TrevorS/tcpdump_output.txt

## tcpdump_output.txt
SM_sdp1:/home/smadm/dump# tcpdump -S -nn -s 0 -XX -vvv \(dst 172.28.124.60 or src 172.28.124.60\) and not port 22
tcpdump: WARNING: BIOCPROMISC: Not owner
tcpdump: listening on en2, link-type 1, capture size 65535 bytes
10:53:46.017035 IP (tos 0x0, ttl 122, id 20285, offset 0, flags [none], proto: TCP (6), length: 44) 172.28.124.60.54418 > 172.20.71.47.1521: S, cksum 0xe468 (correct) 2732695011:2732695011(0) win 32120 <mss 1300>
        0x0000:  e41f 13a5 5724 0023 0418 dc80 0800 4500  ....W$.#......E.
        0x0010:  002c 4f3d 0000 7a06 d5f2 ac1c 7c3c ac14  .,O=..z.....|<..
        0x0020:  472f d492 05f1 a2e1 9de3 0000 0000 6002  G/............`.
        0x0030:  7d78 e468 0000 0204 0514 0000            }x.h........
10:53:46.017072 IP (tos 0x0, ttl  60, id 30139, offset 0, flags [DF], proto: TCP (6), length: 44) 172.20.71.47.1521 > 172.28.124.60.54418: S, cksum 0x00e0 (correct) 88759046:88759046(0) ack 2732695012 win 65535 <mss 1460>
        0x0000:  0000 0c9f f3f3 e41f 13a5 5724 0800 4500  ..........W$..E.
        0x0010:  002c 75bb 4000 3c06 ad74 ac14 472f ac1c  .,u.@.<..t..G/..
        0x0020:  7c3c 05f1 d492 054a 5b06 a2e1 9de4 6012  |<.....J[.....`.
        0x0030:  ffff 00e0 0000 0204 05b4 0000            ............
10:53:46.076037 IP (tos 0x0, ttl 122, id 20287, offset 0, flags [none], proto: TCP (6), length: 40) 172.28.124.60.54418 > 172.20.71.47.1521: ., cksum 0x9b24 (correct) 2732695012:2732695012(0) ack 88759047 win 32120
        0x0000:  e41f 13a5 5724 0023 0418 dc80 0800 4500  ....W$.#......E.
        0x0010:  0028 4f3f 0000 7a06 d5f4 ac1c 7c3c ac14  .(O?..z.....|<..
        0x0020:  472f d492 05f1 a2e1 9de4 054a 5b07 5010  G/.........J[.P.
        0x0030:  7d78 9b24 0000 0000 0000 0000            }x.$........
10:53:46.081269 IP (tos 0x0, ttl 122, id 20289, offset 0, flags [none], proto: TCP (6), length: 250) 172.28.124.60.54418 > 172.20.71.47.1521: P, cksum 0x4add (correct) 2732695012:2732695222(210) ack 88759047 win 32120
        0x0000:  e41f 13a5 5724 0023 0418 dc80 0800 4500  ....W$.#......E.
        0x0010:  00fa 4f41 0000 7a06 d520 ac1c 7c3c ac14  ..OA..z.....|<..
        0x0020:  472f d492 05f1 a2e1 9de4 054a 5b07 5018  G/.........J[.P.
        0x0030:  7d78 4add 0000 00d2 0000 0100 0000 0136  }xJ............6
        0x0040:  012c 0c41 2000 7fff 4f98 0000 0001 0098  .,.A....O.......
        0x0050:  003a 0000 0000 8181 0000 0000 0000 0000  .:..............
        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0070:  2844 4553 4352 4950 5449 4f4e 3d28 434f  (DESCRIPTION=(CO
        0x0080:  4e4e 4543 545f 4441 5441 3d28 5349 443d  NNECT_DATA=(SID=
        0x0090:  646d 6462 2928 4349 443d 2850 524f 4752  dmdb)(CID=(PROGR
        0x00a0:  414d 3d53 514c 2044 6576 656c 6f70 6572  AM=SQL.Developer
        0x00b0:  2928 484f 5354 3d5f 5f6a 6462 635f 5f29  )(HOST=__jdbc__)
        0x00c0:  2855 5345 523d 5639 3930 3034 3736 2929  (USER=V9900476))
        0x00d0:  2928 4144 4452 4553 533d 2850 524f 544f  )(ADDRESS=(PROTO
        0x00e0:  434f 4c3d 7463 7029 2848 4f53 543d 3137  COL=tcp)(HOST=17
        0x00f0:  322e 3230 2e37 312e 3437 2928 504f 5254  2.20.71.47)(PORT
        0x0100:  3d31 3532 3129 2929                      =1521)))
10:53:46.081282 IP (tos 0x0, ttl  60, id 30157, offset 0, flags [DF], proto: TCP (6), length: 40) 172.20.71.47.1521 > 172.28.124.60.54418: ., cksum 0x17cb (correct) 88759047:88759047(0) ack 2732695222 win 65535
        0x0000:  0000 0c9f f3f3 e41f 13a5 5724 0800 4500  ..........W$..E.
        0x0010:  0028 75cd 4000 3c06 ad66 ac14 472f ac1c  .(u.@.<..f..G/..
        0x0020:  7c3c 05f1 d492 054a 5b07 a2e1 9eb6 5010  |<.....J[.....P.
        0x0030:  ffff 17cb 0000 0000 0000 0000            ............
10:53:46.104219 IP (tos 0x0, ttl  60, id 30181, offset 0, flags [DF], proto: TCP (6), length: 48) 172.20.71.47.1521 > 172.28.124.60.54418: P, cksum 0x0000 (incorrect -> 0x0cb3) 88759047:88759055(8) ack 2732695222 win 65535
        0x0000:  0000 0c9f f3f3 e41f 13a5 5724 0800 4500  ..........W$..E.
        0x0010:  0030 75e5 4000 3c06 ad46 ac14 472f ac1c  .0u.@.<..F..G/..
        0x0020:  7c3c 05f1 d492 054a 5b07 a2e1 9eb6 5018  |<.....J[.....P.
        0x0030:  ffff 0000 0000 0008 0000 0b00 0000       ..............
10:53:46.119859 IP (tos 0x0, ttl 122, id 20290, offset 0, flags [none], proto: TCP (6), length: 40) 172.28.124.60.54418 > 172.20.71.47.1521: ., cksum 0x9a52 (correct) 2732695222:2732695222(0) ack 88759055 win 32112
        0x0000:  e41f 13a5 5724 0023 0418 dc80 0800 4500  ....W$.#......E.
        0x0010:  0028 4f42 0000 7a06 d5f1 ac1c 7c3c ac14  .(OB..z.....|<..
        0x0020:  472f d492 05f1 a2e1 9eb6 054a 5b0f 5010  G/.........J[.P.
        0x0030:  7d70 9a52 0000 0000 0000 0000            }p.R........
10:54:46.114177 IP (tos 0x0, ttl  60, id 36445, offset 0, flags [DF], proto: TCP (6), length: 40) 172.20.71.47.1521 > 172.28.124.60.54418: R, cksum 0x17bf (correct) 88759055:88759055(0) ack 2732695222 win 65535
        0x0000:  0000 0c9f f3f3 e41f 13a5 5724 0800 4500  ..........W$..E.
        0x0010:  0028 8e5d 4000 3c06 94d6 ac14 472f ac1c  .(.]@.<.....G/..
        0x0020:  7c3c 05f1 d492 054a 5b0f a2e1 9eb6 5014  |<.....J[.....P.
        0x0030:  ffff 17bf 0000 0000 0000 0000            ............
	SM_sdp1:/home/smadm/dump# tcpdump -S -nn -s 0 -XX -vvv \(dst 172.28.124.60 or src 172.28.124.60\) and not port 22
	tcpdump: WARNING: BIOCPROMISC: Not owner
	tcpdump: listening on en2, link-type 1, capture size 65535 bytes
	10:53:46.017035 IP (tos 0x0, ttl 122, id 20285, offset 0, flags [none], proto: TCP (6), length: 44) 172.28.124.60.54418 > 172.20.71.47.1521: S, cksum 0xe468 (correct) 2732695011:2732695011(0) win 32120 <mss 1300>
	0x0000: e41f 13a5 5724 0023 0418 dc80 0800 4500 ....W$.#......E.
	0x0010: 002c 4f3d 0000 7a06 d5f2 ac1c 7c3c ac14 .,O=..z.....\|<..
	0x0020: 472f d492 05f1 a2e1 9de3 0000 0000 6002 G/............`.
	0x0030: 7d78 e468 0000 0204 0514 0000 }x.h........
	10:53:46.017072 IP (tos 0x0, ttl 60, id 30139, offset 0, flags [DF], proto: TCP (6), length: 44) 172.20.71.47.1521 > 172.28.124.60.54418: S, cksum 0x00e0 (correct) 88759046:88759046(0) ack 2732695012 win 65535 <mss 1460>
	0x0000: 0000 0c9f f3f3 e41f 13a5 5724 0800 4500 ..........W$..E.
	0x0010: 002c 75bb 4000 3c06 ad74 ac14 472f ac1c .,u.@.<..t..G/..
	0x0020: 7c3c 05f1 d492 054a 5b06 a2e1 9de4 6012 \|<.....J[.....`.
	0x0030: ffff 00e0 0000 0204 05b4 0000 ............
	10:53:46.076037 IP (tos 0x0, ttl 122, id 20287, offset 0, flags [none], proto: TCP (6), length: 40) 172.28.124.60.54418 > 172.20.71.47.1521: ., cksum 0x9b24 (correct) 2732695012:2732695012(0) ack 88759047 win 32120
	0x0000: e41f 13a5 5724 0023 0418 dc80 0800 4500 ....W$.#......E.
	0x0010: 0028 4f3f 0000 7a06 d5f4 ac1c 7c3c ac14 .(O?..z.....\|<..
	0x0020: 472f d492 05f1 a2e1 9de4 054a 5b07 5010 G/.........J[.P.
	0x0030: 7d78 9b24 0000 0000 0000 0000 }x.$........
	10:53:46.081269 IP (tos 0x0, ttl 122, id 20289, offset 0, flags [none], proto: TCP (6), length: 250) 172.28.124.60.54418 > 172.20.71.47.1521: P, cksum 0x4add (correct) 2732695012:2732695222(210) ack 88759047 win 32120
	0x0000: e41f 13a5 5724 0023 0418 dc80 0800 4500 ....W$.#......E.
	0x0010: 00fa 4f41 0000 7a06 d520 ac1c 7c3c ac14 ..OA..z.....\|<..
	0x0020: 472f d492 05f1 a2e1 9de4 054a 5b07 5018 G/.........J[.P.
	0x0030: 7d78 4add 0000 00d2 0000 0100 0000 0136 }xJ............6
	0x0040: 012c 0c41 2000 7fff 4f98 0000 0001 0098 .,.A....O.......
	0x0050: 003a 0000 0000 8181 0000 0000 0000 0000 .:..............
	0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
	0x0070: 2844 4553 4352 4950 5449 4f4e 3d28 434f (DESCRIPTION=(CO
	0x0080: 4e4e 4543 545f 4441 5441 3d28 5349 443d NNECT_DATA=(SID=
	0x0090: 646d 6462 2928 4349 443d 2850 524f 4752 dmdb)(CID=(PROGR
	0x00a0: 414d 3d53 514c 2044 6576 656c 6f70 6572 AM=SQL.Developer
	0x00b0: 2928 484f 5354 3d5f 5f6a 6462 635f 5f29 )(HOST=__jdbc__)
	0x00c0: 2855 5345 523d 5639 3930 3034 3736 2929 (USER=V9900476))
	0x00d0: 2928 4144 4452 4553 533d 2850 524f 544f )(ADDRESS=(PROTO
	0x00e0: 434f 4c3d 7463 7029 2848 4f53 543d 3137 COL=tcp)(HOST=17
	0x00f0: 322e 3230 2e37 312e 3437 2928 504f 5254 2.20.71.47)(PORT
	0x0100: 3d31 3532 3129 2929 =1521)))
	10:53:46.081282 IP (tos 0x0, ttl 60, id 30157, offset 0, flags [DF], proto: TCP (6), length: 40) 172.20.71.47.1521 > 172.28.124.60.54418: ., cksum 0x17cb (correct) 88759047:88759047(0) ack 2732695222 win 65535
	0x0000: 0000 0c9f f3f3 e41f 13a5 5724 0800 4500 ..........W$..E.
	0x0010: 0028 75cd 4000 3c06 ad66 ac14 472f ac1c .(u.@.<..f..G/..
	0x0020: 7c3c 05f1 d492 054a 5b07 a2e1 9eb6 5010 \|<.....J[.....P.
	0x0030: ffff 17cb 0000 0000 0000 0000 ............
	10:53:46.104219 IP (tos 0x0, ttl 60, id 30181, offset 0, flags [DF], proto: TCP (6), length: 48) 172.20.71.47.1521 > 172.28.124.60.54418: P, cksum 0x0000 (incorrect -> 0x0cb3) 88759047:88759055(8) ack 2732695222 win 65535
	0x0000: 0000 0c9f f3f3 e41f 13a5 5724 0800 4500 ..........W$..E.
	0x0010: 0030 75e5 4000 3c06 ad46 ac14 472f ac1c .0u.@.<..F..G/..
	0x0020: 7c3c 05f1 d492 054a 5b07 a2e1 9eb6 5018 \|<.....J[.....P.
	0x0030: ffff 0000 0000 0008 0000 0b00 0000 ..............
	10:53:46.119859 IP (tos 0x0, ttl 122, id 20290, offset 0, flags [none], proto: TCP (6), length: 40) 172.28.124.60.54418 > 172.20.71.47.1521: ., cksum 0x9a52 (correct) 2732695222:2732695222(0) ack 88759055 win 32112
	0x0000: e41f 13a5 5724 0023 0418 dc80 0800 4500 ....W$.#......E.
	0x0010: 0028 4f42 0000 7a06 d5f1 ac1c 7c3c ac14 .(OB..z.....\|<..
	0x0020: 472f d492 05f1 a2e1 9eb6 054a 5b0f 5010 G/.........J[.P.
	0x0030: 7d70 9a52 0000 0000 0000 0000 }p.R........
	10:54:46.114177 IP (tos 0x0, ttl 60, id 36445, offset 0, flags [DF], proto: TCP (6), length: 40) 172.20.71.47.1521 > 172.28.124.60.54418: R, cksum 0x17bf (correct) 88759055:88759055(0) ack 2732695222 win 65535
	0x0000: 0000 0c9f f3f3 e41f 13a5 5724 0800 4500 ..........W$..E.
	0x0010: 0028 8e5d 4000 3c06 94d6 ac14 472f ac1c .(.]@.<.....G/..
	0x0020: 7c3c 05f1 d492 054a 5b0f a2e1 9eb6 5014 \|<.....J[.....P.
	0x0030: ffff 17bf 0000 0000 0000 0000 ............