-19968 (1380 bytes)]
[Frame: 5633, payload: 19969-21348 (1380 bytes)]
[Frame: 5634, payload: 21349-22728 (1380 bytes)]
[Frame: 5636, payload: 22729-24108 (1380 bytes)]
[Frame: 5637, payload: 24109-25488 (1380 bytes)]
[Frame: 5639, payload: 25489-26868 (1380 bytes)]
[Frame: 5640, payload: 26869-28248 (1380 bytes)]
[Frame: 5645, payload: 28249-29628 (1380 bytes)]
[Frame: 5646, payload: 29629-31008 (1380 bytes)]
[Frame: 5648, payload: 31009-32388 (1380 bytes)]
[Frame: 5649, payload: 32389-33768 (1380 bytes)]
[Frame: 5651, payload: 33769-35148 (1380 bytes)]
[Frame: 5652, payload: 35149-36528 (1380 bytes)]
[Frame: 5654, payload: 36529-37908 (1380 bytes)]
[Frame: 5655, payload: 37909-39288 (1380 bytes)]
[Frame: 5657, payload: 39289-40668 (1380 bytes)]
[Frame: 5658, payload: 40669-42048 (1380 bytes)]
[Frame: 5660, payload: 42049-43428 (1380 bytes)]
[Frame: 5661, payload: 43429-44808 (1380 bytes)]
[Frame: 5663, payload: 44809-46188 (1380 bytes)]
[Frame: 5664, payload: 46189-47568 (1380 bytes)]
[Frame: 5666, payload: 47569-48948 (1380 bytes)]
[Frame: 5667, payload: 48949-50328 (1380 bytes)]
[Frame: 5669, payload: 50329-51708 (1380 bytes)]
[Frame: 5670, payload: 51709-53088 (1380 bytes)]
[Frame: 5672, payload: 53089-54468 (1380 bytes)]
[Frame: 5673, payload: 54469-55848 (1380 bytes)]
[Frame: 5675, payload: 55849-57228 (1380 bytes)]
[Frame: 5676, payload: 57229-58300 (1072 bytes)]
[Segment count: 46]
[Reassembled TCP length: 58301]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:05 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57961\r\n
[Content length: 57961]
Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:05 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6507
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5679 2012-06-20 08:39:24.606093 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 5679: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:24.606093000 GMT Daylight Time
Epoch Time: 1340177964.606093000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.000318000 seconds]
[Time since reference or first frame: 56.584307000 seconds]
Frame Number: 5679
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x29a2 (10658)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd22d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 1098, Ack: 116603, Len: 237
Source port: vytalvaultbrtp (2546)
Destination port: http (80)
[Stream index: 54]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 116603 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xdd34 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5678(199), #5679(237)]
[Frame: 5678, payload: 0-198 (199 bytes)]
[Frame: 5679, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5752 2012-06-20 08:39:25.051574 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5752: 1350 bytes on wire (10800 bits), 1350 bytes captured (10800 bits)
Arrival Time: Jun 20, 2012 08:39:25.051574000 GMT Daylight Time
Epoch Time: 1340177965.051574000 seconds
[Time delta from previous captured frame: 0.000117000 seconds]
[Time delta from previous displayed frame: 0.445481000 seconds]
[Time since reference or first frame: 57.029788000 seconds]
Frame Number: 5752
Frame Length: 1350 bytes (10800 bits)
Capture Length: 1350 bytes (10800 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1336
Identification: 0x4ea8 (20136)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xf504 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultbrtp (2546), Seq: 173608, Ack: 1335, Len: 1296
Source port: http (80)
Destination port: vytalvaultbrtp (2546)
[Stream index: 54]
Sequence number: 173608 (relative sequence number)
[Next sequence number: 174904 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xc0c8 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2676]
TCP segment data (1296 bytes)
[46 Reassembled TCP Segments (58301 bytes): #5684(1380), #5685(1380), #5687(1380), #5688(241), #5690(1380), #5691(1380), #5693(1380), #5694(1380), #5696(272), #5697(1380), #5699(1380), #5700(1380), #5702(1380), #5703(1380), #5705(340), #570]
[Frame: 5684, payload: 0-1379 (1380 bytes)]
[Frame: 5685, payload: 1380-2759 (1380 bytes)]
[Frame: 5687, payload: 2760-4139 (1380 bytes)]
[Frame: 5688, payload: 4140-4380 (241 bytes)]
[Frame: 5690, payload: 4381-5760 (1380 bytes)]
[Frame: 5691, payload: 5761-7140 (1380 bytes)]
[Frame: 5693, payload: 7141-8520 (1380 bytes)]
[Frame: 5694, payload: 8521-9900 (1380 bytes)]
[Frame: 5696, payload: 9901-10172 (272 bytes)]
[Frame: 5697, payload: 10173-11552 (1380 bytes)]
[Frame: 5699, payload: 11553-12932 (1380 bytes)]
[Frame: 5700, payload: 12933-14312 (1380 bytes)]
[Frame: 5702, payload: 14313-15692 (1380 bytes)]
[Frame: 5703, payload: 15693-17072 (1380 bytes)]
[Frame: 5705, payload: 17073-17412 (340 bytes)]
[Frame: 5706, payload: 17413-18792 (1380 bytes)]
[Frame: 5708, payload: 18793-20172 (1380 bytes)]
[Frame: 5709, payload: 20173-21552 (1380 bytes)]
[Frame: 5711, payload: 21553-22932 (1380 bytes)]
[Frame: 5712, payload: 22933-24312 (1380 bytes)]
[Frame: 5714, payload: 24313-25692 (1380 bytes)]
[Frame: 5715, payload: 25693-26100 (408 bytes)]
[Frame: 5717, payload: 26101-27480 (1380 bytes)]
[Frame: 5718, payload: 27481-28860 (1380 bytes)]
[Frame: 5720, payload: 28861-30240 (1380 bytes)]
[Frame: 5721, payload: 30241-31620 (1380 bytes)]
[Frame: 5723, payload: 31621-33000 (1380 bytes)]
[Frame: 5724, payload: 33001-34380 (1380 bytes)]
[Frame: 5726, payload: 34381-35760 (1380 bytes)]
[Frame: 5727, payload: 35761-37140 (1380 bytes)]
[Frame: 5729, payload: 37141-37684 (544 bytes)]
[Frame: 5731, payload: 37685-39064 (1380 bytes)]
[Frame: 5733, payload: 39065-40444 (1380 bytes)]
[Frame: 5734, payload: 40445-41824 (1380 bytes)]
[Frame: 5736, payload: 41825-43204 (1380 bytes)]
[Frame: 5737, payload: 43205-44584 (1380 bytes)]
[Frame: 5739, payload: 44585-45964 (1380 bytes)]
[Frame: 5740, payload: 45965-47344 (1380 bytes)]
[Frame: 5742, payload: 47345-48724 (1380 bytes)]
[Frame: 5743, payload: 48725-50104 (1380 bytes)]
[Frame: 5745, payload: 50105-51484 (1380 bytes)]
[Frame: 5746, payload: 51485-52864 (1380 bytes)]
[Frame: 5748, payload: 52865-54244 (1380 bytes)]
[Frame: 5749, payload: 54245-55624 (1380 bytes)]
[Frame: 5751, payload: 55625-57004 (1380 bytes)]
[Frame: 5752, payload: 57005-58300 (1296 bytes)]
[Segment count: 46]
[Reassembled TCP length: 58301]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:05 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57961\r\n
[Content length: 57961]
Last-Modified: Sun, 01 Nov 2009 15:52:25 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:05 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 81\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 6507
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5295
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 400
Samples per line: 648
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 28
Remaining segment data (26 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5754 2012-06-20 08:39:25.051895 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1
Frame 5754: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:25.051895000 GMT Daylight Time
Epoch Time: 1340177965.051895000 seconds
[Time delta from previous captured frame: 0.000229000 seconds]
[Time delta from previous displayed frame: 0.000321000 seconds]
[Time since reference or first frame: 57.030109000 seconds]
Frame Number: 5754
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x29ba (10682)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd27d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultbrtp (2546), Dst Port: http (80), Seq: 1335, Ack: 174904, Len: 133
Source port: vytalvaultbrtp (2546)
Destination port: http (80)
[Stream index: 54]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 174904 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x2807 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0118.jpg?w=648&h=400 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0118.jpg?w=648&h=400
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0118.jpg?w=648&h=400]
No. Time Source Destination Protocol Info
5773 2012-06-20 08:39:25.321690 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 5773: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:25.321690000 GMT Daylight Time
Epoch Time: 1340177965.321690000 seconds
[Time delta from previous captured frame: 0.000132000 seconds]
[Time delta from previous displayed frame: 0.269795000 seconds]
[Time since reference or first frame: 57.299904000 seconds]
Frame Number: 5773
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x29c0 (10688)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd20f [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: vytalvaultvsmp (2547)
Destination port: http (80)
[Stream index: 56]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x40ae [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #5772(225), #5773(237)]
[Frame: 5772, payload: 0-224 (225 bytes)]
[Frame: 5773, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5843 2012-06-20 08:39:26.026962 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5843: 794 bytes on wire (6352 bits), 794 bytes captured (6352 bits)
Arrival Time: Jun 20, 2012 08:39:26.026962000 GMT Daylight Time
Epoch Time: 1340177966.026962000 seconds
[Time delta from previous captured frame: 0.000107000 seconds]
[Time delta from previous displayed frame: 0.705272000 seconds]
[Time since reference or first frame: 58.005176000 seconds]
Frame Number: 5843
Frame Length: 794 bytes (6352 bits)
Capture Length: 794 bytes (6352 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 780
Identification: 0x3787 (14215)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0e52 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultvsmp (2547), Seq: 57026, Ack: 463, Len: 740
Source port: http (80)
Destination port: vytalvaultvsmp (2547)
[Stream index: 56]
Sequence number: 57026 (relative sequence number)
[Next sequence number: 57766 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x14dc [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2120]
TCP segment data (740 bytes)
[44 Reassembled TCP Segments (57765 bytes): #5778(1380), #5779(105), #5781(1380), #5782(1380), #5784(1380), #5785(1380), #5787(1380), #5788(340), #5790(1380), #5791(1380), #5794(1380), #5795(1380), #5797(1380), #5798(1380), #5800(1380), #58]
[Frame: 5778, payload: 0-1379 (1380 bytes)]
[Frame: 5779, payload: 1380-1484 (105 bytes)]
[Frame: 5781, payload: 1485-2864 (1380 bytes)]
[Frame: 5782, payload: 2865-4244 (1380 bytes)]
[Frame: 5784, payload: 4245-5624 (1380 bytes)]
[Frame: 5785, payload: 5625-7004 (1380 bytes)]
[Frame: 5787, payload: 7005-8384 (1380 bytes)]
[Frame: 5788, payload: 8385-8724 (340 bytes)]
[Frame: 5790, payload: 8725-10104 (1380 bytes)]
[Frame: 5791, payload: 10105-11484 (1380 bytes)]
[Frame: 5794, payload: 11485-12864 (1380 bytes)]
[Frame: 5795, payload: 12865-14244 (1380 bytes)]
[Frame: 5797, payload: 14245-15624 (1380 bytes)]
[Frame: 5798, payload: 15625-17004 (1380 bytes)]
[Frame: 5800, payload: 17005-18384 (1380 bytes)]
[Frame: 5801, payload: 18385-19764 (1380 bytes)]
[Frame: 5803, payload: 19765-21144 (1380 bytes)]
[Frame: 5804, payload: 21145-22524 (1380 bytes)]
[Frame: 5806, payload: 22525-23904 (1380 bytes)]
[Frame: 5807, payload: 23905-25284 (1380 bytes)]
[Frame: 5809, payload: 25285-26664 (1380 bytes)]
[Frame: 5810, payload: 26665-28044 (1380 bytes)]
[Frame: 5812, payload: 28045-29424 (1380 bytes)]
[Frame: 5813, payload: 29425-30804 (1380 bytes)]
[Frame: 5815, payload: 30805-32184 (1380 bytes)]
[Frame: 5816, payload: 32185-33564 (1380 bytes)]
[Frame: 5818, payload: 33565-34944 (1380 bytes)]
[Frame: 5819, payload: 34945-36324 (1380 bytes)]
[Frame: 5821, payload: 36325-37704 (1380 bytes)]
[Frame: 5822, payload: 37705-39084 (1380 bytes)]
[Frame: 5824, payload: 39085-40464 (1380 bytes)]
[Frame: 5825, payload: 40465-41844 (1380 bytes)]
[Frame: 5827, payload: 41845-43224 (1380 bytes)]
[Frame: 5828, payload: 43225-44604 (1380 bytes)]
[Frame: 5830, payload: 44605-45984 (1380 bytes)]
[Frame: 5831, payload: 45985-47364 (1380 bytes)]
[Frame: 5833, payload: 47365-48744 (1380 bytes)]
[Frame: 5834, payload: 48745-50124 (1380 bytes)]
[Frame: 5836, payload: 50125-51504 (1380 bytes)]
[Frame: 5837, payload: 51505-52884 (1380 bytes)]
[Frame: 5839, payload: 52885-54264 (1380 bytes)]
[Frame: 5840, payload: 54265-55644 (1380 bytes)]
[Frame: 5842, payload: 55645-57024 (1380 bytes)]
[Frame: 5843, payload: 57025-57764 (740 bytes)]
[Segment count: 44]
[Reassembled TCP length: 57765]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:06 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57425\r\n
[Content length: 57425]
Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:06 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 79\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5969
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 458
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5846 2012-06-20 08:39:26.027333 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 5846: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:26.027333000 GMT Daylight Time
Epoch Time: 1340177966.027333000 seconds
[Time delta from previous captured frame: 0.000104000 seconds]
[Time delta from previous displayed frame: 0.000371000 seconds]
[Time since reference or first frame: 58.005547000 seconds]
Frame Number: 5846
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x29d8 (10712)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd1f7 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 662, Ack: 57766, Len: 237
Source port: vytalvaultvsmp (2547)
Destination port: http (80)
[Stream index: 56]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 57766 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x5d54 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5845(199), #5846(237)]
[Frame: 5845, payload: 0-198 (199 bytes)]
[Frame: 5846, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5922 2012-06-20 08:39:26.665891 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5922: 794 bytes on wire (6352 bits), 794 bytes captured (6352 bits)
Arrival Time: Jun 20, 2012 08:39:26.665891000 GMT Daylight Time
Epoch Time: 1340177966.665891000 seconds
[Time delta from previous captured frame: 0.000026000 seconds]
[Time delta from previous displayed frame: 0.638558000 seconds]
[Time since reference or first frame: 58.644105000 seconds]
Frame Number: 5922
Frame Length: 794 bytes (6352 bits)
Capture Length: 794 bytes (6352 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 780
Identification: 0x37b5 (14261)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0e24 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultvsmp (2547), Seq: 114791, Ack: 899, Len: 740
Source port: http (80)
Destination port: vytalvaultvsmp (2547)
[Stream index: 56]
Sequence number: 114791 (relative sequence number)
[Next sequence number: 115531 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x317e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2120]
TCP segment data (740 bytes)
[44 Reassembled TCP Segments (57765 bytes): #5856(1380), #5857(105), #5859(1380), #5860(1380), #5862(1380), #5863(1380), #5865(1380), #5866(340), #5868(1380), #5869(1380), #5871(1380), #5872(1380), #5874(1380), #5875(1380), #5877(1380), #58]
[Frame: 5856, payload: 0-1379 (1380 bytes)]
[Frame: 5857, payload: 1380-1484 (105 bytes)]
[Frame: 5859, payload: 1485-2864 (1380 bytes)]
[Frame: 5860, payload: 2865-4244 (1380 bytes)]
[Frame: 5862, payload: 4245-5624 (1380 bytes)]
[Frame: 5863, payload: 5625-7004 (1380 bytes)]
[Frame: 5865, payload: 7005-8384 (1380 bytes)]
[Frame: 5866, payload: 8385-8724 (340 bytes)]
[Frame: 5868, payload: 8725-10104 (1380 bytes)]
[Frame: 5869, payload: 10105-11484 (1380 bytes)]
[Frame: 5871, payload: 11485-12864 (1380 bytes)]
[Frame: 5872, payload: 12865-14244 (1380 bytes)]
[Frame: 5874, payload: 14245-15624 (1380 bytes)]
[Frame: 5875, payload: 15625-17004 (1380 bytes)]
[Frame: 5877, payload: 17005-18384 (1380 bytes)]
[Frame: 5878, payload: 18385-19764 (1380 bytes)]
[Frame: 5880, payload: 19765-21144 (1380 bytes)]
[Frame: 5881, payload: 21145-22524 (1380 bytes)]
[Frame: 5883, payload: 22525-23904 (1380 bytes)]
[Frame: 5884, payload: 23905-25284 (1380 bytes)]
[Frame: 5886, payload: 25285-26664 (1380 bytes)]
[Frame: 5887, payload: 26665-28044 (1380 bytes)]
[Frame: 5889, payload: 28045-29424 (1380 bytes)]
[Frame: 5890, payload: 29425-30804 (1380 bytes)]
[Frame: 5892, payload: 30805-32184 (1380 bytes)]
[Frame: 5893, payload: 32185-33564 (1380 bytes)]
[Frame: 5895, payload: 33565-34944 (1380 bytes)]
[Frame: 5896, payload: 34945-36324 (1380 bytes)]
[Frame: 5898, payload: 36325-37704 (1380 bytes)]
[Frame: 5899, payload: 37705-39084 (1380 bytes)]
[Frame: 5903, payload: 39085-40464 (1380 bytes)]
[Frame: 5904, payload: 40465-41844 (1380 bytes)]
[Frame: 5906, payload: 41845-43224 (1380 bytes)]
[Frame: 5907, payload: 43225-44604 (1380 bytes)]
[Frame: 5909, payload: 44605-45984 (1380 bytes)]
[Frame: 5910, payload: 45985-47364 (1380 bytes)]
[Frame: 5912, payload: 47365-48744 (1380 bytes)]
[Frame: 5913, payload: 48745-50124 (1380 bytes)]
[Frame: 5915, payload: 50125-51504 (1380 bytes)]
[Frame: 5916, payload: 51505-52884 (1380 bytes)]
[Frame: 5918, payload: 52885-54264 (1380 bytes)]
[Frame: 5919, payload: 54265-55644 (1380 bytes)]
[Frame: 5921, payload: 55645-57024 (1380 bytes)]
[Frame: 5922, payload: 57025-57764 (740 bytes)]
[Segment count: 44]
[Reassembled TCP length: 57765]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:07 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57425\r\n
[Content length: 57425]
Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:07 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 79\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5969
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 458
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5925 2012-06-20 08:39:26.666319 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 5925: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:26.666319000 GMT Daylight Time
Epoch Time: 1340177966.666319000 seconds
[Time delta from previous captured frame: 0.000103000 seconds]
[Time delta from previous displayed frame: 0.000428000 seconds]
[Time since reference or first frame: 58.644533000 seconds]
Frame Number: 5925
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x29f0 (10736)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd1df [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 1098, Ack: 115531, Len: 237
Source port: vytalvaultvsmp (2547)
Destination port: http (80)
[Stream index: 56]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 115531 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x79fa [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #5924(199), #5925(237)]
[Frame: 5924, payload: 0-198 (199 bytes)]
[Frame: 5925, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
5995 2012-06-20 08:39:27.111509 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 5995: 1222 bytes on wire (9776 bits), 1222 bytes captured (9776 bits)
Arrival Time: Jun 20, 2012 08:39:27.111509000 GMT Daylight Time
Epoch Time: 1340177967.111509000 seconds
[Time delta from previous captured frame: 0.000078000 seconds]
[Time delta from previous displayed frame: 0.445190000 seconds]
[Time since reference or first frame: 59.089723000 seconds]
Frame Number: 5995
Frame Length: 1222 bytes (9776 bits)
Capture Length: 1222 bytes (9776 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1208
Identification: 0x37e4 (14308)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x0c49 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultvsmp (2547), Seq: 172128, Ack: 1335, Len: 1168
Source port: http (80)
Destination port: vytalvaultvsmp (2547)
[Stream index: 56]
Sequence number: 172128 (relative sequence number)
[Next sequence number: 173296 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x6e0c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1168]
TCP segment data (1168 bytes)
[45 Reassembled TCP Segments (57765 bytes): #5928(1380), #5929(105), #5931(1380), #5932(1380), #5934(1380), #5935(1380), #5937(1380), #5938(1380), #5940(1380), #5941(1380), #5943(1380), #5944(612), #5946(1380), #5947(1380), #5949(1380), #59]
[Frame: 5928, payload: 0-1379 (1380 bytes)]
[Frame: 5929, payload: 1380-1484 (105 bytes)]
[Frame: 5931, payload: 1485-2864 (1380 bytes)]
[Frame: 5932, payload: 2865-4244 (1380 bytes)]
[Frame: 5934, payload: 4245-5624 (1380 bytes)]
[Frame: 5935, payload: 5625-7004 (1380 bytes)]
[Frame: 5937, payload: 7005-8384 (1380 bytes)]
[Frame: 5938, payload: 8385-9764 (1380 bytes)]
[Frame: 5940, payload: 9765-11144 (1380 bytes)]
[Frame: 5941, payload: 11145-12524 (1380 bytes)]
[Frame: 5943, payload: 12525-13904 (1380 bytes)]
[Frame: 5944, payload: 13905-14516 (612 bytes)]
[Frame: 5946, payload: 14517-15896 (1380 bytes)]
[Frame: 5947, payload: 15897-17276 (1380 bytes)]
[Frame: 5949, payload: 17277-18656 (1380 bytes)]
[Frame: 5950, payload: 18657-18860 (204 bytes)]
[Frame: 5952, payload: 18861-20240 (1380 bytes)]
[Frame: 5953, payload: 20241-21620 (1380 bytes)]
[Frame: 5955, payload: 21621-23000 (1380 bytes)]
[Frame: 5956, payload: 23001-24380 (1380 bytes)]
[Frame: 5958, payload: 24381-25760 (1380 bytes)]
[Frame: 5959, payload: 25761-27140 (1380 bytes)]
[Frame: 5961, payload: 27141-28520 (1380 bytes)]
[Frame: 5962, payload: 28521-28996 (476 bytes)]
[Frame: 5965, payload: 28997-30376 (1380 bytes)]
[Frame: 5966, payload: 30377-31756 (1380 bytes)]
[Frame: 5968, payload: 31757-33136 (1380 bytes)]
[Frame: 5969, payload: 33137-34516 (1380 bytes)]
[Frame: 5971, payload: 34517-35896 (1380 bytes)]
[Frame: 5972, payload: 35897-37276 (1380 bytes)]
[Frame: 5974, payload: 37277-38656 (1380 bytes)]
[Frame: 5975, payload: 38657-40036 (1380 bytes)]
[Frame: 5977, payload: 40037-41416 (1380 bytes)]
[Frame: 5978, payload: 41417-42796 (1380 bytes)]
[Frame: 5980, payload: 42797-44176 (1380 bytes)]
[Frame: 5981, payload: 44177-45556 (1380 bytes)]
[Frame: 5983, payload: 45557-46936 (1380 bytes)]
[Frame: 5984, payload: 46937-48316 (1380 bytes)]
[Frame: 5986, payload: 48317-49696 (1380 bytes)]
[Frame: 5987, payload: 49697-51076 (1380 bytes)]
[Frame: 5989, payload: 51077-52456 (1380 bytes)]
[Frame: 5990, payload: 52457-53836 (1380 bytes)]
[Frame: 5992, payload: 53837-55216 (1380 bytes)]
[Frame: 5993, payload: 55217-56596 (1380 bytes)]
[Frame: 5995, payload: 56597-57764 (1168 bytes)]
[Segment count: 45]
[Reassembled TCP length: 57765]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:07 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 57425\r\n
[Content length: 57425]
Last-Modified: Sun, 01 Nov 2009 16:14:13 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:07 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 79\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5969
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4757
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 458
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
5996 2012-06-20 08:39:27.111814 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1
Frame 5996: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:27.111814000 GMT Daylight Time
Epoch Time: 1340177967.111814000 seconds
[Time delta from previous captured frame: 0.000305000 seconds]
[Time delta from previous displayed frame: 0.000305000 seconds]
[Time since reference or first frame: 59.090028000 seconds]
Frame Number: 5996
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2a07 (10759)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd230 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultvsmp (2547), Dst Port: http (80), Seq: 1335, Ack: 173296, Len: 133
Source port: vytalvaultvsmp (2547)
Destination port: http (80)
[Stream index: 56]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 173296 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 254
[Calculated window size: 65024]
[Window size scaling factor: 256]
Checksum: 0xc0ec [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 5995]
[The RTT to ACK the segment was: 0.000305000 seconds]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_0124.jpg?w=458&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_0124.jpg?w=458&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_0124.jpg?w=458&h=640]
No. Time Source Destination Protocol Info
6009 2012-06-20 08:39:27.382509 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 6009: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:27.382509000 GMT Daylight Time
Epoch Time: 1340177967.382509000 seconds
[Time delta from previous captured frame: 0.000129000 seconds]
[Time delta from previous displayed frame: 0.270695000 seconds]
[Time since reference or first frame: 59.360723000 seconds]
Frame Number: 6009
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2a0d (10765)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd1c2 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 226, Ack: 1, Len: 237
Source port: vytalvaultpipe (2548)
Destination port: http (80)
[Stream index: 57]
Sequence number: 226 (relative sequence number)
[Next sequence number: 463 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x42aa [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 462]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (462 bytes): #6008(225), #6009(237)]
[Frame: 6008, payload: 0-224 (225 bytes)]
[Frame: 6009, payload: 225-461 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 462]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6088 2012-06-20 08:39:28.249294 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6088: 974 bytes on wire (7792 bits), 974 bytes captured (7792 bits)
Arrival Time: Jun 20, 2012 08:39:28.249294000 GMT Daylight Time
Epoch Time: 1340177968.249294000 seconds
[Time delta from previous captured frame: 0.000013000 seconds]
[Time delta from previous displayed frame: 0.866785000 seconds]
[Time since reference or first frame: 60.227508000 seconds]
Frame Number: 6088
Frame Length: 974 bytes (7792 bits)
Capture Length: 974 bytes (7792 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 960
Identification: 0x6fcf (28623)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xd555 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultpipe (2548), Seq: 61098, Ack: 463, Len: 920
Source port: http (80)
Destination port: vytalvaultpipe (2548)
[Stream index: 57]
Sequence number: 61098 (relative sequence number)
[Next sequence number: 62018 (relative sequence number)]
Acknowledgement number: 463 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0xbeba [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2300]
TCP segment data (920 bytes)
[46 Reassembled TCP Segments (62017 bytes): #6019(1380), #6020(1380), #6022(1380), #6023(1380), #6025(1380), #6026(377), #6028(1380), #6029(1380), #6031(1380), #6032(1380), #6035(1380), #6036(1380), #6038(1380), #6039(1380), #6041(1380), #6]
[Frame: 6019, payload: 0-1379 (1380 bytes)]
[Frame: 6020, payload: 1380-2759 (1380 bytes)]
[Frame: 6022, payload: 2760-4139 (1380 bytes)]
[Frame: 6023, payload: 4140-5519 (1380 bytes)]
[Frame: 6025, payload: 5520-6899 (1380 bytes)]
[Frame: 6026, payload: 6900-7276 (377 bytes)]
[Frame: 6028, payload: 7277-8656 (1380 bytes)]
[Frame: 6029, payload: 8657-10036 (1380 bytes)]
[Frame: 6031, payload: 10037-11416 (1380 bytes)]
[Frame: 6032, payload: 11417-12796 (1380 bytes)]
[Frame: 6035, payload: 12797-14176 (1380 bytes)]
[Frame: 6036, payload: 14177-15556 (1380 bytes)]
[Frame: 6038, payload: 15557-16936 (1380 bytes)]
[Frame: 6039, payload: 16937-18316 (1380 bytes)]
[Frame: 6041, payload: 18317-19696 (1380 bytes)]
[Frame: 6042, payload: 19697-21076 (1380 bytes)]
[Frame: 6044, payload: 21077-22456 (1380 bytes)]
[Frame: 6045, payload: 22457-23836 (1380 bytes)]
[Frame: 6047, payload: 23837-25216 (1380 bytes)]
[Frame: 6048, payload: 25217-26596 (1380 bytes)]
[Frame: 6050, payload: 26597-27976 (1380 bytes)]
[Frame: 6051, payload: 27977-29356 (1380 bytes)]
[Frame: 6054, payload: 29357-30736 (1380 bytes)]
[Frame: 6055, payload: 30737-32116 (1380 bytes)]
[Frame: 6057, payload: 32117-33496 (1380 bytes)]
[Frame: 6058, payload: 33497-34876 (1380 bytes)]
[Frame: 6060, payload: 34877-36256 (1380 bytes)]
[Frame: 6061, payload: 36257-37636 (1380 bytes)]
[Frame: 6063, payload: 37637-39016 (1380 bytes)]
[Frame: 6064, payload: 39017-40396 (1380 bytes)]
[Frame: 6066, payload: 40397-41776 (1380 bytes)]
[Frame: 6067, payload: 41777-43156 (1380 bytes)]
[Frame: 6069, payload: 43157-44536 (1380 bytes)]
[Frame: 6070, payload: 44537-45916 (1380 bytes)]
[Frame: 6072, payload: 45917-47296 (1380 bytes)]
[Frame: 6073, payload: 47297-48676 (1380 bytes)]
[Frame: 6075, payload: 48677-50056 (1380 bytes)]
[Frame: 6076, payload: 50057-51436 (1380 bytes)]
[Frame: 6078, payload: 51437-52816 (1380 bytes)]
[Frame: 6079, payload: 52817-54196 (1380 bytes)]
[Frame: 6081, payload: 54197-55576 (1380 bytes)]
[Frame: 6082, payload: 55577-56956 (1380 bytes)]
[Frame: 6084, payload: 56957-58336 (1380 bytes)]
[Frame: 6085, payload: 58337-59716 (1380 bytes)]
[Frame: 6087, payload: 59717-61096 (1380 bytes)]
[Frame: 6088, payload: 61097-62016 (920 bytes)]
[Segment count: 46]
[Reassembled TCP length: 62017]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:08 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 61677\r\n
[Content length: 61677]
Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:08 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7157
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 476
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6091 2012-06-20 08:39:28.249751 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 6091: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:28.249751000 GMT Daylight Time
Epoch Time: 1340177968.249751000 seconds
[Time delta from previous captured frame: 0.000103000 seconds]
[Time delta from previous displayed frame: 0.000457000 seconds]
[Time since reference or first frame: 60.227965000 seconds]
Frame Number: 6091
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2a26 (10790)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd1a9 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 662, Ack: 62018, Len: 237
Source port: vytalvaultpipe (2548)
Destination port: http (80)
[Stream index: 57]
Sequence number: 662 (relative sequence number)
[Next sequence number: 899 (relative sequence number)]
Acknowledgement number: 62018 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x4eb4 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #6090(199), #6091(237)]
[Frame: 6090, payload: 0-198 (199 bytes)]
[Frame: 6091, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6173 2012-06-20 08:39:28.716346 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6173: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits)
Arrival Time: Jun 20, 2012 08:39:28.716346000 GMT Daylight Time
Epoch Time: 1340177968.716346000 seconds
[Time delta from previous captured frame: 0.000019000 seconds]
[Time delta from previous displayed frame: 0.466595000 seconds]
[Time since reference or first frame: 60.694560000 seconds]
Frame Number: 6173
Frame Length: 566 bytes (4528 bits)
Capture Length: 566 bytes (4528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 552
Identification: 0x7003 (28675)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xd6b9 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultpipe (2548), Seq: 123523, Ack: 899, Len: 512
Source port: http (80)
Destination port: vytalvaultpipe (2548)
[Stream index: 57]
Sequence number: 123523 (relative sequence number)
[Next sequence number: 124035 (relative sequence number)]
Acknowledgement number: 899 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x7f0e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1892]
TCP segment data (512 bytes)
[50 Reassembled TCP Segments (62017 bytes): #6099(1380), #6100(1380), #6102(1380), #6103(1380), #6105(1380), #6106(1380), #6108(445), #6109(1380), #6111(1380), #6112(136), #6114(1380), #6115(68), #6117(1380), #6118(68), #6120(1380), #6121(6]
[Frame: 6099, payload: 0-1379 (1380 bytes)]
[Frame: 6100, payload: 1380-2759 (1380 bytes)]
[Frame: 6102, payload: 2760-4139 (1380 bytes)]
[Frame: 6103, payload: 4140-5519 (1380 bytes)]
[Frame: 6105, payload: 5520-6899 (1380 bytes)]
[Frame: 6106, payload: 6900-8279 (1380 bytes)]
[Frame: 6108, payload: 8280-8724 (445 bytes)]
[Frame: 6109, payload: 8725-10104 (1380 bytes)]
[Frame: 6111, payload: 10105-11484 (1380 bytes)]
[Frame: 6112, payload: 11485-11620 (136 bytes)]
[Frame: 6114, payload: 11621-13000 (1380 bytes)]
[Frame: 6115, payload: 13001-13068 (68 bytes)]
[Frame: 6117, payload: 13069-14448 (1380 bytes)]
[Frame: 6118, payload: 14449-14516 (68 bytes)]
[Frame: 6120, payload: 14517-15896 (1380 bytes)]
[Frame: 6121, payload: 15897-15964 (68 bytes)]
[Frame: 6123, payload: 15965-17344 (1380 bytes)]
[Frame: 6124, payload: 17345-18724 (1380 bytes)]
[Frame: 6126, payload: 18725-20104 (1380 bytes)]
[Frame: 6127, payload: 20105-21484 (1380 bytes)]
[Frame: 6129, payload: 21485-22864 (1380 bytes)]
[Frame: 6130, payload: 22865-24244 (1380 bytes)]
[Frame: 6132, payload: 24245-25624 (1380 bytes)]
[Frame: 6133, payload: 25625-27004 (1380 bytes)]
[Frame: 6135, payload: 27005-28384 (1380 bytes)]
[Frame: 6137, payload: 28385-29764 (1380 bytes)]
[Frame: 6139, payload: 29765-31144 (1380 bytes)]
[Frame: 6140, payload: 31145-32524 (1380 bytes)]
[Frame: 6142, payload: 32525-33904 (1380 bytes)]
[Frame: 6143, payload: 33905-35284 (1380 bytes)]
[Frame: 6145, payload: 35285-36664 (1380 bytes)]
[Frame: 6146, payload: 36665-38044 (1380 bytes)]
[Frame: 6148, payload: 38045-39424 (1380 bytes)]
[Frame: 6149, payload: 39425-40804 (1380 bytes)]
[Frame: 6151, payload: 40805-42184 (1380 bytes)]
[Frame: 6152, payload: 42185-43564 (1380 bytes)]
[Frame: 6154, payload: 43565-44944 (1380 bytes)]
[Frame: 6155, payload: 44945-46324 (1380 bytes)]
[Frame: 6157, payload: 46325-47704 (1380 bytes)]
[Frame: 6158, payload: 47705-49084 (1380 bytes)]
[Frame: 6160, payload: 49085-50464 (1380 bytes)]
[Frame: 6161, payload: 50465-51844 (1380 bytes)]
[Frame: 6163, payload: 51845-53224 (1380 bytes)]
[Frame: 6164, payload: 53225-54604 (1380 bytes)]
[Frame: 6166, payload: 54605-55984 (1380 bytes)]
[Frame: 6167, payload: 55985-57364 (1380 bytes)]
[Frame: 6169, payload: 57365-58744 (1380 bytes)]
[Frame: 6170, payload: 58745-60124 (1380 bytes)]
[Frame: 6172, payload: 60125-61504 (1380 bytes)]
[Frame: 6173, payload: 61505-62016 (512 bytes)]
[Segment count: 50]
[Reassembled TCP length: 62017]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:09 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 61677\r\n
[Content length: 61677]
Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:09 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7157
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 476
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6176 2012-06-20 08:39:28.716684 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 6176: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:28.716684000 GMT Daylight Time
Epoch Time: 1340177968.716684000 seconds
[Time delta from previous captured frame: 0.000042000 seconds]
[Time delta from previous displayed frame: 0.000338000 seconds]
[Time since reference or first frame: 60.694898000 seconds]
Frame Number: 6176
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2a41 (10817)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd18e [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 1098, Ack: 124035, Len: 237
Source port: vytalvaultpipe (2548)
Destination port: http (80)
[Stream index: 57]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1335 (relative sequence number)]
Acknowledgement number: 124035 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x5abe [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 436]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (436 bytes): #6175(199), #6176(237)]
[Frame: 6175, payload: 0-198 (199 bytes)]
[Frame: 6176, payload: 199-435 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 436]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6258 2012-06-20 08:39:29.205620 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6258: 1198 bytes on wire (9584 bits), 1198 bytes captured (9584 bits)
Arrival Time: Jun 20, 2012 08:39:29.205620000 GMT Daylight Time
Epoch Time: 1340177969.205620000 seconds
[Time delta from previous captured frame: 0.000063000 seconds]
[Time delta from previous displayed frame: 0.488936000 seconds]
[Time since reference or first frame: 61.183834000 seconds]
Frame Number: 6258
Frame Length: 1198 bytes (9584 bits)
Capture Length: 1198 bytes (9584 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1184
Identification: 0x7037 (28727)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xd40d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: vytalvaultpipe (2548), Seq: 184908, Ack: 1335, Len: 1144
Source port: http (80)
Destination port: vytalvaultpipe (2548)
[Stream index: 57]
Sequence number: 184908 (relative sequence number)
[Next sequence number: 186052 (relative sequence number)]
Acknowledgement number: 1335 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0x6c4a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2524]
TCP segment data (1144 bytes)
[50 Reassembled TCP Segments (62017 bytes): #6183(1380), #6184(1380), #6186(173), #6187(1380), #6189(1380), #6190(1380), #6192(204), #6193(1380), #6195(1380), #6196(1380), #6198(1380), #6199(1380), #6201(340), #6202(1380), #6204(1380), #620]
[Frame: 6183, payload: 0-1379 (1380 bytes)]
[Frame: 6184, payload: 1380-2759 (1380 bytes)]
[Frame: 6186, payload: 2760-2932 (173 bytes)]
[Frame: 6187, payload: 2933-4312 (1380 bytes)]
[Frame: 6189, payload: 4313-5692 (1380 bytes)]
[Frame: 6190, payload: 5693-7072 (1380 bytes)]
[Frame: 6192, payload: 7073-7276 (204 bytes)]
[Frame: 6193, payload: 7277-8656 (1380 bytes)]
[Frame: 6195, payload: 8657-10036 (1380 bytes)]
[Frame: 6196, payload: 10037-11416 (1380 bytes)]
[Frame: 6198, payload: 11417-12796 (1380 bytes)]
[Frame: 6199, payload: 12797-14176 (1380 bytes)]
[Frame: 6201, payload: 14177-14516 (340 bytes)]
[Frame: 6202, payload: 14517-15896 (1380 bytes)]
[Frame: 6204, payload: 15897-17276 (1380 bytes)]
[Frame: 6205, payload: 17277-18656 (1380 bytes)]
[Frame: 6207, payload: 18657-20036 (1380 bytes)]
[Frame: 6208, payload: 20037-20308 (272 bytes)]
[Frame: 6210, payload: 20309-21688 (1380 bytes)]
[Frame: 6211, payload: 21689-23068 (1380 bytes)]
[Frame: 6213, payload: 23069-24448 (1380 bytes)]
[Frame: 6214, payload: 24449-25828 (1380 bytes)]
[Frame: 6216, payload: 25829-27208 (1380 bytes)]
[Frame: 6217, payload: 27209-28588 (1380 bytes)]
[Frame: 6219, payload: 28589-28996 (408 bytes)]
[Frame: 6220, payload: 28997-30376 (1380 bytes)]
[Frame: 6222, payload: 30377-31756 (1380 bytes)]
[Frame: 6223, payload: 31757-31892 (136 bytes)]
[Frame: 6227, payload: 31893-33272 (1380 bytes)]
[Frame: 6228, payload: 33273-34652 (1380 bytes)]
[Frame: 6230, payload: 34653-36032 (1380 bytes)]
[Frame: 6231, payload: 36033-37412 (1380 bytes)]
[Frame: 6233, payload: 37413-38792 (1380 bytes)]
[Frame: 6234, payload: 38793-40172 (1380 bytes)]
[Frame: 6236, payload: 40173-41552 (1380 bytes)]
[Frame: 6237, payload: 41553-42932 (1380 bytes)]
[Frame: 6239, payload: 42933-44312 (1380 bytes)]
[Frame: 6240, payload: 44313-45692 (1380 bytes)]
[Frame: 6242, payload: 45693-47072 (1380 bytes)]
[Frame: 6243, payload: 47073-48452 (1380 bytes)]
[Frame: 6245, payload: 48453-49832 (1380 bytes)]
[Frame: 6246, payload: 49833-51212 (1380 bytes)]
[Frame: 6248, payload: 51213-52592 (1380 bytes)]
[Frame: 6249, payload: 52593-53972 (1380 bytes)]
[Frame: 6251, payload: 53973-55352 (1380 bytes)]
[Frame: 6252, payload: 55353-56732 (1380 bytes)]
[Frame: 6254, payload: 56733-58112 (1380 bytes)]
[Frame: 6255, payload: 58113-59492 (1380 bytes)]
[Frame: 6257, payload: 59493-60872 (1380 bytes)]
[Frame: 6258, payload: 60873-62016 (1144 bytes)]
[Segment count: 50]
[Reassembled TCP length: 62017]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:10 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 61677\r\n
[Content length: 61677]
Last-Modified: Sun, 01 Nov 2009 16:19:36 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:10 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 83\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 7157
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 5945
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 476
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6260 2012-06-20 08:39:29.205859 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1
Frame 6260: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits)
Arrival Time: Jun 20, 2012 08:39:29.205859000 GMT Daylight Time
Epoch Time: 1340177969.205859000 seconds
[Time delta from previous captured frame: 0.000216000 seconds]
[Time delta from previous displayed frame: 0.000239000 seconds]
[Time since reference or first frame: 61.184073000 seconds]
Frame Number: 6260
Frame Length: 187 bytes (1496 bits)
Capture Length: 187 bytes (1496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 173
Identification: 0x2a5b (10843)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd1dc [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: vytalvaultpipe (2548), Dst Port: http (80), Seq: 1335, Ack: 186052, Len: 133
Source port: vytalvaultpipe (2548)
Destination port: http (80)
[Stream index: 57]
Sequence number: 1335 (relative sequence number)
[Next sequence number: 1468 (relative sequence number)]
Acknowledgement number: 186052 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x880f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 133]
Hypertext Transfer Protocol
HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_2375.jpg?w=476&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_2375.jpg?w=476&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_2375.jpg?w=476&h=640]
No. Time Source Destination Protocol Info
6283 2012-06-20 08:39:29.654298 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6283: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:29.654298000 GMT Daylight Time
Epoch Time: 1340177969.654298000 seconds
[Time delta from previous captured frame: 0.000109000 seconds]
[Time delta from previous displayed frame: 0.448439000 seconds]
[Time since reference or first frame: 61.632512000 seconds]
Frame Number: 6283
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2a61 (10849)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd16e [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 227, Ack: 1, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 227 (relative sequence number)
[Next sequence number: 464 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x2f42 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 463]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (463 bytes): #6282(226), #6283(237)]
[Frame: 6282, payload: 0-225 (226 bytes)]
[Frame: 6283, payload: 226-462 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 463]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Keep-Alive: \r\n
Connection: TE, Keep-Alive\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6346 2012-06-20 08:39:30.211163 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6346: 1419 bytes on wire (11352 bits), 1419 bytes captured (11352 bits)
Arrival Time: Jun 20, 2012 08:39:30.211163000 GMT Daylight Time
Epoch Time: 1340177970.211163000 seconds
[Time delta from previous captured frame: 0.000022000 seconds]
[Time delta from previous displayed frame: 0.556865000 seconds]
[Time since reference or first frame: 62.189377000 seconds]
Frame Number: 6346
Frame Length: 1419 bytes (11352 bits)
Capture Length: 1419 bytes (11352 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1405
Identification: 0xdd0b (56587)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x665c [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 49681, Ack: 464, Len: 1365
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 49681 (relative sequence number)
[Next sequence number: 51046 (relative sequence number)]
Acknowledgement number: 464 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 33
[Calculated window size: 16896]
[Window size scaling factor: 512]
Checksum: 0x5dbf [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1365]
TCP segment data (1365 bytes)
[37 Reassembled TCP Segments (51045 bytes): #6289(1380), #6290(1380), #6292(1380), #6293(1380), #6295(1380), #6296(1380), #6298(1380), #6299(1380), #6301(1380), #6302(1380), #6305(1380), #6306(1380), #6308(1380), #6309(1380), #6311(1380), #]
[Frame: 6289, payload: 0-1379 (1380 bytes)]
[Frame: 6290, payload: 1380-2759 (1380 bytes)]
[Frame: 6292, payload: 2760-4139 (1380 bytes)]
[Frame: 6293, payload: 4140-5519 (1380 bytes)]
[Frame: 6295, payload: 5520-6899 (1380 bytes)]
[Frame: 6296, payload: 6900-8279 (1380 bytes)]
[Frame: 6298, payload: 8280-9659 (1380 bytes)]
[Frame: 6299, payload: 9660-11039 (1380 bytes)]
[Frame: 6301, payload: 11040-12419 (1380 bytes)]
[Frame: 6302, payload: 12420-13799 (1380 bytes)]
[Frame: 6305, payload: 13800-15179 (1380 bytes)]
[Frame: 6306, payload: 15180-16559 (1380 bytes)]
[Frame: 6308, payload: 16560-17939 (1380 bytes)]
[Frame: 6309, payload: 17940-19319 (1380 bytes)]
[Frame: 6311, payload: 19320-20699 (1380 bytes)]
[Frame: 6312, payload: 20700-22079 (1380 bytes)]
[Frame: 6314, payload: 22080-23459 (1380 bytes)]
[Frame: 6315, payload: 23460-24839 (1380 bytes)]
[Frame: 6317, payload: 24840-26219 (1380 bytes)]
[Frame: 6318, payload: 26220-27599 (1380 bytes)]
[Frame: 6320, payload: 27600-28979 (1380 bytes)]
[Frame: 6321, payload: 28980-30359 (1380 bytes)]
[Frame: 6324, payload: 30360-31739 (1380 bytes)]
[Frame: 6325, payload: 31740-33119 (1380 bytes)]
[Frame: 6327, payload: 33120-34499 (1380 bytes)]
[Frame: 6329, payload: 34500-35879 (1380 bytes)]
[Frame: 6331, payload: 35880-37259 (1380 bytes)]
[Frame: 6332, payload: 37260-38639 (1380 bytes)]
[Frame: 6334, payload: 38640-40019 (1380 bytes)]
[Frame: 6335, payload: 40020-41399 (1380 bytes)]
[Frame: 6337, payload: 41400-42779 (1380 bytes)]
[Frame: 6338, payload: 42780-44159 (1380 bytes)]
[Frame: 6340, payload: 44160-45539 (1380 bytes)]
[Frame: 6341, payload: 45540-46919 (1380 bytes)]
[Frame: 6343, payload: 46920-48299 (1380 bytes)]
[Frame: 6344, payload: 48300-49679 (1380 bytes)]
[Frame: 6346, payload: 49680-51044 (1365 bytes)]
[Segment count: 37]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:10 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:10 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6348 2012-06-20 08:39:30.211464 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6348: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:30.211464000 GMT Daylight Time
Epoch Time: 1340177970.211464000 seconds
[Time delta from previous captured frame: 0.000046000 seconds]
[Time delta from previous displayed frame: 0.000301000 seconds]
[Time since reference or first frame: 62.189678000 seconds]
Frame Number: 6348
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2a75 (10869)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd15a [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 664, Ack: 51046, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 664 (relative sequence number)
[Next sequence number: 901 (relative sequence number)]
Acknowledgement number: 51046 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 253
[Calculated window size: 64768]
[Window size scaling factor: 256]
Checksum: 0x662c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6347(200), #6348(237)]
[Frame: 6347, payload: 0-199 (200 bytes)]
[Frame: 6348, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6410 2012-06-20 08:39:30.646481 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6410: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits)
Arrival Time: Jun 20, 2012 08:39:30.646481000 GMT Daylight Time
Epoch Time: 1340177970.646481000 seconds
[Time delta from previous captured frame: 0.000021000 seconds]
[Time delta from previous displayed frame: 0.435017000 seconds]
[Time since reference or first frame: 62.624695000 seconds]
Frame Number: 6410
Frame Length: 362 bytes (2896 bits)
Capture Length: 362 bytes (2896 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 348
Identification: 0xdd35 (56629)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6a53 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 101783, Ack: 901, Len: 308
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 101783 (relative sequence number)
[Next sequence number: 102091 (relative sequence number)]
Acknowledgement number: 901 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 37
[Calculated window size: 18944]
[Window size scaling factor: 512]
Checksum: 0x8c70 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1688]
TCP segment data (308 bytes)
[40 Reassembled TCP Segments (51045 bytes): #6351(1380), #6352(1380), #6354(1380), #6355(1380), #6357(1380), #6358(1380), #6360(1380), #6361(513), #6363(1380), #6364(1380), #6366(1380), #6367(204), #6369(1380), #6370(1380), #6372(1380), #63]
[Frame: 6351, payload: 0-1379 (1380 bytes)]
[Frame: 6352, payload: 1380-2759 (1380 bytes)]
[Frame: 6354, payload: 2760-4139 (1380 bytes)]
[Frame: 6355, payload: 4140-5519 (1380 bytes)]
[Frame: 6357, payload: 5520-6899 (1380 bytes)]
[Frame: 6358, payload: 6900-8279 (1380 bytes)]
[Frame: 6360, payload: 8280-9659 (1380 bytes)]
[Frame: 6361, payload: 9660-10172 (513 bytes)]
[Frame: 6363, payload: 10173-11552 (1380 bytes)]
[Frame: 6364, payload: 11553-12932 (1380 bytes)]
[Frame: 6366, payload: 12933-14312 (1380 bytes)]
[Frame: 6367, payload: 14313-14516 (204 bytes)]
[Frame: 6369, payload: 14517-15896 (1380 bytes)]
[Frame: 6370, payload: 15897-17276 (1380 bytes)]
[Frame: 6372, payload: 17277-18656 (1380 bytes)]
[Frame: 6373, payload: 18657-20036 (1380 bytes)]
[Frame: 6375, payload: 20037-21416 (1380 bytes)]
[Frame: 6376, payload: 21417-21756 (340 bytes)]
[Frame: 6379, payload: 21757-23136 (1380 bytes)]
[Frame: 6380, payload: 23137-24516 (1380 bytes)]
[Frame: 6382, payload: 24517-25896 (1380 bytes)]
[Frame: 6383, payload: 25897-27276 (1380 bytes)]
[Frame: 6385, payload: 27277-28656 (1380 bytes)]
[Frame: 6386, payload: 28657-30036 (1380 bytes)]
[Frame: 6388, payload: 30037-31416 (1380 bytes)]
[Frame: 6389, payload: 31417-32796 (1380 bytes)]
[Frame: 6391, payload: 32797-34176 (1380 bytes)]
[Frame: 6392, payload: 34177-35556 (1380 bytes)]
[Frame: 6394, payload: 35557-36936 (1380 bytes)]
[Frame: 6395, payload: 36937-38316 (1380 bytes)]
[Frame: 6397, payload: 38317-39696 (1380 bytes)]
[Frame: 6398, payload: 39697-41076 (1380 bytes)]
[Frame: 6400, payload: 41077-42456 (1380 bytes)]
[Frame: 6401, payload: 42457-43836 (1380 bytes)]
[Frame: 6403, payload: 43837-45216 (1380 bytes)]
[Frame: 6404, payload: 45217-46596 (1380 bytes)]
[Frame: 6406, payload: 46597-47976 (1380 bytes)]
[Frame: 6407, payload: 47977-49356 (1380 bytes)]
[Frame: 6409, payload: 49357-50736 (1380 bytes)]
[Frame: 6410, payload: 50737-51044 (308 bytes)]
[Segment count: 40]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:11 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:11 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6413 2012-06-20 08:39:30.646806 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6413: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:30.646806000 GMT Daylight Time
Epoch Time: 1340177970.646806000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.000325000 seconds]
[Time since reference or first frame: 62.625020000 seconds]
Frame Number: 6413
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2a8b (10891)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd144 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 1101, Ack: 102091, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 1101 (relative sequence number)
[Next sequence number: 1338 (relative sequence number)]
Acknowledgement number: 102091 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x9d0c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6412(200), #6413(237)]
[Frame: 6412, payload: 0-199 (200 bytes)]
[Frame: 6413, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6481 2012-06-20 08:39:31.139632 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6481: 1062 bytes on wire (8496 bits), 1062 bytes captured (8496 bits)
Arrival Time: Jun 20, 2012 08:39:31.139632000 GMT Daylight Time
Epoch Time: 1340177971.139632000 seconds
[Time delta from previous captured frame: 0.000075000 seconds]
[Time delta from previous displayed frame: 0.492826000 seconds]
[Time since reference or first frame: 63.117846000 seconds]
Frame Number: 6481
Frame Length: 1062 bytes (8496 bits)
Capture Length: 1062 bytes (8496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1048
Identification: 0xdd5f (56671)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x676d [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 152128, Ack: 1338, Len: 1008
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 152128 (relative sequence number)
[Next sequence number: 153136 (relative sequence number)]
Acknowledgement number: 1338 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 42
[Calculated window size: 21504]
[Window size scaling factor: 512]
Checksum: 0xc86a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2388]
TCP segment data (1008 bytes)
[40 Reassembled TCP Segments (51045 bytes): #6421(1380), #6422(1380), #6424(1380), #6425(1380), #6427(309), #6428(1380), #6430(1380), #6431(1380), #6433(1380), #6434(1380), #6436(1380), #6437(1380), #6439(1380), #6440(1380), #6442(612), #64]
[Frame: 6421, payload: 0-1379 (1380 bytes)]
[Frame: 6422, payload: 1380-2759 (1380 bytes)]
[Frame: 6424, payload: 2760-4139 (1380 bytes)]
[Frame: 6425, payload: 4140-5519 (1380 bytes)]
[Frame: 6427, payload: 5520-5828 (309 bytes)]
[Frame: 6428, payload: 5829-7208 (1380 bytes)]
[Frame: 6430, payload: 7209-8588 (1380 bytes)]
[Frame: 6431, payload: 8589-9968 (1380 bytes)]
[Frame: 6433, payload: 9969-11348 (1380 bytes)]
[Frame: 6434, payload: 11349-12728 (1380 bytes)]
[Frame: 6436, payload: 12729-14108 (1380 bytes)]
[Frame: 6437, payload: 14109-15488 (1380 bytes)]
[Frame: 6439, payload: 15489-16868 (1380 bytes)]
[Frame: 6440, payload: 16869-18248 (1380 bytes)]
[Frame: 6442, payload: 18249-18860 (612 bytes)]
[Frame: 6443, payload: 18861-20240 (1380 bytes)]
[Frame: 6445, payload: 20241-21620 (1380 bytes)]
[Frame: 6446, payload: 21621-21756 (136 bytes)]
[Frame: 6448, payload: 21757-23136 (1380 bytes)]
[Frame: 6449, payload: 23137-24516 (1380 bytes)]
[Frame: 6451, payload: 24517-25896 (1380 bytes)]
[Frame: 6452, payload: 25897-27276 (1380 bytes)]
[Frame: 6454, payload: 27277-28656 (1380 bytes)]
[Frame: 6455, payload: 28657-30036 (1380 bytes)]
[Frame: 6457, payload: 30037-31416 (1380 bytes)]
[Frame: 6458, payload: 31417-32796 (1380 bytes)]
[Frame: 6460, payload: 32797-34176 (1380 bytes)]
[Frame: 6461, payload: 34177-35556 (1380 bytes)]
[Frame: 6463, payload: 35557-36236 (680 bytes)]
[Frame: 6466, payload: 36237-37616 (1380 bytes)]
[Frame: 6468, payload: 37617-38996 (1380 bytes)]
[Frame: 6469, payload: 38997-40376 (1380 bytes)]
[Frame: 6471, payload: 40377-41756 (1380 bytes)]
[Frame: 6472, payload: 41757-43136 (1380 bytes)]
[Frame: 6474, payload: 43137-44516 (1380 bytes)]
[Frame: 6475, payload: 44517-45896 (1380 bytes)]
[Frame: 6477, payload: 45897-47276 (1380 bytes)]
[Frame: 6478, payload: 47277-48656 (1380 bytes)]
[Frame: 6480, payload: 48657-50036 (1380 bytes)]
[Frame: 6481, payload: 50037-51044 (1008 bytes)]
[Segment count: 40]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:12 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:12 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6483 2012-06-20 08:39:31.139929 172.28.13.6 76.74.248.166 HTTP HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6483: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
Arrival Time: Jun 20, 2012 08:39:31.139929000 GMT Daylight Time
Epoch Time: 1340177971.139929000 seconds
[Time delta from previous captured frame: 0.000262000 seconds]
[Time delta from previous displayed frame: 0.000297000 seconds]
[Time since reference or first frame: 63.118143000 seconds]
Frame Number: 6483
Frame Length: 188 bytes (1504 bits)
Capture Length: 188 bytes (1504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 174
Identification: 0x2aa0 (10912)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd196 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 1338, Ack: 153136, Len: 134
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 1338 (relative sequence number)
[Next sequence number: 1472 (relative sequence number)]
Acknowledgement number: 153136 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x26eb [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 134]
Hypertext Transfer Protocol
HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: HEAD /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: HEAD
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
No. Time Source Destination Protocol Info
6488 2012-06-20 08:39:31.273729 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6488: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:31.273729000 GMT Daylight Time
Epoch Time: 1340177971.273729000 seconds
[Time delta from previous captured frame: 0.000053000 seconds]
[Time delta from previous displayed frame: 0.133800000 seconds]
[Time since reference or first frame: 63.251943000 seconds]
Frame Number: 6488
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2aa2 (10914)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd12d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 1672, Ack: 153480, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 1672 (relative sequence number)
[Next sequence number: 1909 (relative sequence number)]
Acknowledgement number: 153480 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 257
[Calculated window size: 65792]
[Window size scaling factor: 256]
Checksum: 0xd214 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6487(200), #6488(237)]
[Frame: 6487, payload: 0-199 (200 bytes)]
[Frame: 6488, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6552 2012-06-20 08:39:31.714643 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (image/jpeg)
Frame 6552: 1130 bytes on wire (9040 bits), 1130 bytes captured (9040 bits)
Arrival Time: Jun 20, 2012 08:39:31.714643000 GMT Daylight Time
Epoch Time: 1340177971.714643000 seconds
[Time delta from previous captured frame: 0.000094000 seconds]
[Time delta from previous displayed frame: 0.440914000 seconds]
[Time since reference or first frame: 63.692857000 seconds]
Frame Number: 6552
Frame Length: 1130 bytes (9040 bits)
Capture Length: 1130 bytes (9040 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:media:http:data]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1116
Identification: 0xdd8a (56714)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x66fe [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 203449, Ack: 1909, Len: 1076
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 203449 (relative sequence number)
[Next sequence number: 204525 (relative sequence number)]
Acknowledgement number: 1909 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 48
[Calculated window size: 24576]
[Window size scaling factor: 512]
Checksum: 0x0b1e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2456]
TCP segment data (736 bytes)
[41 Reassembled TCP Segments (51049 bytes): #6486(344), #6494(1380), #6495(1380), #6497(173), #6498(1380), #6500(1380), #6501(1380), #6503(1380), #6504(1380), #6506(1380), #6507(1380), #6509(1380), #6510(544), #6512(1380), #6513(1380), #651]
[Frame: 6486, payload: 0-343 (344 bytes)]
[Frame: 6494, payload: 344-1723 (1380 bytes)]
[Frame: 6495, payload: 1724-3103 (1380 bytes)]
[Frame: 6497, payload: 3104-3276 (173 bytes)]
[Frame: 6498, payload: 3277-4656 (1380 bytes)]
[Frame: 6500, payload: 4657-6036 (1380 bytes)]
[Frame: 6501, payload: 6037-7416 (1380 bytes)]
[Frame: 6503, payload: 7417-8796 (1380 bytes)]
[Frame: 6504, payload: 8797-10176 (1380 bytes)]
[Frame: 6506, payload: 10177-11556 (1380 bytes)]
[Frame: 6507, payload: 11557-12936 (1380 bytes)]
[Frame: 6509, payload: 12937-14316 (1380 bytes)]
[Frame: 6510, payload: 14317-14860 (544 bytes)]
[Frame: 6512, payload: 14861-16240 (1380 bytes)]
[Frame: 6513, payload: 16241-17620 (1380 bytes)]
[Frame: 6515, payload: 17621-17756 (136 bytes)]
[Frame: 6516, payload: 17757-19136 (1380 bytes)]
[Frame: 6518, payload: 19137-20516 (1380 bytes)]
[Frame: 6519, payload: 20517-21896 (1380 bytes)]
[Frame: 6521, payload: 21897-23276 (1380 bytes)]
[Frame: 6522, payload: 23277-24656 (1380 bytes)]
[Frame: 6524, payload: 24657-26036 (1380 bytes)]
[Frame: 6525, payload: 26037-27416 (1380 bytes)]
[Frame: 6527, payload: 27417-28796 (1380 bytes)]
[Frame: 6528, payload: 28797-30176 (1380 bytes)]
[Frame: 6530, payload: 30177-31556 (1380 bytes)]
[Frame: 6531, payload: 31557-32936 (1380 bytes)]
[Frame: 6533, payload: 32937-34316 (1380 bytes)]
[Frame: 6534, payload: 34317-35132 (816 bytes)]
[Frame: 6536, payload: 35133-36512 (1380 bytes)]
[Frame: 6537, payload: 36513-37892 (1380 bytes)]
[Frame: 6539, payload: 37893-39272 (1380 bytes)]
[Frame: 6540, payload: 39273-40652 (1380 bytes)]
[Frame: 6542, payload: 40653-42032 (1380 bytes)]
[Frame: 6543, payload: 42033-43412 (1380 bytes)]
[Frame: 6545, payload: 43413-44792 (1380 bytes)]
[Frame: 6546, payload: 44793-46172 (1380 bytes)]
[Frame: 6548, payload: 46173-47552 (1380 bytes)]
[Frame: 6549, payload: 47553-48932 (1380 bytes)]
[Frame: 6551, payload: 48933-50312 (1380 bytes)]
[Frame: 6552, payload: 50313-51048 (736 bytes)]
[Segment count: 41]
[Reassembled TCP length: 51049]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:12 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:12 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
X-nc: HIT sat 86\r\n
Accept-Ranges: bytes\r\n
Cache-Control: max-age=31536000\r\n
\r\n
[Expert Info (Note/Malformed): HTTP body subdissector failed, trying heuristic subdissector]
[Message: HTTP body subdissector failed, trying heuristic subdissector]
[Severity level: Note]
[Group: Malformed]
Media Type
Media Type: image/jpeg (50705 bytes)
Hypertext Transfer Protocol
\r
Data (339 bytes)
0000 74 8a 94 1f 08 9d 8a bc ae 66 70 12 f9 81 41 01 t........fp...A.
0010 f4 91 10 00 a4 27 49 c5 0f 98 09 a3 ca fb 8e f4 .....'I.........
0020 2f ef 60 70 0f 68 56 42 d5 7c ca 6d 53 4a f1 2e /.`p.hVB.|.mSJ..
0030 15 48 70 d7 52 83 42 b8 82 d0 59 be a1 2c 5f 98 .Hp.R.B...Y..,_.
0040 cd 0a 7b 62 07 4e db 06 58 b5 c4 2c 20 de 7d 40 ..{b.N..X.., .}@
0050 a1 69 b6 4a 63 1b e4 7b 80 b5 5b f3 97 d1 0f 34 .i.Jc..{..[....4
0060 b9 81 0a 5a 55 12 df 1f 94 e4 47 1d 41 b0 e8 5f ...ZU.....G.A.._
0070 b8 00 72 7b 97 55 16 75 50 bb 50 0e 7c ca e2 16 ..r{.U.uP.P.|...
0080 b9 b2 c0 7a 2d d9 b3 42 1a 0d 67 b6 30 1b 50 38 ...z-..B..g.0.P8
0090 ae 66 46 f8 fa 40 69 ce b8 ea 5c 81 58 1e 00 e6 .fF..@i...\.X...
00a0 ee 00 34 2a 88 81 5d 95 e6 5d 0d c9 90 8c 49 5b ..4*..]..]....I[
00b0 4c c4 50 2d 73 0d 6c 31 64 30 b9 47 15 2a cb 18 L.P-s.l1d0.G.*..
00c0 51 ee 14 ac 2d 2b 3a 80 4e ab 3d cb c8 80 36 1e Q...-+:.N.=...6.
00d0 21 60 fb d8 36 ab 01 80 e8 bf 3e 22 6d 15 1b ae !`..6.....>"m...
00e0 a2 aa d2 d9 f1 10 e1 a6 91 2b c8 9b 1b b0 55 e1 .........+....U.
00f0 dc b1 22 d5 cb 38 99 82 24 05 05 1e ba 96 b0 a1 .."..8..$.......
0100 c5 bd 46 88 58 0e e0 06 9d 78 ea 2a 62 9e 12 51 ..F.X....x.*b..Q
0110 65 fd cc 5a fb 12 d4 7b 29 b8 38 20 0e c4 2a 8e e..Z...{).8 ..*.
0120 3a 42 e6 81 af 7f a8 1d 58 5f 67 70 16 36 be 65 :B......X_gp.6.e
0130 1b 65 1d 7d 4c 81 74 7c f5 12 a9 f0 e2 00 2f 78 .e.}L.t|....../x
0140 0c 37 9d 8b e3 92 0a 03 c9 e2 54 33 4e c9 f3 fe .7........T3N...
0150 27 ff d9 '..
Data: 748a941f089d8abcae667012f9814101f4911000a42749c5...
[Length: 339]
No. Time Source Destination Protocol Info
6555 2012-06-20 08:39:31.714979 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6555: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:31.714979000 GMT Daylight Time
Epoch Time: 1340177971.714979000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.000336000 seconds]
[Time since reference or first frame: 63.693193000 seconds]
Frame Number: 6555
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2ab8 (10936)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd117 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 2109, Ack: 204525, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 2109 (relative sequence number)
[Next sequence number: 2346 (relative sequence number)]
Acknowledgement number: 204525 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x08f9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6554(200), #6555(237)]
[Frame: 6554, payload: 0-199 (200 bytes)]
[Frame: 6555, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6616 2012-06-20 08:39:32.035861 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6616: 1062 bytes on wire (8496 bits), 1062 bytes captured (8496 bits)
Arrival Time: Jun 20, 2012 08:39:32.035861000 GMT Daylight Time
Epoch Time: 1340177972.035861000 seconds
[Time delta from previous captured frame: 0.000070000 seconds]
[Time delta from previous displayed frame: 0.320882000 seconds]
[Time since reference or first frame: 64.014075000 seconds]
Frame Number: 6616
Frame Length: 1062 bytes (8496 bits)
Capture Length: 1062 bytes (8496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1048
Identification: 0xddb3 (56755)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6719 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 254562, Ack: 2346, Len: 1008
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 254562 (relative sequence number)
[Next sequence number: 255570 (relative sequence number)]
Acknowledgement number: 2346 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 52
[Calculated window size: 26624]
[Window size scaling factor: 512]
Checksum: 0x344d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2388]
TCP segment data (1008 bytes)
[40 Reassembled TCP Segments (51045 bytes): #6558(1380), #6559(1380), #6561(1380), #6562(241), #6564(1380), #6565(1380), #6567(1380), #6568(1380), #6570(1380), #6571(1380), #6573(1380), #6574(1380), #6576(544), #6577(1380), #6579(1380), #65]
[Frame: 6558, payload: 0-1379 (1380 bytes)]
[Frame: 6559, payload: 1380-2759 (1380 bytes)]
[Frame: 6561, payload: 2760-4139 (1380 bytes)]
[Frame: 6562, payload: 4140-4380 (241 bytes)]
[Frame: 6564, payload: 4381-5760 (1380 bytes)]
[Frame: 6565, payload: 5761-7140 (1380 bytes)]
[Frame: 6567, payload: 7141-8520 (1380 bytes)]
[Frame: 6568, payload: 8521-9900 (1380 bytes)]
[Frame: 6570, payload: 9901-11280 (1380 bytes)]
[Frame: 6571, payload: 11281-12660 (1380 bytes)]
[Frame: 6573, payload: 12661-14040 (1380 bytes)]
[Frame: 6574, payload: 14041-15420 (1380 bytes)]
[Frame: 6576, payload: 15421-15964 (544 bytes)]
[Frame: 6577, payload: 15965-17344 (1380 bytes)]
[Frame: 6579, payload: 17345-18724 (1380 bytes)]
[Frame: 6580, payload: 18725-20104 (1380 bytes)]
[Frame: 6582, payload: 20105-21484 (1380 bytes)]
[Frame: 6583, payload: 21485-22864 (1380 bytes)]
[Frame: 6585, payload: 22865-24244 (1380 bytes)]
[Frame: 6586, payload: 24245-25624 (1380 bytes)]
[Frame: 6588, payload: 25625-27004 (1380 bytes)]
[Frame: 6589, payload: 27005-28384 (1380 bytes)]
[Frame: 6591, payload: 28385-28996 (612 bytes)]
[Frame: 6592, payload: 28997-30376 (1380 bytes)]
[Frame: 6594, payload: 30377-31756 (1380 bytes)]
[Frame: 6595, payload: 31757-33136 (1380 bytes)]
[Frame: 6597, payload: 33137-34516 (1380 bytes)]
[Frame: 6598, payload: 34517-35896 (1380 bytes)]
[Frame: 6600, payload: 35897-36236 (340 bytes)]
[Frame: 6601, payload: 36237-37616 (1380 bytes)]
[Frame: 6603, payload: 37617-38996 (1380 bytes)]
[Frame: 6604, payload: 38997-40376 (1380 bytes)]
[Frame: 6606, payload: 40377-41756 (1380 bytes)]
[Frame: 6607, payload: 41757-43136 (1380 bytes)]
[Frame: 6609, payload: 43137-44516 (1380 bytes)]
[Frame: 6610, payload: 44517-45896 (1380 bytes)]
[Frame: 6612, payload: 45897-47276 (1380 bytes)]
[Frame: 6613, payload: 47277-48656 (1380 bytes)]
[Frame: 6615, payload: 48657-50036 (1380 bytes)]
[Frame: 6616, payload: 50037-51044 (1008 bytes)]
[Segment count: 40]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6619 2012-06-20 08:39:32.036173 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6619: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:32.036173000 GMT Daylight Time
Epoch Time: 1340177972.036173000 seconds
[Time delta from previous captured frame: 0.000044000 seconds]
[Time delta from previous displayed frame: 0.000312000 seconds]
[Time since reference or first frame: 64.014387000 seconds]
Frame Number: 6619
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2ace (10958)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd101 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 2546, Ack: 255570, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 2546 (relative sequence number)
[Next sequence number: 2783 (relative sequence number)]
Acknowledgement number: 255570 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0x3fde [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6618(200), #6619(237)]
[Frame: 6618, payload: 0-199 (200 bytes)]
[Frame: 6619, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6683 2012-06-20 08:39:32.336154 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6683: 1198 bytes on wire (9584 bits), 1198 bytes captured (9584 bits)
Arrival Time: Jun 20, 2012 08:39:32.336154000 GMT Daylight Time
Epoch Time: 1340177972.336154000 seconds
[Time delta from previous captured frame: 0.000091000 seconds]
[Time delta from previous displayed frame: 0.299981000 seconds]
[Time since reference or first frame: 64.314368000 seconds]
Frame Number: 6683
Frame Length: 1198 bytes (9584 bits)
Capture Length: 1198 bytes (9584 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1184
Identification: 0xdddc (56796)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6668 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 305471, Ack: 2783, Len: 1144
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 305471 (relative sequence number)
[Next sequence number: 306615 (relative sequence number)]
Acknowledgement number: 2783 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 56
[Calculated window size: 28672]
[Window size scaling factor: 512]
Checksum: 0xb170 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 2524]
TCP segment data (1144 bytes)
[40 Reassembled TCP Segments (51045 bytes): #6625(1380), #6626(1380), #6628(1380), #6629(1380), #6631(1380), #6632(1380), #6634(1380), #6635(1380), #6637(1380), #6638(1380), #6640(717), #6641(1380), #6643(68), #6644(1380), #6646(1380), #664]
[Frame: 6625, payload: 0-1379 (1380 bytes)]
[Frame: 6626, payload: 1380-2759 (1380 bytes)]
[Frame: 6628, payload: 2760-4139 (1380 bytes)]
[Frame: 6629, payload: 4140-5519 (1380 bytes)]
[Frame: 6631, payload: 5520-6899 (1380 bytes)]
[Frame: 6632, payload: 6900-8279 (1380 bytes)]
[Frame: 6634, payload: 8280-9659 (1380 bytes)]
[Frame: 6635, payload: 9660-11039 (1380 bytes)]
[Frame: 6637, payload: 11040-12419 (1380 bytes)]
[Frame: 6638, payload: 12420-13799 (1380 bytes)]
[Frame: 6640, payload: 13800-14516 (717 bytes)]
[Frame: 6641, payload: 14517-15896 (1380 bytes)]
[Frame: 6643, payload: 15897-15964 (68 bytes)]
[Frame: 6644, payload: 15965-17344 (1380 bytes)]
[Frame: 6646, payload: 17345-18724 (1380 bytes)]
[Frame: 6647, payload: 18725-20104 (1380 bytes)]
[Frame: 6649, payload: 20105-21484 (1380 bytes)]
[Frame: 6650, payload: 21485-22864 (1380 bytes)]
[Frame: 6652, payload: 22865-24244 (1380 bytes)]
[Frame: 6653, payload: 24245-25624 (1380 bytes)]
[Frame: 6655, payload: 25625-27004 (1380 bytes)]
[Frame: 6656, payload: 27005-28384 (1380 bytes)]
[Frame: 6658, payload: 28385-28996 (612 bytes)]
[Frame: 6659, payload: 28997-30376 (1380 bytes)]
[Frame: 6661, payload: 30377-31756 (1380 bytes)]
[Frame: 6662, payload: 31757-33136 (1380 bytes)]
[Frame: 6664, payload: 33137-33340 (204 bytes)]
[Frame: 6665, payload: 33341-34720 (1380 bytes)]
[Frame: 6667, payload: 34721-36100 (1380 bytes)]
[Frame: 6668, payload: 36101-37480 (1380 bytes)]
[Frame: 6670, payload: 37481-38860 (1380 bytes)]
[Frame: 6671, payload: 38861-40240 (1380 bytes)]
[Frame: 6673, payload: 40241-41620 (1380 bytes)]
[Frame: 6674, payload: 41621-43000 (1380 bytes)]
[Frame: 6676, payload: 43001-44380 (1380 bytes)]
[Frame: 6677, payload: 44381-45760 (1380 bytes)]
[Frame: 6679, payload: 45761-47140 (1380 bytes)]
[Frame: 6680, payload: 47141-48520 (1380 bytes)]
[Frame: 6682, payload: 48521-49900 (1380 bytes)]
[Frame: 6683, payload: 49901-51044 (1144 bytes)]
[Segment count: 40]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6685 2012-06-20 08:39:32.336515 172.28.13.6 76.74.248.166 HTTP GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6685: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits)
Arrival Time: Jun 20, 2012 08:39:32.336515000 GMT Daylight Time
Epoch Time: 1340177972.336515000 seconds
[Time delta from previous captured frame: 0.000339000 seconds]
[Time delta from previous displayed frame: 0.000361000 seconds]
[Time since reference or first frame: 64.314729000 seconds]
Frame Number: 6685
Frame Length: 210 bytes (1680 bits)
Capture Length: 210 bytes (1680 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 196
Identification: 0x2ae3 (10979)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd13d [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 2783, Ack: 306615, Len: 156
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 2783 (relative sequence number)
[Next sequence number: 2939 (relative sequence number)]
Acknowledgement number: 306615 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 258
[Calculated window size: 66048]
[Window size scaling factor: 256]
Checksum: 0xdeec [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 156]
Hypertext Transfer Protocol
GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: GET /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Accept-Encoding: gzip\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
No. Time Source Destination Protocol Info
6748 2012-06-20 08:39:32.607851 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6748: 147 bytes on wire (1176 bits), 147 bytes captured (1176 bits)
Arrival Time: Jun 20, 2012 08:39:32.607851000 GMT Daylight Time
Epoch Time: 1340177972.607851000 seconds
[Time delta from previous captured frame: 0.000055000 seconds]
[Time delta from previous displayed frame: 0.271336000 seconds]
[Time since reference or first frame: 64.586065000 seconds]
Frame Number: 6748
Frame Length: 147 bytes (1176 bits)
Capture Length: 147 bytes (1176 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 133
Identification: 0xde06 (56838)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x6a59 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 357571, Ack: 2939, Len: 93
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 357571 (relative sequence number)
[Next sequence number: 357664 (relative sequence number)]
Acknowledgement number: 2939 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 58
[Calculated window size: 29696]
[Window size scaling factor: 512]
Checksum: 0x35ef [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1473]
TCP segment data (93 bytes)
[42 Reassembled TCP Segments (51049 bytes): #6686(1380), #6687(1380), #6689(1380), #6690(1380), #6692(1380), #6693(684), #6695(1380), #6696(1380), #6698(1380), #6699(1380), #6701(1380), #6702(1380), #6704(408), #6705(1380), #6707(1380), #67]
[Frame: 6686, payload: 0-1379 (1380 bytes)]
[Frame: 6687, payload: 1380-2759 (1380 bytes)]
[Frame: 6689, payload: 2760-4139 (1380 bytes)]
[Frame: 6690, payload: 4140-5519 (1380 bytes)]
[Frame: 6692, payload: 5520-6899 (1380 bytes)]
[Frame: 6693, payload: 6900-7583 (684 bytes)]
[Frame: 6695, payload: 7584-8963 (1380 bytes)]
[Frame: 6696, payload: 8964-10343 (1380 bytes)]
[Frame: 6698, payload: 10344-11723 (1380 bytes)]
[Frame: 6699, payload: 11724-13103 (1380 bytes)]
[Frame: 6701, payload: 13104-14483 (1380 bytes)]
[Frame: 6702, payload: 14484-15863 (1380 bytes)]
[Frame: 6704, payload: 15864-16271 (408 bytes)]
[Frame: 6705, payload: 16272-17651 (1380 bytes)]
[Frame: 6707, payload: 17652-19031 (1380 bytes)]
[Frame: 6708, payload: 19032-20411 (1380 bytes)]
[Frame: 6710, payload: 20412-20615 (204 bytes)]
[Frame: 6711, payload: 20616-21995 (1380 bytes)]
[Frame: 6713, payload: 21996-23375 (1380 bytes)]
[Frame: 6714, payload: 23376-24755 (1380 bytes)]
[Frame: 6716, payload: 24756-26135 (1380 bytes)]
[Frame: 6717, payload: 26136-27515 (1380 bytes)]
[Frame: 6719, payload: 27516-28895 (1380 bytes)]
[Frame: 6720, payload: 28896-30275 (1380 bytes)]
[Frame: 6722, payload: 30276-31655 (1380 bytes)]
[Frame: 6723, payload: 31656-33035 (1380 bytes)]
[Frame: 6725, payload: 33036-33647 (612 bytes)]
[Frame: 6726, payload: 33648-35027 (1380 bytes)]
[Frame: 6728, payload: 35028-35095 (68 bytes)]
[Frame: 6729, payload: 35096-36475 (1380 bytes)]
[Frame: 6731, payload: 36476-37855 (1380 bytes)]
[Frame: 6732, payload: 37856-39235 (1380 bytes)]
[Frame: 6734, payload: 39236-40615 (1380 bytes)]
[Frame: 6735, payload: 40616-41995 (1380 bytes)]
[Frame: 6737, payload: 41996-43375 (1380 bytes)]
[Frame: 6738, payload: 43376-44755 (1380 bytes)]
[Frame: 6740, payload: 44756-46135 (1380 bytes)]
[Frame: 6741, payload: 46136-47515 (1380 bytes)]
[Frame: 6743, payload: 47516-48895 (1380 bytes)]
[Frame: 6744, payload: 48896-49575 (680 bytes)]
[Frame: 6747, payload: 49576-50955 (1380 bytes)]
[Frame: 6748, payload: 50956-51048 (93 bytes)]
[Segment count: 42]
[Reassembled TCP length: 51049]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
X-nc: HIT sat 86\r\n
Accept-Ranges: bytes\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6751 2012-06-20 08:39:32.608301 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6751: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:32.608301000 GMT Daylight Time
Epoch Time: 1340177972.608301000 seconds
[Time delta from previous captured frame: 0.000064000 seconds]
[Time delta from previous displayed frame: 0.000450000 seconds]
[Time since reference or first frame: 64.586515000 seconds]
Frame Number: 6751
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2afa (11002)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd0d5 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 3139, Ack: 357664, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 3139 (relative sequence number)
[Next sequence number: 3376 (relative sequence number)]
Acknowledgement number: 357664 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 11999
[Calculated window size: 3071744]
[Window size scaling factor: 256]
Checksum: 0x80e0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6750(200), #6751(237)]
[Frame: 6750, payload: 0-199 (200 bytes)]
[Frame: 6751, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6813 2012-06-20 08:39:32.916509 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6813: 1062 bytes on wire (8496 bits), 1062 bytes captured (8496 bits)
Arrival Time: Jun 20, 2012 08:39:32.916509000 GMT Daylight Time
Epoch Time: 1340177972.916509000 seconds
[Time delta from previous captured frame: 0.000098000 seconds]
[Time delta from previous displayed frame: 0.308208000 seconds]
[Time since reference or first frame: 64.894723000 seconds]
Frame Number: 6813
Frame Length: 1062 bytes (8496 bits)
Capture Length: 1062 bytes (8496 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1048
Identification: 0xde30 (56880)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x669c [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 407701, Ack: 3376, Len: 1008
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 407701 (relative sequence number)
[Next sequence number: 408709 (relative sequence number)]
Acknowledgement number: 3376 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 63
[Calculated window size: 32256]
[Window size scaling factor: 512]
Checksum: 0xda06 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1008]
TCP segment data (1008 bytes)
[41 Reassembled TCP Segments (51045 bytes): #6753(1380), #6754(1380), #6756(1380), #6757(1380), #6759(1380), #6760(1380), #6762(445), #6763(1380), #6765(1380), #6766(1380), #6768(1380), #6769(272), #6771(1380), #6772(1380), #6774(1380), #67]
[Frame: 6753, payload: 0-1379 (1380 bytes)]
[Frame: 6754, payload: 1380-2759 (1380 bytes)]
[Frame: 6756, payload: 2760-4139 (1380 bytes)]
[Frame: 6757, payload: 4140-5519 (1380 bytes)]
[Frame: 6759, payload: 5520-6899 (1380 bytes)]
[Frame: 6760, payload: 6900-8279 (1380 bytes)]
[Frame: 6762, payload: 8280-8724 (445 bytes)]
[Frame: 6763, payload: 8725-10104 (1380 bytes)]
[Frame: 6765, payload: 10105-11484 (1380 bytes)]
[Frame: 6766, payload: 11485-12864 (1380 bytes)]
[Frame: 6768, payload: 12865-14244 (1380 bytes)]
[Frame: 6769, payload: 14245-14516 (272 bytes)]
[Frame: 6771, payload: 14517-15896 (1380 bytes)]
[Frame: 6772, payload: 15897-17276 (1380 bytes)]
[Frame: 6774, payload: 17277-18656 (1380 bytes)]
[Frame: 6775, payload: 18657-20036 (1380 bytes)]
[Frame: 6777, payload: 20037-21416 (1380 bytes)]
[Frame: 6778, payload: 21417-21756 (340 bytes)]
[Frame: 6780, payload: 21757-23136 (1380 bytes)]
[Frame: 6781, payload: 23137-24516 (1380 bytes)]
[Frame: 6783, payload: 24517-25896 (1380 bytes)]
[Frame: 6784, payload: 25897-27276 (1380 bytes)]
[Frame: 6786, payload: 27277-28656 (1380 bytes)]
[Frame: 6787, payload: 28657-28996 (340 bytes)]
[Frame: 6789, payload: 28997-30376 (1380 bytes)]
[Frame: 6790, payload: 30377-31756 (1380 bytes)]
[Frame: 6792, payload: 31757-33136 (1380 bytes)]
[Frame: 6793, payload: 33137-34516 (1380 bytes)]
[Frame: 6795, payload: 34517-35896 (1380 bytes)]
[Frame: 6796, payload: 35897-36236 (340 bytes)]
[Frame: 6798, payload: 36237-37616 (1380 bytes)]
[Frame: 6799, payload: 37617-38996 (1380 bytes)]
[Frame: 6801, payload: 38997-40376 (1380 bytes)]
[Frame: 6802, payload: 40377-41756 (1380 bytes)]
[Frame: 6804, payload: 41757-43136 (1380 bytes)]
[Frame: 6805, payload: 43137-44516 (1380 bytes)]
[Frame: 6807, payload: 44517-45896 (1380 bytes)]
[Frame: 6808, payload: 45897-47276 (1380 bytes)]
[Frame: 6810, payload: 47277-48656 (1380 bytes)]
[Frame: 6811, payload: 48657-50036 (1380 bytes)]
[Frame: 6813, payload: 50037-51044 (1008 bytes)]
[Segment count: 41]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:13 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:13 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6815 2012-06-20 08:39:32.916817 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6815: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:32.916817000 GMT Daylight Time
Epoch Time: 1340177972.916817000 seconds
[Time delta from previous captured frame: 0.000044000 seconds]
[Time delta from previous displayed frame: 0.000308000 seconds]
[Time since reference or first frame: 64.895031000 seconds]
Frame Number: 6815
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2b10 (11024)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd0bf [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 3576, Ack: 408709, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 3576 (relative sequence number)
[Next sequence number: 3813 (relative sequence number)]
Acknowledgement number: 408709 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 11995
[Calculated window size: 3070720]
[Window size scaling factor: 256]
Checksum: 0xb7c9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6814(200), #6815(237)]
[Frame: 6814, payload: 0-199 (200 bytes)]
[Frame: 6815, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6885 2012-06-20 08:39:33.391399 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6885: 450 bytes on wire (3600 bits), 450 bytes captured (3600 bits)
Arrival Time: Jun 20, 2012 08:39:33.391399000 GMT Daylight Time
Epoch Time: 1340177973.391399000 seconds
[Time delta from previous captured frame: 0.000050000 seconds]
[Time delta from previous displayed frame: 0.474582000 seconds]
[Time since reference or first frame: 65.369613000 seconds]
Frame Number: 6885
Frame Length: 450 bytes (3600 bits)
Capture Length: 450 bytes (3600 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 436
Identification: 0xde5b (56923)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x68d5 [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 459358, Ack: 3813, Len: 396
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 459358 (relative sequence number)
[Next sequence number: 459754 (relative sequence number)]
Acknowledgement number: 3813 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 67
[Calculated window size: 34304]
[Window size scaling factor: 512]
Checksum: 0x0643 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1776]
TCP segment data (396 bytes)
[42 Reassembled TCP Segments (51045 bytes): #6821(1380), #6822(1380), #6825(1380), #6826(1380), #6828(1380), #6829(377), #6831(1380), #6832(1380), #6834(1380), #6835(1380), #6837(1380), #6838(340), #6840(1380), #6841(1380), #6843(1380), #68]
[Frame: 6821, payload: 0-1379 (1380 bytes)]
[Frame: 6822, payload: 1380-2759 (1380 bytes)]
[Frame: 6825, payload: 2760-4139 (1380 bytes)]
[Frame: 6826, payload: 4140-5519 (1380 bytes)]
[Frame: 6828, payload: 5520-6899 (1380 bytes)]
[Frame: 6829, payload: 6900-7276 (377 bytes)]
[Frame: 6831, payload: 7277-8656 (1380 bytes)]
[Frame: 6832, payload: 8657-10036 (1380 bytes)]
[Frame: 6834, payload: 10037-11416 (1380 bytes)]
[Frame: 6835, payload: 11417-12796 (1380 bytes)]
[Frame: 6837, payload: 12797-14176 (1380 bytes)]
[Frame: 6838, payload: 14177-14516 (340 bytes)]
[Frame: 6840, payload: 14517-15896 (1380 bytes)]
[Frame: 6841, payload: 15897-17276 (1380 bytes)]
[Frame: 6843, payload: 17277-18656 (1380 bytes)]
[Frame: 6844, payload: 18657-20036 (1380 bytes)]
[Frame: 6846, payload: 20037-21416 (1380 bytes)]
[Frame: 6847, payload: 21417-22796 (1380 bytes)]
[Frame: 6849, payload: 22797-24176 (1380 bytes)]
[Frame: 6850, payload: 24177-25556 (1380 bytes)]
[Frame: 6852, payload: 25557-26100 (544 bytes)]
[Frame: 6853, payload: 26101-27480 (1380 bytes)]
[Frame: 6855, payload: 27481-28860 (1380 bytes)]
[Frame: 6856, payload: 28861-30240 (1380 bytes)]
[Frame: 6858, payload: 30241-31620 (1380 bytes)]
[Frame: 6859, payload: 31621-33000 (1380 bytes)]
[Frame: 6861, payload: 33001-34380 (1380 bytes)]
[Frame: 6862, payload: 34381-35760 (1380 bytes)]
[Frame: 6864, payload: 35761-37140 (1380 bytes)]
[Frame: 6865, payload: 37141-38520 (1380 bytes)]
[Frame: 6867, payload: 38521-39900 (1380 bytes)]
[Frame: 6868, payload: 39901-40580 (680 bytes)]
[Frame: 6870, payload: 40581-41960 (1380 bytes)]
[Frame: 6871, payload: 41961-43340 (1380 bytes)]
[Frame: 6873, payload: 43341-43476 (136 bytes)]
[Frame: 6874, payload: 43477-44856 (1380 bytes)]
[Frame: 6876, payload: 44857-46236 (1380 bytes)]
[Frame: 6877, payload: 46237-47616 (1380 bytes)]
[Frame: 6879, payload: 47617-48996 (1380 bytes)]
[Frame: 6880, payload: 48997-49268 (272 bytes)]
[Frame: 6884, payload: 49269-50648 (1380 bytes)]
[Frame: 6885, payload: 50649-51044 (396 bytes)]
[Segment count: 42]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:14 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:14 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)
No. Time Source Destination Protocol Info
6888 2012-06-20 08:39:33.391740 172.28.13.6 76.74.248.166 HTTP/XML PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1
Frame 6888: 291 bytes on wire (2328 bits), 291 bytes captured (2328 bits)
Arrival Time: Jun 20, 2012 08:39:33.391740000 GMT Daylight Time
Epoch Time: 1340177973.391740000 seconds
[Time delta from previous captured frame: 0.000044000 seconds]
[Time delta from previous displayed frame: 0.000341000 seconds]
[Time since reference or first frame: 65.369954000 seconds]
Frame Number: 6888
Frame Length: 291 bytes (2328 bits)
Capture Length: 291 bytes (2328 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:xml]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_02:80:b0 (a4:ba:db:02:80:b0), Dst: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Destination: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.28.13.6 (172.28.13.6), Dst: 76.74.248.166 (76.74.248.166)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 277
Identification: 0x2b27 (11047)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0xd0a8 [correct]
[Good: True]
[Bad: False]
Source: 172.28.13.6 (172.28.13.6)
Destination: 76.74.248.166 (76.74.248.166)
Transmission Control Protocol, Src Port: ipass (2549), Dst Port: http (80), Seq: 4013, Ack: 459754, Len: 237
Source port: ipass (2549)
Destination port: http (80)
[Stream index: 59]
Sequence number: 4013 (relative sequence number)
[Next sequence number: 4250 (relative sequence number)]
Acknowledgement number: 459754 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 23821
[Calculated window size: 6098176]
[Window size scaling factor: 256]
Checksum: 0xc07c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 437]
TCP segment data (237 bytes)
[2 Reassembled TCP Segments (437 bytes): #6887(200), #6888(237)]
[Frame: 6887, payload: 0-199 (200 bytes)]
[Frame: 6888, payload: 200-436 (237 bytes)]
[Segment count: 2]
[Reassembled TCP length: 437]
Hypertext Transfer Protocol
PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Message: PROPFIND /2009/11/img_01211.jpg?w=441&h=640 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: PROPFIND
Request URI: /2009/11/img_01211.jpg?w=441&h=640
Request Version: HTTP/1.1
Connection: TE\r\n
TE: trailers\r\n
Host: yaytay.files.wordpress.com\r\n
Depth: 0\r\n
Content-Length: 237\r\n
[Content length: 237]
Content-Type: application/xml\r\n
Pragma: no-cache\r\n
\r\n
[Full request URI: http://yaytay.files.wordpress.com/2009/11/img_01211.jpg?w=441&h=640]
eXtensible Markup Language
No. Time Source Destination Protocol Info
6952 2012-06-20 08:39:33.720160 76.74.248.166 172.28.13.6 HTTP HTTP/1.1 200 OK (JPEG JFIF image)
Frame 6952: 722 bytes on wire (5776 bits), 722 bytes captured (5776 bits)
Arrival Time: Jun 20, 2012 08:39:33.720160000 GMT Daylight Time
Epoch Time: 1340177973.720160000 seconds
[Time delta from previous captured frame: 0.000034000 seconds]
[Time delta from previous displayed frame: 0.328420000 seconds]
[Time since reference or first frame: 65.698374000 seconds]
Frame Number: 6952
Frame Length: 722 bytes (5776 bits)
Capture Length: 722 bytes (5776 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:image-jfif]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41), Dst: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Destination: Dell_02:80:b0 (a4:ba:db:02:80:b0)
Address: Dell_02:80:b0 (a4:ba:db:02:80:b0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
Address: Cisco_d5:e4:41 (f4:ac:c1:d5:e4:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 76.74.248.166 (76.74.248.166), Dst: 172.28.13.6 (172.28.13.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 708
Identification: 0xde85 (56965)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x679b [correct]
[Good: True]
[Bad: False]
Source: 76.74.248.166 (76.74.248.166)
Destination: 172.28.13.6 (172.28.13.6)
Transmission Control Protocol, Src Port: http (80), Dst Port: ipass (2549), Seq: 510131, Ack: 4250, Len: 668
Source port: http (80)
Destination port: ipass (2549)
[Stream index: 59]
Sequence number: 510131 (relative sequence number)
[Next sequence number: 510799 (relative sequence number)]
Acknowledgement number: 4250 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 71
[Calculated window size: 36352]
[Window size scaling factor: 512]
Checksum: 0xa8eb [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 668]
TCP segment data (668 bytes)
[41 Reassembled TCP Segments (51045 bytes): #6891(1380), #6892(1380), #6894(1380), #6895(1380), #6897(309), #6898(1380), #6900(1380), #6901(1380), #6903(1380), #6904(1380), #6906(1380), #6907(408), #6910(1380), #6911(1380), #6913(136), #691]
[Frame: 6891, payload: 0-1379 (1380 bytes)]
[Frame: 6892, payload: 1380-2759 (1380 bytes)]
[Frame: 6894, payload: 2760-4139 (1380 bytes)]
[Frame: 6895, payload: 4140-5519 (1380 bytes)]
[Frame: 6897, payload: 5520-5828 (309 bytes)]
[Frame: 6898, payload: 5829-7208 (1380 bytes)]
[Frame: 6900, payload: 7209-8588 (1380 bytes)]
[Frame: 6901, payload: 8589-9968 (1380 bytes)]
[Frame: 6903, payload: 9969-11348 (1380 bytes)]
[Frame: 6904, payload: 11349-12728 (1380 bytes)]
[Frame: 6906, payload: 12729-14108 (1380 bytes)]
[Frame: 6907, payload: 14109-14516 (408 bytes)]
[Frame: 6910, payload: 14517-15896 (1380 bytes)]
[Frame: 6911, payload: 15897-17276 (1380 bytes)]
[Frame: 6913, payload: 17277-17412 (136 bytes)]
[Frame: 6914, payload: 17413-18792 (1380 bytes)]
[Frame: 6916, payload: 18793-20172 (1380 bytes)]
[Frame: 6917, payload: 20173-21552 (1380 bytes)]
[Frame: 6919, payload: 21553-22932 (1380 bytes)]
[Frame: 6920, payload: 22933-24312 (1380 bytes)]
[Frame: 6922, payload: 24313-25692 (1380 bytes)]
[Frame: 6923, payload: 25693-27072 (1380 bytes)]
[Frame: 6925, payload: 27073-28452 (1380 bytes)]
[Frame: 6926, payload: 28453-28996 (544 bytes)]
[Frame: 6928, payload: 28997-30376 (1380 bytes)]
[Frame: 6929, payload: 30377-31756 (1380 bytes)]
[Frame: 6931, payload: 31757-33136 (1380 bytes)]
[Frame: 6932, payload: 33137-34516 (1380 bytes)]
[Frame: 6934, payload: 34517-35896 (1380 bytes)]
[Frame: 6935, payload: 35897-37276 (1380 bytes)]
[Frame: 6937, payload: 37277-38656 (1380 bytes)]
[Frame: 6938, payload: 38657-40036 (1380 bytes)]
[Frame: 6940, payload: 40037-41416 (1380 bytes)]
[Frame: 6941, payload: 41417-42796 (1380 bytes)]
[Frame: 6943, payload: 42797-43476 (680 bytes)]
[Frame: 6944, payload: 43477-44856 (1380 bytes)]
[Frame: 6946, payload: 44857-46236 (1380 bytes)]
[Frame: 6947, payload: 46237-47616 (1380 bytes)]
[Frame: 6949, payload: 47617-48996 (1380 bytes)]
[Frame: 6950, payload: 48997-50376 (1380 bytes)]
[Frame: 6952, payload: 50377-51044 (668 bytes)]
[Segment count: 41]
[Reassembled TCP length: 51045]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
[Message: HTTP/1.1 200 OK\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Server: nginx\r\n
Date: Wed, 20 Jun 2012 07:41:14 GMT\r\n
Content-Type: image/jpeg\r\n
Connection: keep-alive\r\n
Content-Length: 50705\r\n
[Content length: 50705]
Last-Modified: Sun, 01 Nov 2009 07:49:07 GMT\r\n
Expires: Thu, 20 Jun 2013 07:41:14 GMT\r\n
X-hawt: very\r\n
X-Orig-Src: 0_imageresize\r\n
Accept-Ranges: bytes\r\n
X-nc: sat 86\r\n
Cache-Control: max-age=31536000\r\n
\r\n
JPEG File Interchange Format
Marker: Start of Image (0xffd8)
Marker segment: Reserved for application segments - 0 (0xFFE0)
Marker: Reserved for application segments - 0 (0xffe0)
Length: 16
Identifier: JFIF
Version: 1.2
Major Version: 1
Minor Version: 2
Units: Dots per inch (1)
Xdensity: 180
Ydensity: 180
Xthumbnail: 0
Ythumbnail: 0
Marker segment: Reserved for application segments - 1 (0xFFE1)
Marker: Reserved for application segments - 1 (0xffe1)
Length: 5727
Identifier: Exif
Endianness: little endian
Start offset of IFD starting from the TIFF header start: 8 bytes
Number of fields in this IFD: 10
Exif Tag: 0x010F (Make), Type: 2 (ASCII), Count: 6, Value offset from start of TIFF header: 134
Exif Tag: 0x0110 (Model), Type: 2 (ASCII), Count: 22, Value offset from start of TIFF header: 140
Exif Tag: 0x0112 (Orientation), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 162
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 170
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0131 (Software), Type: 2 (ASCII), Count: 41, Value offset from start of TIFF header: 178
Exif Tag: 0x0132 (DateTime), Type: 2 (ASCII), Count: 21, Value offset from start of TIFF header: 220
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 1
Exif Tag: 0x8769 (Exif IFD Pointer), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 242
Offset to next IFD from start of TIFF header: 1076 bytes
Number of fields in this IFD: 7
Exif Tag: 0x0103 (Compression), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 6
Exif Tag: 0x011A (XResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1166
Exif Tag: 0x011B (YResolution), Type: 5 (RATIONAL), Count: 1, Value offset from start of TIFF header: 1174
Exif Tag: 0x0128 (ResolutionUnit), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Exif Tag: 0x0201 (JPEGInterchangeFormat), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 1182
Exif Tag: 0x0202 (JPEGInterchangeFormatLength), Type: 4 (LONG), Count: 1, Value offset from start of TIFF header: 4515
Exif Tag: 0x0213 (YCbCrPositioning), Type: 3 (SHORT), Count: 1, Value offset from start of TIFF header: 2
Offset to next IFD from start of TIFF header: 0 bytes
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Marker segment: Define quantization table(s) (0xFFDB)
Marker: Define quantization table(s) (0xffdb)
Length: 67
Remaining segment data (65 bytes)
Start of Frame header: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xFFC2)
Marker: Start of Frame (non-differential, Huffman coding) - Progressive DCT (0xffc2)
Length: 17
Sample Precision (bits): 8
Lines: 640
Samples per line: 441
Number of image components in frame: 3
Component identifier: 1
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 0
Component identifier: 2
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Component identifier: 3
0001 .... = Horizontal sampling factor: 1
.... 0001 = Vertical sampling factor: 1
Quantization table destination selector: 1
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 27
Remaining segment data (25 bytes)
Marker segment: Define Huffman table(s) (0xFFC4)
Marker: Define Huffman table(s) (0xffc4)
Length: 25
Remaining segment data (23 bytes)
Start of Segment header: Start of Scan (0xFFDA)
Marker: Start of Scan (0xffda)
Length: 12
Number of image components in scan: 3
Scan component selector: 1
0000 .... = DC entropy coding table destination selector: 0
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 2
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Scan component selector: 3
0001 .... = DC entropy coding table destination selector: 1
.... 0000 = AC entropy coding table destination selector: 0
Start of spectral or predictor selection: 0
End of spectral selection: 0
0000 .... = Successive approximation bit position high: 0
.... 0001 = Successive approximation bit position low or point transform: 1
JFIF dissection stops here (dissection of a scan is not yet implemented)