The SMTP protocol was originally used directly above TCP. All emails were sent in clear text between SMTP servers. Today, most SMTP servers run SMTP over TLS over TCP. The attached trace provides a sample connection.
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
28
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
57
0040
00
00
00
00
a0
00
70
80
9a
d5
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
(
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
W
0040
.
.
.
.
.
.
p
.
.
Õ
.
.
- Frame 1: 96 bytes on wire (768 bits), 96 bytes captured (768 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 40
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 0, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 0 (relative sequence number)
- Acknowledgment number: 0
- 1010 .... = Header Length: 40 bytes (10)
- Window size value: 28800
- Calculated window size: 28800
- Checksum: 0x9ad5 [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
20
06
f2
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
d4
10
0040
84
ad
88
58
80
00
1f
fe
c1
a4
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
.
ò
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Ô
.
0040
.
.
.
X
.
.
.
þ
Á
¤
.
.
- Frame 2: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 32
- Next Header: TCP (6)
- Hop Limit: 242
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 0, Ack: 1, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 0 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Window size value: 8190
- Calculated window size: 8190
- Checksum: 0xc1a4 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
58
0040
ca
c5
d4
11
50
00
00
e1
20
a1
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
X
0040
Ê
Å
Ô
.
P
.
.
á
¡
.
.
- Frame 3: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 1, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 225
- Calculated window size: 28800
- Window size scaling factor: 128
- Checksum: 0x20a1 [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
85
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
d4
11
0040
84
ad
88
58
50
00
80
00
15
7b
00
00
32
32
30
20
0050
41
4d
30
50
52
30
31
30
32
43
41
30
30
30
32
2e
0060
6f
75
74
6c
6f
6f
6b
2e
6f
66
66
69
63
65
33
36
0070
35
2e
63
6f
6d
20
4d
69
63
72
6f
73
6f
66
74
20
0080
45
53
4d
54
50
20
4d
41
49
4c
20
53
65
72
76
69
0090
63
65
20
72
65
61
64
79
20
61
74
20
54
68
75
2c
00A0
20
33
31
20
4f
63
74
20
32
30
31
39
20
30
38
3a
00B0
32
36
3a
30
36
20
2b
30
30
30
30
0d
0a
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
.
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Ô
.
0040
.
.
.
X
P
.
.
.
.
{
.
.
2
2
0
0050
A
M
0
P
R
0
1
0
2
C
A
0
0
0
2
.
0060
o
u
t
l
o
o
k
.
o
f
f
i
c
e
3
6
0070
5
.
c
o
m
M
i
c
r
o
s
o
f
t
0080
E
S
M
T
P
M
A
I
L
S
e
r
v
i
0090
c
e
r
e
a
d
y
a
t
T
h
u
,
00A0
3
1
O
c
t
2
0
1
9
0
8
:
00B0
2
6
:
0
6
+
0
0
0
0
.
.
- Frame 4: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 133
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 1, Ack: 1, Len: 113
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 113
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x157b [unverified]
- Urgent pointer: 0
- Simple Mail Transfer Protocol
- Response: 220 AM0PR0102CA0002.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 31 Oct 2019 08:26:06 +0000\r\n
- Response code: Service ready (220)
- Response parameter: AM0PR0102CA0002.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 31 Oct 2019 08:26:06 +0000
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
58
0040
ca
c5
d4
82
50
00
00
e1
20
30
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
X
0040
Ê
Å
Ô
.
P
.
.
á
0
.
.
- Frame 5: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 114, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 114 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 225
- Calculated window size: 28800
- Window size scaling factor: 128
- Checksum: 0x2030 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
44
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
58
0040
ca
c5
d4
82
50
00
00
e1
04
39
00
00
45
48
4c
4f
0050
20
5b
49
50
76
36
3a
32
30
30
31
3a
36
61
38
3a
0060
33
30
38
31
3a
61
30
30
31
3a
31
33
30
3a
31
30
0070
34
3a
32
34
30
3a
32
33
30
5d
0d
0a
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
D
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
X
0040
Ê
Å
Ô
.
P
.
.
á
.
9
.
.
E
H
L
O
0050
[
I
P
v
6
:
2
0
0
1
:
6
a
8
:
0060
3
0
8
1
:
a
0
0
1
:
1
3
0
:
1
0
0070
4
:
2
4
0
:
2
3
0
]
.
.
- Frame 6: 124 bytes on wire (992 bits), 124 bytes captured (992 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 68
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 114, Len: 48
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 48
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 114 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 225
- Calculated window size: 28800
- Window size scaling factor: 128
- Checksum: 0x0439 [unverified]
- Urgent pointer: 0
- Simple Mail Transfer Protocol
- Command Line: EHLO [IPv6:2001:6a8:3081:a001:130:104:240:230]\r\n
- Command: EHLO
- Request parameter: [IPv6:2001:6a8:3081:a001:130:104:240:230]
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
f8
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
d4
82
0040
84
ad
88
88
50
00
80
00
c7
ae
00
00
32
35
30
2d
0050
41
4d
30
50
52
30
31
30
32
43
41
30
30
30
32
2e
0060
6f
75
74
6c
6f
6f
6b
2e
6f
66
66
69
63
65
33
36
0070
35
2e
63
6f
6d
20
48
65
6c
6c
6f
20
5b
32
30
30
0080
31
3a
36
61
38
3a
33
30
38
31
3a
61
30
30
31
3a
0090
31
33
30
3a
31
30
34
3a
32
34
30
3a
32
33
30
5d
00A0
0d
0a
32
35
30
2d
53
49
5a
45
20
31
35
37
32
38
00B0
36
34
30
30
0d
0a
32
35
30
2d
50
49
50
45
4c
49
00C0
4e
49
4e
47
0d
0a
32
35
30
2d
44
53
4e
0d
0a
32
00D0
35
30
2d
45
4e
48
41
4e
43
45
44
53
54
41
54
55
00E0
53
43
4f
44
45
53
0d
0a
32
35
30
2d
53
54
41
52
00F0
54
54
4c
53
0d
0a
32
35
30
2d
38
42
49
54
4d
49
0100
4d
45
0d
0a
32
35
30
2d
42
49
4e
41
52
59
4d
49
0110
4d
45
0d
0a
32
35
30
2d
43
48
55
4e
4b
49
4e
47
0120
0d
0a
32
35
30
20
53
4d
54
50
55
54
46
38
0d
0a
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
ø
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Ô
.
0040
.
.
.
.
P
.
.
.
Ç
®
.
.
2
5
0
-
0050
A
M
0
P
R
0
1
0
2
C
A
0
0
0
2
.
0060
o
u
t
l
o
o
k
.
o
f
f
i
c
e
3
6
0070
5
.
c
o
m
H
e
l
l
o
[
2
0
0
0080
1
:
6
a
8
:
3
0
8
1
:
a
0
0
1
:
0090
1
3
0
:
1
0
4
:
2
4
0
:
2
3
0
]
00A0
.
.
2
5
0
-
S
I
Z
E
1
5
7
2
8
00B0
6
4
0
0
.
.
2
5
0
-
P
I
P
E
L
I
00C0
N
I
N
G
.
.
2
5
0
-
D
S
N
.
.
2
00D0
5
0
-
E
N
H
A
N
C
E
D
S
T
A
T
U
00E0
S
C
O
D
E
S
.
.
2
5
0
-
S
T
A
R
00F0
T
T
L
S
.
.
2
5
0
-
8
B
I
T
M
I
0100
M
E
.
.
2
5
0
-
B
I
N
A
R
Y
M
I
0110
M
E
.
.
2
5
0
-
C
H
U
N
K
I
N
G
0120
.
.
2
5
0
S
M
T
P
U
T
F
8
.
.
- Frame 7: 304 bytes on wire (2432 bits), 304 bytes captured (2432 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 248
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 114, Ack: 49, Len: 228
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 228
- Sequence number: 114 (relative sequence number)
- Acknowledgment number: 49 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xc7ae [unverified]
- Urgent pointer: 0
- Simple Mail Transfer Protocol
- Response: 250-AM0PR0102CA0002.outlook.office365.com Hello [2001:6a8:3081:a001:130:104:240:230]\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: AM0PR0102CA0002.outlook.office365.com Hello [2001:6a8:3081:a001:130:104:240:230]
- Response: 250-SIZE 157286400\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: SIZE 157286400
- Response: 250-PIPELINING\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: PIPELINING
- Response: 250-DSN\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: DSN
- Response: 250-ENHANCEDSTATUSCODES\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: ENHANCEDSTATUSCODES
- Response: 250-STARTTLS\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: STARTTLS
- Response: 250-8BITMIME\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: 8BITMIME
- Response: 250-BINARYMIME\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: BINARYMIME
- Response: 250-CHUNKING\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: CHUNKING
- Response: 250 SMTPUTF8\r\n
- Response code: Requested mail action okay, completed (250)
- Response parameter: SMTPUTF8
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
f8
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
d4
82
0040
84
ad
88
88
50
00
80
00
c7
ae
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
ø
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Ô
.
0040
.
.
.
.
P
.
.
.
Ç
®
.
.
- Frame 8: 304 bytes on wire (2432 bits), 304 bytes captured (2432 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 248
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 114, Ack: 49, Len: 228
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 228
- Sequence number: 114 (relative sequence number)
- Acknowledgment number: 49 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xc7ae [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
20
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
88
0040
ca
c5
d5
66
80
00
00
ea
a9
86
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
Õ
f
.
.
.
ê
©
.
.
.
- Frame 9: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 32
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 49, Ack: 342, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 49 (relative sequence number)
- Acknowledgment number: 342 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0xa986 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
1e
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
88
0040
ca
c5
d5
66
50
00
00
ea
dc
a8
00
00
53
54
41
52
0050
54
54
4c
53
0d
0a
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
Õ
f
P
.
.
ê
Ü
¨
.
.
S
T
A
R
0050
T
T
L
S
.
.
- Frame 10: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 30
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 49, Ack: 342, Len: 10
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 10
- Sequence number: 49 (relative sequence number)
- Acknowledgment number: 342 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0xdca8 [unverified]
- Urgent pointer: 0
- Simple Mail Transfer Protocol
- Command Line: STARTTLS\r\n
- Command: STAR
- Request parameter: TLS
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
31
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
d5
66
0040
84
ad
88
92
50
00
80
00
3e
1e
00
00
32
32
30
20
0050
32
2e
30
2e
30
20
53
4d
54
50
20
73
65
72
76
65
0060
72
20
72
65
61
64
79
0d
0a
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
1
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Õ
f
0040
.
.
.
.
P
.
.
.
>
.
.
.
2
2
0
0050
2
.
0
.
0
S
M
T
P
s
e
r
v
e
0060
r
r
e
a
d
y
.
.
- Frame 11: 105 bytes on wire (840 bits), 105 bytes captured (840 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 49
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 342, Ack: 59, Len: 29
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 29
- Sequence number: 342 (relative sequence number)
- Acknowledgment number: 59 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x3e1e [unverified]
- Urgent pointer: 0
- Simple Mail Transfer Protocol
- Response: 220 2.0.0 SMTP server ready\r\n
- Response code: Service ready (220)
- Response parameter: 2.0.0 SMTP server ready
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
92
0040
ca
c5
d5
83
50
00
00
ea
1e
ec
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
Õ
.
P
.
.
ê
.
ì
.
.
- Frame 12: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 59, Ack: 371, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 59 (relative sequence number)
- Acknowledgment number: 371 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0x1eec [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
02
19
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
88
92
0040
ca
c5
d5
83
50
00
00
ea
62
db
00
00
16
03
01
02
0050
00
01
00
01
fc
03
03
75
da
ea
4a
1f
8a
5e
4c
8c
0060
ec
c2
5a
a4
74
bc
05
b5
2e
2a
ef
bc
46
11
63
55
0070
e4
2c
d8
bd
4f
d6
f1
20
cf
a9
93
dd
fc
86
e4
30
0080
bc
a8
6a
c4
68
dc
98
9d
52
80
aa
99
55
9b
ac
0f
0090
64
48
74
4c
09
58
2e
1f
00
1c
13
01
13
03
13
02
00A0
c0
2b
c0
2f
cc
a9
cc
a8
c0
2c
c0
30
c0
13
c0
14
00B0
00
2f
00
35
00
0a
01
00
01
97
00
00
00
17
00
15
00C0
00
00
12
73
6d
74
70
2e
6f
66
66
69
63
65
33
36
00D0
35
2e
63
6f
6d
00
17
00
00
ff
01
00
01
00
00
0a
00E0
00
0e
00
0c
00
1d
00
17
00
18
00
19
01
00
01
01
00F0
00
0b
00
02
01
00
00
23
00
00
00
05
00
05
01
00
0100
00
00
00
00
33
00
6b
00
69
00
1d
00
20
b5
ec
69
0110
ce
f4
b0
fb
df
41
8e
4f
6b
dc
6b
0b
93
ee
e8
5e
0120
83
9f
2d
c9
9f
d1
9d
b4
c3
3a
5b
b8
12
00
17
00
0130
41
04
3d
ca
e1
3c
66
30
fa
7e
df
31
d1
05
df
89
0140
29
e7
36
c1
bb
6d
68
41
77
de
5a
bc
6e
1c
bc
e7
0150
41
3d
c7
d0
5d
d2
29
79
8d
ca
41
0c
92
da
70
1a
0160
a2
8c
a2
e9
1f
46
92
4a
1b
c1
63
37
5c
bf
64
66
0170
47
b5
00
2b
00
09
08
7f
17
03
03
03
02
03
01
00
0180
0d
00
18
00
16
04
03
05
03
06
03
08
04
08
05
08
0190
06
04
01
05
01
06
01
02
03
02
01
00
2d
00
02
01
01A0
01
00
15
00
ac
00
00
00
00
00
00
00
00
00
00
00
01B0
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
01C0
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
01D0
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
01E0
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
01F0
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
0200
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
0210
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
0220
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
0230
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
0240
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
0250
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
Õ
.
P
.
.
ê
b
Û
.
.
.
.
.
.
0050
.
.
.
.
ü
.
.
u
Ú
ê
J
.
.
^
L
.
0060
ì
Â
Z
¤
t
¼
.
µ
.
*
ï
¼
F
.
c
U
0070
ä
,
Ø
½
O
Ö
ñ
Ï
©
.
Ý
ü
.
ä
0
0080
¼
¨
j
Ä
h
Ü
.
.
R
.
ª
.
U
.
¬
.
0090
d
H
t
L
.
X
.
.
.
.
.
.
.
.
.
.
00A0
À
+
À
/
Ì
©
Ì
¨
À
,
À
0
À
.
À
.
00B0
.
/
.
5
.
.
.
.
.
.
.
.
.
.
.
.
00C0
.
.
.
s
m
t
p
.
o
f
f
i
c
e
3
6
00D0
5
.
c
o
m
.
.
.
.
ÿ
.
.
.
.
.
.
00E0
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
00F0
.
.
.
.
.
.
.
#
.
.
.
.
.
.
.
.
0100
.
.
.
.
3
.
k
.
i
.
.
.
µ
ì
i
0110
Î
ô
°
û
ß
A
.
O
k
Ü
k
.
.
î
è
^
0120
.
.
-
É
.
Ñ
.
´
Ã
:
[
¸
.
.
.
.
0130
A
.
=
Ê
á
<
f
0
ú
~
ß
1
Ñ
.
ß
.
0140
)
ç
6
Á
»
m
h
A
w
Þ
Z
¼
n
.
¼
ç
0150
A
=
Ç
Ð
]
Ò
)
y
.
Ê
A
.
.
Ú
p
.
0160
¢
.
¢
é
.
F
.
J
.
Á
c
7
\
¿
d
f
0170
G
µ
.
+
.
.
.
.
.
.
.
.
.
.
.
.
0180
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0190
.
.
.
.
.
.
.
.
.
.
.
.
-
.
.
.
01A0
.
.
.
.
¬
.
.
.
.
.
.
.
.
.
.
.
01B0
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
01C0
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
01D0
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
01E0
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
01F0
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0200
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0210
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0220
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0230
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0240
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0250
.
- Frame 13: 593 bytes on wire (4744 bits), 593 bytes captured (4744 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 537
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 59, Ack: 371, Len: 517
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 517
- Sequence number: 59 (relative sequence number)
- Acknowledgment number: 371 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0x62db [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1 Record Layer: Handshake Protocol: Client Hello
- Content Type: Handshake (22)
- Version: TLS 1.0 (0x0301)
- Length: 512
- Handshake Protocol: Client Hello
- Handshake Type: Client Hello (1)
- Length: 508
- Version: TLS 1.2 (0x0303)
- Random: 75daea4a1f8a5e4c8cecc25aa474bc05b52e2aefbc461163...
- GMT Unix Time: Aug 28, 2032 06:44:58.000000000 CEST
- Random Bytes: 1f8a5e4c8cecc25aa474bc05b52e2aefbc46116355e42cd8...
- Session ID Length: 32
- Session ID: cfa993ddfc86e430bca86ac468dc989d5280aa99559bac0f...
- Cipher Suites Length: 28
- Cipher Suites (14 suites)
- Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
- Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
- Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
- Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
- Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
- Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
- Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
- Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
- Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
- Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
- Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
- Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
- Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
- Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
- Compression Methods Length: 1
- Compression Methods (1 method)
- Compression Method: null (0)
- Extensions Length: 407
- Extension: server_name (len=23)
- Type: server_name (0)
- Length: 23
- Server Name Indication extension
- Server Name list length: 21
- Server Name Type: host_name (0)
- Server Name length: 18
- Server Name: smtp.office365.com
- Extension: extended_master_secret (len=0)
- Type: extended_master_secret (23)
- Length: 0
- Extension: renegotiation_info (len=1)
- Type: renegotiation_info (65281)
- Length: 1
- Renegotiation Info extension
- Renegotiation info extension length: 0
- Extension: supported_groups (len=14)
- Type: supported_groups (10)
- Length: 14
- Supported Groups List Length: 12
- Supported Groups (6 groups)
- Supported Group: x25519 (0x001d)
- Supported Group: secp256r1 (0x0017)
- Supported Group: secp384r1 (0x0018)
- Supported Group: secp521r1 (0x0019)
- Supported Group: ffdhe2048 (0x0100)
- Supported Group: ffdhe3072 (0x0101)
- Extension: ec_point_formats (len=2)
- Type: ec_point_formats (11)
- Length: 2
- EC point formats Length: 1
- Elliptic curves point formats (1)
- EC point format: uncompressed (0)
- Extension: SessionTicket TLS (len=0)
- Type: SessionTicket TLS (35)
- Length: 0
- Extension: status_request (len=5)
- Type: status_request (5)
- Length: 5
- Certificate Status Type: OCSP (1)
- Responder ID list Length: 0
- Request Extensions Length: 0
- Extension: key_share (len=107)
- Type: key_share (51)
- Length: 107
- Key Share extension
- Client Key Share Length: 105
- Key Share Entry: Group: x25519, Key Exchange length: 32
- Group: x25519 (29)
- Key Exchange Length: 32
- Key Exchange: b5ec69cef4b0fbdf418e4f6bdc6b0b93eee85e839f2dc99f...
- Key Share Entry: Group: secp256r1, Key Exchange length: 65
- Group: secp256r1 (23)
- Key Exchange Length: 65
- Key Exchange: 043dcae13c6630fa7edf31d105df8929e736c1bb6d684177...
- Extension: supported_versions (len=9)
- Type: supported_versions (43)
- Length: 9
- Supported Versions length: 8
- Supported Version: TLS 1.3 (draft 23) (0x7f17)
- Supported Version: TLS 1.2 (0x0303)
- Supported Version: TLS 1.1 (0x0302)
- Supported Version: TLS 1.0 (0x0301)
- Extension: signature_algorithms (len=24)
- Type: signature_algorithms (13)
- Length: 24
- Signature Hash Algorithms Length: 22
- Signature Hash Algorithms (11 algorithms)
- Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
- Signature Hash Algorithm Hash: SHA384 (5)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
- Signature Hash Algorithm Hash: SHA512 (6)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (4)
- Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (5)
- Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (6)
- Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
- Signature Hash Algorithm Hash: SHA384 (5)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
- Signature Hash Algorithm Hash: SHA512 (6)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: ecdsa_sha1 (0x0203)
- Signature Hash Algorithm Hash: SHA1 (2)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
- Signature Hash Algorithm Hash: SHA1 (2)
- Signature Hash Algorithm Signature: RSA (1)
- Extension: psk_key_exchange_modes (len=2)
- Type: psk_key_exchange_modes (45)
- Length: 2
- PSK Key Exchange Modes Length: 1
- PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
- Extension: padding (len=172)
- Type: padding (21)
- Length: 172
- Padding Data: 000000000000000000000000000000000000000000000000...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
04
d8
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
d5
83
0040
84
ad
8a
97
50
00
80
00
88
13
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
Ø
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Õ
.
0040
.
.
.
.
P
.
.
.
.
.
.
.
- Frame 14: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 371, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 371 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x8813 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8a
97
0040
ca
c5
da
47
50
00
01
00
18
0d
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
Ú
G
P
.
.
.
.
.
.
.
- Frame 15: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 1591, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 1591 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 256
- Calculated window size: 32768
- Window size scaling factor: 128
- Checksum: 0x180d [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
04
d8
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
d5
83
0040
84
ad
8a
97
50
00
80
00
88
13
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
Ø
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Õ
.
0040
.
.
.
.
P
.
.
.
.
.
.
.
- Frame 16: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 371, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 371 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x8813 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
20
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8a
97
0040
ca
c5
da
47
80
00
01
00
9c
9e
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
Ú
G
.
.
.
.
.
.
.
.
- Frame 17: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 32
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 1591, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 1591 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Window size value: 256
- Calculated window size: 32768
- Window size scaling factor: 128
- Checksum: 0x9c9e [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
04
d8
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
da
47
0040
84
ad
8a
97
50
00
80
00
98
c4
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
Ø
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
Ú
G
0040
.
.
.
.
P
.
.
.
.
Ä
.
.
- Frame 18: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 1591, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 1591 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x98c4 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8a
97
0040
ca
c5
df
0b
50
00
01
17
13
32
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
ß
.
P
.
.
.
.
2
.
.
- Frame 19: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 2811, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 2811 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 279
- Calculated window size: 35712
- Window size scaling factor: 128
- Checksum: 0x1332 [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
04
d8
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
df
0b
0040
84
ad
8a
97
50
00
80
00
51
34
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
Ø
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
ß
.
0040
.
.
.
.
P
.
.
.
Q
4
.
.
- Frame 20: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 2811, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 2811 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x5134 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8a
97
0040
ca
c5
e3
cf
50
00
01
2d
0e
58
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
ã
Ï
P
.
.
-
.
X
.
.
- Frame 21: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4031, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 4031 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 301
- Calculated window size: 38528
- Window size scaling factor: 128
- Checksum: 0x0e58 [unverified]
- Urgent pointer: 0
0000
16
03
03
11
02
02
00
00
55
03
03
5d
ba
9a
9f
f6
0010
83
9a
d9
74
d9
db
c0
76
e2
f4
7e
45
f8
e0
86
25
0020
36
fa
90
e7
c5
c9
dc
67
94
69
4e
20
cd
02
00
00
0030
bb
dc
7a
2c
26
35
10
01
1d
4a
d8
b6
5b
73
5f
26
0040
6a
c1
68
8e
ce
55
13
84
81
65
d1
96
c0
30
00
00
0050
0d
00
05
00
00
00
17
00
00
ff
01
00
01
00
0b
00
0060
0d
57
00
0d
54
00
08
b8
30
82
08
b4
30
0d
06
09
0070
2a
86
48
86
02
0d
01
09
25
69
d9
41
33
0e
74
35
0080
5c
ca
ce
4d
bf
c4
ca
3d
b7
d5
2c
2a
86
48
86
f7
0090
0d
01
01
0b
7c
46
30
4b
31
0b
31
15
30
13
55
04
00A0
06
04
0a
55
53
44
69
44
69
67
69
55
04
0a
13
0c
00B0
44
69
67
69
43
65
72
74
20
49
6e
63
65
73
42
92
00C0
77
32
55
04
03
13
1c
44
69
67
69
43
65
72
74
20
00D0
43
6c
6f
75
64
20
53
65
72
76
69
63
65
73
20
43
00E0
41
2d
31
77
6b
17
0d
31
39
30
34
31
31
30
30
30
00F0
30
30
30
5a
17
0d
32
31
30
34
31
31
31
32
30
30
0100
30
30
5a
30
6a
31
0b
31
13
30
11
55
04
06
04
08
0110
55
53
57
61
52
65
64
6d
55
04
08
13
0a
57
61
73
0120
68
69
6e
67
74
6f
6e
69
63
6f
6e
31
14
55
04
07
0130
13
07
52
65
64
6d
6f
6e
64
6c
6f
55
04
0a
13
15
0140
4d
69
63
72
4d
69
63
72
6f
73
6f
66
74
20
43
6f
0150
72
70
6f
72
61
74
69
6f
6e
30
12
55
04
03
13
0b
0160
6f
75
74
6c
6f
75
74
6c
6f
6f
6b
2e
63
6f
6d
2a
0170
86
48
86
f7
0d
01
01
01
30
82
01
0a
02
82
01
01
0180
00
97
64
3d
36
61
65
79
5f
5a
6e
9a
49
3b
b5
00
0190
97
64
3d
36
61
65
79
5f
5a
6e
9a
49
3b
b5
97
55
01A0
51
25
f2
8c
33
37
67
9d
1e
e7
e0
0c
71
24
e7
3c
01B0
56
53
44
10
37
f9
57
70
29
4d
36
5f
c4
49
af
88
01C0
ea
50
4b
76
df
f3
2d
df
a6
34
c3
7e
35
98
ba
a1
01D0
86
32
30
5b
3e
da
7c
b4
49
fb
e1
ec
c3
ce
22
8f
01E0
2f
93
07
5a
f4
02
ea
18
69
35
5e
b3
07
29
5f
80
01F0
35
2e
5e
6a
39
2f
cc
6a
4d
1f
22
28
94
3d
2d
59
0200
2e
c7
c9
c3
ba
79
a3
18
ae
75
7d
5a
ed
8f
49
86
0210
b6
19
64
ca
e6
b8
78
60
52
d9
cb
c7
b6
ff
d0
1c
0220
b7
52
08
b0
c1
c8
a9
de
a5
48
67
9f
e8
39
4e
63
0230
f9
b6
ce
47
12
fb
a4
e1
fe
ad
06
12
f1
62
6b
9b
0240
42
0c
3d
00
75
09
f7
23
4a
fb
c3
49
f6
5a
69
e7
0250
4f
0e
fe
3f
02
c8
23
8f
f4
7a
7e
71
83
a3
d2
f9
0260
54
f4
74
0a
21
eb
23
36
58
22
da
ec
7f
1c
2e
7e
0270
cf
2d
b4
d4
e2
5c
c7
11
d2
50
f8
d7
7a
b5
8d
3c
0280
22
14
c1
da
38
3d
2c
74
ba
16
0f
0b
c6
44
c8
89
0290
01
00
01
30
1f
06
03
55
1d
23
04
18
30
14
e9
8d
02A0
0f
55
1d
23
d8
af
07
30
82
02
dd
51
d0
a2
31
73
02B0
a9
73
ae
8f
b4
01
7e
5d
8c
57
cb
9f
f0
f7
6f
6d
02C0
82
0d
55
1d
0e
69
63
65
33
e9
8d
0f
1b
fe
31
d8
02D0
af
ff
b8
ff
d0
a4
a8
9d
a7
2a
20
1f
f5
43
65
72
02E0
74
43
6c
55
1d
11
53
65
72
76
69
63
65
73
82
16
02F0
2a
2e
69
6e
74
65
72
6e
61
6c
2e
6f
75
74
6c
6f
0300
6f
6b
2e
63
6f
6d
82
0d
2a
2e
6f
75
74
6c
6f
6f
0310
6b
2e
63
6f
6d
82
0b
6f
75
74
6c
6f
6f
6b
2e
63
0320
6f
6d
82
0d
6f
66
66
69
63
65
33
36
35
2e
63
6f
0330
6d
82
0f
2a
2e
6f
66
66
69
63
65
33
36
35
2e
63
0340
6f
6d
82
17
2a
2e
6f
75
74
6c
6f
6f
6b
2e
6f
66
0350
66
69
63
65
33
36
35
2e
63
6f
6d
82
0c
2a
2e
6f
0360
66
66
69
63
65
2e
63
6f
6d
82
12
6f
75
74
6c
6f
0370
6f
6b
2e
6f
66
66
69
63
65
2e
63
6f
6d
82
14
73
0380
75
62
73
74
72
61
74
65
2e
6f
66
66
69
63
65
2e
0390
63
6f
6d
82
1b
61
74
74
61
63
68
6d
65
6e
74
2e
03A0
6f
75
74
6c
6f
6f
6b
2e
6c
69
76
65
2e
6e
65
74
03B0
82
1d
61
74
74
61
63
68
6d
65
6e
74
2e
6f
75
74
03C0
6c
6f
6f
6b
2e
6f
66
66
69
63
65
2e
6e
65
74
82
03D0
20
61
74
74
61
63
68
6d
65
6e
74
2e
6f
75
74
6c
03E0
6f
6f
6b
2e
6f
66
66
69
63
65
70
70
65
2e
6e
65
03F0
74
82
16
61
74
74
61
63
68
6d
65
6e
74
73
2e
6f
0400
66
66
69
63
65
2e
6e
65
74
82
16
2a
2e
63
6c
6f
0410
2e
66
6f
6f
74
70
72
69
6e
74
64
6e
73
2e
63
6f
0420
6d
82
16
2a
2e
6e
72
62
2e
66
6f
6f
74
70
72
69
0430
6e
74
64
6e
73
2e
63
6f
6d
82
1d
63
63
73
2e
6c
0440
6f
67
69
6e
2e
6d
69
63
72
6f
73
6f
66
74
6f
6e
0450
6c
69
6e
65
2e
63
6f
6d
82
21
63
63
73
2d
73
64
0460
66
2e
6c
6f
67
69
6e
2e
6d
69
63
72
6f
73
6f
66
0470
74
6f
6e
6c
69
6e
65
2e
63
6f
6d
82
18
73
75
62
0480
73
74
72
61
74
65
2d
73
64
66
2e
6f
66
66
69
63
0490
65
2e
63
6f
6d
82
1a
61
74
74
61
63
68
6d
65
6e
04A0
74
73
2d
73
64
66
2e
6f
66
66
69
63
65
2e
6e
65
04B0
74
82
0a
2a
2e
6c
69
76
65
2e
63
6f
6d
82
16
6d
04C0
61
69
6c
2e
73
65
72
76
69
63
65
73
2e
6c
69
76
04D0
65
2e
63
6f
6d
82
0b
68
6f
74
6d
61
69
6c
2e
63
04E0
6f
6d
82
0d
2a
2e
68
6f
74
6d
61
69
6c
2e
63
6f
04F0
6d
2a
0b
66
d3
55
1d
0f
e9
74
ff
8d
7d
6f
50
05
0500
a0
c0
da
e6
82
55
1d
25
31
b5
3f
d3
06
08
2b
06
0510
01
05
05
07
03
01
06
08
2b
06
01
05
05
07
03
02
0520
55
1d
1f
30
3f
a0
3d
a0
3b
86
39
68
74
74
70
3a
0530
2f
2f
63
72
86
39
68
74
74
70
3a
2f
2f
63
72
6c
0540
33
2e
64
69
67
69
63
65
72
74
2e
63
6f
6d
2f
44
0550
69
67
69
43
65
72
74
43
6c
6f
75
64
53
65
72
76
0560
69
63
65
73
43
41
2d
31
2d
67
31
2e
63
72
6c
86
0570
39
68
74
74
70
86
39
68
74
74
70
3a
2f
2f
63
72
0580
6c
34
2e
64
69
67
69
63
65
72
74
2e
63
6f
6d
2f
0590
44
69
67
69
43
65
72
74
43
6c
6f
75
64
53
65
72
05A0
76
69
63
65
73
43
41
2d
31
2d
67
31
2e
63
72
6c
05B0
55
1d
20
30
37
06
09
60
86
48
01
02
02
60
86
48
05C0
01
86
fd
6c
01
01
30
28
06
08
2b
06
01
05
05
07
05D0
02
01
68
74
74
70
73
3a
2f
2f
77
77
77
2e
64
69
05E0
67
69
63
65
72
74
2e
63
6f
6d
2f
43
50
53
67
81
05F0
0c
01
02
02
2b
06
01
05
05
07
01
01
30
25
06
08
0600
2b
06
01
05
05
07
30
01
86
19
68
74
74
70
3a
2f
0610
2f
63
2b
06
01
05
05
07
30
01
69
67
68
74
74
70
0620
3a
2f
2f
6f
63
73
70
78
2e
64
69
67
69
63
65
72
0630
74
2e
63
6f
6d
2b
06
01
05
05
07
30
02
68
74
74
0640
70
3a
2f
68
74
74
70
3a
2f
2f
63
61
63
65
72
74
0650
73
2e
64
69
67
69
63
65
72
74
2e
63
6f
6d
2f
44
0660
69
67
69
43
65
72
74
43
6c
6f
75
64
53
65
72
76
0670
69
63
65
73
43
41
2d
31
2e
63
72
74
55
1d
13
ff
0680
2b
06
01
04
01
d6
79
02
04
02
01
68
00
76
00
bb
0690
d9
df
bc
1f
8a
71
b5
93
94
23
97
aa
92
7b
47
38
06A0
57
95
0a
ab
00
76
00
bb
d9
df
bc
1f
8a
71
b5
93
06B0
94
23
97
aa
92
7b
47
38
57
95
0a
ab
52
e8
1a
90
06C0
96
64
36
8e
1e
d1
85
00
00
01
6a
0e
c3
0c
3d
00
06D0
00
04
03
00
47
30
45
02
21
00
aa
97
82
5b
de
05
06E0
b3
be
c5
fb
64
3e
27
27
cd
77
fa
79
f4
41
5b
e4
06F0
9e
22
91
c2
c0
15
d2
24
5b
ec
02
20
58
0b
35
41
0700
4b
ed
55
32
50
e5
6a
db
80
38
7e
f7
27
cc
c3
15
0710
5c
b3
17
24
97
c9
e0
6d
fb
49
42
9c
00
76
00
87
0720
75
bf
e7
59
7c
f8
8c
43
99
5f
bd
f3
6e
ff
56
8d
0730
47
56
36
ff
4a
b5
60
c1
b4
ea
ff
5e
a0
83
0f
00
0740
00
01
6a
0e
c3
0d
4b
00
00
04
03
00
47
30
45
02
0750
20
66
b1
87
e5
be
61
29
1b
b4
e3
2d
1c
f5
aa
1c
0760
f4
ca
61
3b
65
d2
08
f7
50
23
5f
d7
00
17
91
ef
0770
28
02
21
00
8e
20
a6
2a
0b
66
d3
fb
f4
70
e9
74
0780
c2
8d
7d
6f
50
ef
92
e5
2c
fc
b0
82
3c
1b
de
25
0790
de
6e
55
2a
00
76
00
44
94
65
2e
b0
ee
ce
af
c4
07A0
40
07
d8
a8
fe
28
c0
da
e6
82
be
d8
cb
31
b5
3f
07B0
d3
33
96
b5
b6
81
a8
00
00
01
6a
0e
c3
0b
c2
00
07C0
00
04
03
00
47
30
45
02
21
00
82
d3
80
95
e4
03
07D0
ba
33
b3
cd
51
92
cc
07
1c
9b
d1
6d
d8
00
42
92
07E0
62
c6
7c
df
56
82
19
57
e4
3d
02
20
0c
87
3a
bb
07F0
3a
94
c6
2a
37
a1
ff
65
ba
fc
bf
dc
a8
11
62
2f
0800
e9
07
57
7c
d2
85
be
96
74
2a
eb
cd
2a
86
48
86
0810
f7
0d
01
01
0b
00
45
c8
8b
77
81
4a
7f
c3
62
7a
0820
c8
e7
42
23
8d
22
cf
b1
4b
c4
80
5a
3d
b7
d5
2c
0830
ac
63
00
4e
60
16
4b
89
ed
7c
46
fb
1f
f3
07
b3
0840
9f
aa
9d
7f
a4
c7
79
24
90
50
c6
6c
72
86
ae
87
0850
82
11
8d
d6
22
1a
5c
8b
a3
88
aa
27
fd
dd
67
c5
0860
a2
2b
4d
a7
f8
d0
7c
47
d2
41
f9
15
23
12
c1
40
0870
27
e8
e9
24
73
bb
75
dc
e0
eb
14
46
b3
8c
f1
e3
0880
a0
33
7c
2b
7f
e2
41
7b
f7
bb
37
c8
a3
62
ae
9b
0890
86
f8
e0
d5
1d
98
e0
19
1f
a4
b3
ca
f5
f6
e1
5b
08A0
85
93
27
c0
ee
0c
cd
8c
42
92
77
32
fb
55
a2
42
08B0
45
97
a0
a7
ec
42
6b
72
0f
02
b5
97
f1
e3
f6
3b
08C0
33
e4
c0
99
1c
b9
6d
92
d7
5c
e7
f5
6e
e2
60
3c
08D0
e0
7e
bd
54
26
01
5d
6c
37
3c
9a
08
3c
ca
0d
ae
08E0
61
fc
e8
39
36
20
95
84
4a
d4
8e
b1
5d
77
6b
69
08F0
e8
be
1e
65
89
69
09
3e
50
09
62
83
8f
81
2d
e9
0900
63
e1
38
92
bb
f9
54
e7
06
b4
11
e0
37
ee
fb
29
0910
d3
bc
f8
44
79
c5
00
04
96
30
82
04
92
30
82
03
0920
7a
a0
03
02
01
02
02
01
01
0b
05
00
03
82
01
02
0930
00
08
01
9e
c1
c6
bd
3f
59
7b
b2
0c
33
38
e5
51
0940
d8
77
71
46
05
5e
2a
86
48
86
f7
0d
01
01
0b
76
0950
0b
30
61
31
0b
31
15
30
13
55
04
06
04
0a
55
53
0960
44
69
77
77
77
2e
55
04
0a
13
0c
44
69
67
69
43
0970
65
72
74
20
49
6e
63
03
55
43
41
ce
53
55
04
0b
0980
13
10
77
77
77
2e
64
69
67
69
63
65
72
74
2e
63
0990
6f
6d
5c
a5
9e
0b
84
85
55
04
03
13
17
44
69
67
09A0
69
43
65
72
74
20
47
6c
6f
62
61
6c
20
52
6f
6f
09B0
74
20
43
41
17
0d
31
35
31
35
30
38
30
34
31
32
09C0
30
30
30
30
5a
17
0d
33
30
30
38
30
34
31
32
30
09D0
30
30
30
5a
30
4b
31
0b
31
15
30
13
55
04
06
04
09E0
0a
55
53
44
69
44
69
67
69
55
04
0a
13
0c
44
69
09F0
67
69
43
65
72
74
20
49
6e
63
65
73
55
04
03
13
0A00
1c
44
69
67
69
44
69
67
69
43
65
72
74
20
43
6c
0A10
6f
75
64
20
53
65
72
76
69
63
65
73
20
43
41
2d
0A20
31
2a
86
48
86
f7
0d
01
01
01
30
82
01
0a
02
82
0A30
01
01
00
d1
ad
f6
87
14
79
54
27
57
c7
2f
05
68
0A40
3c
00
d1
ad
f6
87
14
79
54
27
57
c7
2f
05
68
3c
0A50
9b
3c
cd
67
ec
45
10
2c
84
f2
a4
47
c4
d9
53
42
0A60
45
09
bb
e4
fe
33
c1
d7
bc
46
2f
d1
8b
e6
b7
b5
0A70
67
78
7c
6a
70
be
fd
b8
e5
b6
54
cf
4c
5e
ac
b8
0A80
22
74
73
55
29
08
73
c8
64
f7
d0
95
09
0e
79
83
0A90
50
bf
5f
f5
d4
cc
9b
42
61
8e
80
04
b9
41
aa
ce
0AA0
4e
12
99
9b
ac
d6
c5
be
5b
02
73
b5
16
a4
ab
71
0AB0
62
d4
98
ea
40
39
85
a6
f6
bb
2f
e8
e7
87
c2
8b
0AC0
f6
9c
32
cd
ec
f8
3e
bf
89
e7
74
23
82
4b
da
ea
0AD0
bf
73
a6
25
3c
fd
bf
a9
e5
68
ff
f8
30
a2
60
c7
0AE0
3b
2e
a3
f3
c5
7f
3b
3b
fd
0f
31
a1
7c
74
0f
d0
0AF0
bf
14
c4
bd
68
f1
a5
e7
6b
a7
df
9b
00
7e
46
25
0B00
4e
e6
e8
13
f3
f6
06
c7
d4
6f
0b
27
20
42
5d
61
0B10
bc
3f
60
d2
7c
96
72
c9
7c
b0
8b
ff
f9
48
05
53
0B20
04
fa
22
af
b7
cd
51
5d
6d
dd
90
74
03
f0
33
4f
0B30
f4
c7
c0
3e
56
46
47
af
73
20
8b
dc
7a
3e
a3
f2
0B40
5d
ff
01
00
01
30
12
06
03
55
1d
13
01
01
ff
04
0B50
04
03
02
55
1d
13
34
06
ff
2b
06
30
26
30
24
ff
0B60
08
2b
00
63
73
70
2e
55
1d
0f
69
63
ff
72
74
2e
0B70
63
01
86
6f
62
61
6c
2b
06
01
05
05
07
01
01
72
0B80
6c
30
37
74
47
6c
6f
2b
06
01
05
05
07
30
01
41
0B90
2e
68
74
74
70
3a
2f
2f
6f
63
73
70
2e
64
69
67
0BA0
69
63
65
72
74
2e
63
6f
6d
55
1d
1f
30
37
a0
35
0BB0
a0
33
86
31
68
74
74
70
3a
2f
86
31
68
74
74
70
0BC0
3a
2f
2f
63
72
6c
34
2e
64
69
67
69
63
65
72
74
0BD0
2e
63
6f
6d
2f
44
69
67
69
43
65
72
74
47
6c
6f
0BE0
62
61
6c
52
6f
6f
74
43
41
2e
63
72
6c
86
31
68
0BF0
74
74
70
86
31
68
74
74
70
3a
2f
2f
63
72
6c
33
0C00
2e
64
69
67
69
63
65
72
74
2e
63
6f
6d
2f
44
69
0C10
67
69
43
65
72
74
47
6c
6f
62
61
6c
52
6f
6f
74
0C20
43
41
2e
63
72
6c
55
1d
20
30
32
06
04
55
1d
20
0C30
00
55
1d
20
00
30
28
06
08
2b
06
2b
06
01
05
05
0C40
07
02
01
68
74
74
70
73
3a
2f
2f
77
77
77
2e
64
0C50
69
67
69
63
65
72
74
2e
63
6f
6d
2f
43
50
53
55
0C60
1d
0e
dd
51
d0
a2
31
73
a9
73
ae
8f
b4
01
7e
5d
0C70
8c
57
cb
9f
f0
f7
55
1d
23
03
de
50
35
56
d1
4c
0C80
bb
66
f0
a3
e2
1b
1b
c3
97
b2
3d
d1
55
2a
86
48
0C90
86
f7
0d
01
01
0b
00
08
29
c4
c8
a6
fe
b4
38
28
0CA0
f7
a3
19
67
8c
ea
05
3b
0e
4b
40
62
62
1e
3c
14
0CB0
c6
05
dc
36
a7
4f
32
71
46
05
5e
80
1d
5c
6b
f0
0CC0
6d
6d
d9
21
76
0b
bd
46
c4
b9
66
97
4d
ff
80
14
0CD0
7a
87
69
84
b2
d6
ff
c9
16
70
be
a3
cc
8b
21
ad
0CE0
ee
5c
8d
24
ad
c2
8f
99
e0
cc
9e
8a
09
03
b8
0f
0CF0
9a
b5
5b
90
2b
2a
f7
d7
a5
2f
4a
65
a8
c4
e4
c5
0D00
c7
71
a9
96
46
4f
ab
6d
4b
2a
16
cb
f1
a9
3b
f6
0D10
1f
21
39
b4
eb
ad
60
04
82
9b
12
bf
de
ab
d2
46
0D20
1d
0c
0d
3b
76
02
f9
0b
d5
ce
53
85
42
7b
29
4d
0D30
46
d1
8b
cd
64
ec
21
16
4f
2f
01
43
58
d1
65
ed
0D40
5c
a5
fb
44
a0
d2
50
e8
de
66
c4
b6
31
9e
87
33
0D50
03
b0
c9
c6
4b
12
e7
5b
35
94
d9
46
ce
31
eb
bf
0D60
b8
f6
9e
0b
84
85
82
22
56
c4
23
84
54
e7
52
33
0D70
0c
25
cb
1a
ec
44
55
0f
63
96
72
b3
cd
19
5e
7e
0D80
0e
27
85
d5
a4
ea
b0
e2
a5
dc
06
29
25
90
e8
ce
0D90
2c
e9
e9
d0
7c
ef
ce
16
00
01
db
01
00
01
d7
0c
0DA0
00
01
49
03
00
17
41
04
63
8a
79
43
f1
70
5f
df
0DB0
d5
04
73
fa
01
6e
03
b2
72
d8
92
da
da
96
cf
51
0DC0
ce
ce
96
24
10
ac
14
b8
e4
2e
02
be
7b
00
87
fe
0DD0
e7
16
91
0a
ea
fa
7a
7a
94
1d
0e
ff
72
34
22
3b
0DE0
2a
42
b4
23
f6
1d
c9
8f
04
01
01
00
16
fb
ec
08
0DF0
56
90
3a
62
a6
de
a5
ac
04
de
8e
09
4b
0f
52
7d
0E00
a3
85
7b
0c
d4
a8
ab
b6
b9
9b
25
22
78
8c
a1
3f
0E10
9d
dd
13
d2
0d
e5
5e
6c
58
7b
fa
b0
b0
de
1b
8f
0E20
26
9c
ae
df
5b
80
e8
2b
df
87
96
59
35
f3
1f
77
0E30
17
da
03
a1
9b
17
4b
52
b4
f9
bc
74
56
18
16
9d
0E40
05
36
10
a7
8d
c1
98
d1
67
62
2f
cc
02
91
9b
dc
0E50
60
b8
1c
32
45
7f
b4
a7
2f
9f
26
03
e3
1c
68
2a
0E60
7d
94
63
72
27
94
00
4a
26
d4
c6
43
76
a4
79
37
0E70
fd
9f
06
40
e7
98
26
d8
15
59
a8
62
91
5d
0f
2a
0E80
b3
ea
b3
3d
6b
96
4c
6d
0d
e8
05
2d
78
bb
e9
e3
0E90
2b
37
59
64
5d
30
1a
fd
bc
1f
6d
37
bb
f6
ee
5c
0EA0
d0
13
16
47
78
b3
3a
84
bc
8b
26
b7
c6
88
6a
d9
0EB0
ad
fc
e0
d4
4a
23
00
15
35
df
90
48
56
e2
05
e4
0EC0
dc
c7
be
9b
00
a2
f8
c2
01
3a
46
11
57
c9
74
64
0ED0
9f
9d
0e
ec
51
92
66
60
bc
60
d4
74
a2
b9
83
a1
0EE0
d5
d6
2e
41
0f
93
82
41
a9
57
3f
4b
03
00
17
41
0EF0
04
63
8a
79
43
f1
70
5f
df
d5
04
73
fa
01
6e
03
0F00
b2
72
d8
92
da
da
96
cf
51
ce
ce
96
24
10
ac
14
0F10
b8
e4
2e
02
be
7b
00
87
fe
e7
16
91
0a
ea
fa
7a
0F20
7a
94
1d
0e
ff
72
34
22
3b
2a
42
b4
23
f6
1d
c9
0F30
8f
04
01
04
01
01
00
16
fb
ec
08
56
90
3a
62
a6
0F40
de
a5
ac
04
de
8e
09
4b
0f
52
7d
a3
85
7b
0c
d4
0F50
a8
ab
b6
b9
9b
25
22
78
8c
a1
3f
9d
dd
13
d2
0d
0F60
e5
5e
6c
58
7b
fa
b0
b0
de
1b
8f
26
9c
ae
df
5b
0F70
80
e8
2b
df
87
96
59
35
f3
1f
77
17
da
03
a1
9b
0F80
17
4b
52
b4
f9
bc
74
56
18
16
9d
05
36
10
a7
8d
0F90
c1
98
d1
67
62
2f
cc
02
91
9b
dc
60
b8
1c
32
45
0FA0
7f
b4
a7
2f
9f
26
03
e3
1c
68
2a
7d
94
63
72
27
0FB0
94
00
4a
26
d4
c6
43
76
a4
79
37
fd
9f
06
40
e7
0FC0
98
26
d8
15
59
a8
62
91
5d
0f
2a
b3
ea
b3
3d
6b
0FD0
96
4c
6d
0d
e8
05
2d
78
bb
e9
e3
2b
37
59
64
5d
0FE0
30
1a
fd
bc
1f
6d
37
bb
f6
ee
5c
d0
13
16
47
78
0FF0
b3
3a
84
bc
8b
26
b7
c6
88
6a
d9
ad
fc
e0
d4
4a
1000
23
00
15
35
df
90
48
56
e2
05
e4
dc
c7
be
9b
00
1010
a2
f8
c2
01
3a
46
11
57
c9
74
64
9f
9d
0e
ec
51
1020
92
66
60
bc
60
d4
74
a2
b9
83
a1
d5
d6
2e
41
0f
1030
93
82
41
a9
57
3f
4b
0d
00
00
1a
03
01
02
40
00
1040
12
04
01
04
01
05
01
05
01
02
01
02
01
04
03
04
1050
03
05
03
05
03
02
03
02
03
02
02
02
02
06
01
06
1060
01
06
03
06
03
00
00
0e
00
00
00
0000
.
.
.
.
.
.
.
.
U
.
.
]
º
.
.
ö
0010
.
.
Ù
t
Ù
Û
À
v
â
ô
~
E
ø
à
.
%
0020
6
ú
.
ç
Å
É
Ü
g
.
i
N
Í
.
.
.
0030
»
Ü
z
,
&
5
.
.
.
J
Ø
¶
[
s
_
&
0040
j
Á
h
.
Î
U
.
.
.
e
Ñ
.
À
0
.
.
0050
.
.
.
.
.
.
.
.
.
ÿ
.
.
.
.
.
.
0060
.
W
.
.
T
.
.
¸
0
.
.
´
0
.
.
.
0070
*
.
H
.
.
.
.
.
%
i
Ù
A
3
.
t
5
0080
\
Ê
Î
M
¿
Ä
Ê
=
·
Õ
,
*
.
H
.
÷
0090
.
.
.
.
|
F
0
K
1
.
1
.
0
.
U
.
00A0
.
.
.
U
S
D
i
D
i
g
i
U
.
.
.
.
00B0
D
i
g
i
C
e
r
t
I
n
c
e
s
B
.
00C0
w
2
U
.
.
.
.
D
i
g
i
C
e
r
t
00D0
C
l
o
u
d
S
e
r
v
i
c
e
s
C
00E0
A
-
1
w
k
.
.
1
9
0
4
1
1
0
0
0
00F0
0
0
0
Z
.
.
2
1
0
4
1
1
1
2
0
0
0100
0
0
Z
0
j
1
.
1
.
0
.
U
.
.
.
.
0110
U
S
W
a
R
e
d
m
U
.
.
.
.
W
a
s
0120
h
i
n
g
t
o
n
i
c
o
n
1
.
U
.
.
0130
.
.
R
e
d
m
o
n
d
l
o
U
.
.
.
.
0140
M
i
c
r
M
i
c
r
o
s
o
f
t
C
o
0150
r
p
o
r
a
t
i
o
n
0
.
U
.
.
.
.
0160
o
u
t
l
o
u
t
l
o
o
k
.
c
o
m
*
0170
.
H
.
÷
.
.
.
.
0
.
.
.
.
.
.
.
0180
.
.
d
=
6
a
e
y
_
Z
n
.
I
;
µ
.
0190
.
d
=
6
a
e
y
_
Z
n
.
I
;
µ
.
U
01A0
Q
%
ò
.
3
7
g
.
.
ç
à
.
q
$
ç
<
01B0
V
S
D
.
7
ù
W
p
)
M
6
_
Ä
I
¯
.
01C0
ê
P
K
v
ß
ó
-
ß
¦
4
Ã
~
5
.
º
¡
01D0
.
2
0
[
>
Ú
|
´
I
û
á
ì
Ã
Î
"
.
01E0
/
.
.
Z
ô
.
ê
.
i
5
^
³
.
)
_
.
01F0
5
.
^
j
9
/
Ì
j
M
.
"
(
.
=
-
Y
0200
.
Ç
É
Ã
º
y
£
.
®
u
}
Z
í
.
I
.
0210
¶
.
d
Ê
æ
¸
x
`
R
Ù
Ë
Ç
¶
ÿ
Ð
.
0220
·
R
.
°
Á
È
©
Þ
¥
H
g
.
è
9
N
c
0230
ù
¶
Î
G
.
û
¤
á
þ
.
.
.
ñ
b
k
.
0240
B
.
=
.
u
.
÷
#
J
û
Ã
I
ö
Z
i
ç
0250
O
.
þ
?
.
È
#
.
ô
z
~
q
.
£
Ò
ù
0260
T
ô
t
.
!
ë
#
6
X
"
Ú
ì
.
.
.
~
0270
Ï
-
´
Ô
â
\
Ç
.
Ò
P
ø
×
z
µ
.
<
0280
"
.
Á
Ú
8
=
,
t
º
.
.
.
Æ
D
È
.
0290
.
.
.
0
.
.
.
U
.
#
.
.
0
.
é
.
02A0
.
U
.
#
Ø
¯
.
0
.
.
Ý
Q
Ð
¢
1
s
02B0
©
s
®
.
´
.
~
]
.
W
Ë
.
ð
÷
o
m
02C0
.
.
U
.
.
i
c
e
3
é
.
.
.
þ
1
Ø
02D0
¯
ÿ
¸
ÿ
Ð
¤
¨
.
§
*
.
õ
C
e
r
02E0
t
C
l
U
.
.
S
e
r
v
i
c
e
s
.
.
02F0
*
.
i
n
t
e
r
n
a
l
.
o
u
t
l
o
0300
o
k
.
c
o
m
.
.
*
.
o
u
t
l
o
o
0310
k
.
c
o
m
.
.
o
u
t
l
o
o
k
.
c
0320
o
m
.
.
o
f
f
i
c
e
3
6
5
.
c
o
0330
m
.
.
*
.
o
f
f
i
c
e
3
6
5
.
c
0340
o
m
.
.
*
.
o
u
t
l
o
o
k
.
o
f
0350
f
i
c
e
3
6
5
.
c
o
m
.
.
*
.
o
0360
f
f
i
c
e
.
c
o
m
.
.
o
u
t
l
o
0370
o
k
.
o
f
f
i
c
e
.
c
o
m
.
.
s
0380
u
b
s
t
r
a
t
e
.
o
f
f
i
c
e
.
0390
c
o
m
.
.
a
t
t
a
c
h
m
e
n
t
.
03A0
o
u
t
l
o
o
k
.
l
i
v
e
.
n
e
t
03B0
.
.
a
t
t
a
c
h
m
e
n
t
.
o
u
t
03C0
l
o
o
k
.
o
f
f
i
c
e
.
n
e
t
.
03D0
a
t
t
a
c
h
m
e
n
t
.
o
u
t
l
03E0
o
o
k
.
o
f
f
i
c
e
p
p
e
.
n
e
03F0
t
.
.
a
t
t
a
c
h
m
e
n
t
s
.
o
0400
f
f
i
c
e
.
n
e
t
.
.
*
.
c
l
o
0410
.
f
o
o
t
p
r
i
n
t
d
n
s
.
c
o
0420
m
.
.
*
.
n
r
b
.
f
o
o
t
p
r
i
0430
n
t
d
n
s
.
c
o
m
.
.
c
c
s
.
l
0440
o
g
i
n
.
m
i
c
r
o
s
o
f
t
o
n
0450
l
i
n
e
.
c
o
m
.
!
c
c
s
-
s
d
0460
f
.
l
o
g
i
n
.
m
i
c
r
o
s
o
f
0470
t
o
n
l
i
n
e
.
c
o
m
.
.
s
u
b
0480
s
t
r
a
t
e
-
s
d
f
.
o
f
f
i
c
0490
e
.
c
o
m
.
.
a
t
t
a
c
h
m
e
n
04A0
t
s
-
s
d
f
.
o
f
f
i
c
e
.
n
e
04B0
t
.
.
*
.
l
i
v
e
.
c
o
m
.
.
m
04C0
a
i
l
.
s
e
r
v
i
c
e
s
.
l
i
v
04D0
e
.
c
o
m
.
.
h
o
t
m
a
i
l
.
c
04E0
o
m
.
.
*
.
h
o
t
m
a
i
l
.
c
o
04F0
m
*
.
f
Ó
U
.
.
é
t
ÿ
.
}
o
P
.
0500
.
À
Ú
æ
.
U
.
%
1
µ
?
Ó
.
.
+
.
0510
.
.
.
.
.
.
.
.
+
.
.
.
.
.
.
.
0520
U
.
.
0
?
.
=
.
;
.
9
h
t
t
p
:
0530
/
/
c
r
.
9
h
t
t
p
:
/
/
c
r
l
0540
3
.
d
i
g
i
c
e
r
t
.
c
o
m
/
D
0550
i
g
i
C
e
r
t
C
l
o
u
d
S
e
r
v
0560
i
c
e
s
C
A
-
1
-
g
1
.
c
r
l
.
0570
9
h
t
t
p
.
9
h
t
t
p
:
/
/
c
r
0580
l
4
.
d
i
g
i
c
e
r
t
.
c
o
m
/
0590
D
i
g
i
C
e
r
t
C
l
o
u
d
S
e
r
05A0
v
i
c
e
s
C
A
-
1
-
g
1
.
c
r
l
05B0
U
.
0
7
.
.
`
.
H
.
.
.
`
.
H
05C0
.
.
ý
l
.
.
0
(
.
.
+
.
.
.
.
.
05D0
.
.
h
t
t
p
s
:
/
/
w
w
w
.
d
i
05E0
g
i
c
e
r
t
.
c
o
m
/
C
P
S
g
.
05F0
.
.
.
.
+
.
.
.
.
.
.
.
0
%
.
.
0600
+
.
.
.
.
.
0
.
.
.
h
t
t
p
:
/
0610
/
c
+
.
.
.
.
.
0
.
i
g
h
t
t
p
0620
:
/
/
o
c
s
p
x
.
d
i
g
i
c
e
r
0630
t
.
c
o
m
+
.
.
.
.
.
0
.
h
t
t
0640
p
:
/
h
t
t
p
:
/
/
c
a
c
e
r
t
0650
s
.
d
i
g
i
c
e
r
t
.
c
o
m
/
D
0660
i
g
i
C
e
r
t
C
l
o
u
d
S
e
r
v
0670
i
c
e
s
C
A
-
1
.
c
r
t
U
.
.
ÿ
0680
+
.
.
.
.
Ö
y
.
.
.
.
h
.
v
.
»
0690
Ù
ß
¼
.
.
q
µ
.
.
#
.
ª
.
{
G
8
06A0
W
.
.
«
.
v
.
»
Ù
ß
¼
.
.
q
µ
.
06B0
.
#
.
ª
.
{
G
8
W
.
.
«
R
è
.
.
06C0
.
d
6
.
.
Ñ
.
.
.
.
j
.
Ã
.
=
.
06D0
.
.
.
.
G
0
E
.
!
.
ª
.
.
[
Þ
.
06E0
³
¾
Å
û
d
>
'
'
Í
w
ú
y
ô
A
[
ä
06F0
.
"
.
Â
À
.
Ò
$
[
ì
.
X
.
5
A
0700
K
í
U
2
P
å
j
Û
.
8
~
÷
'
Ì
Ã
.
0710
\
³
.
$
.
É
à
m
û
I
B
.
.
v
.
.
0720
u
¿
ç
Y
|
ø
.
C
.
_
½
ó
n
ÿ
V
.
0730
G
V
6
ÿ
J
µ
`
Á
´
ê
ÿ
^
.
.
.
.
0740
.
.
j
.
Ã
.
K
.
.
.
.
.
G
0
E
.
0750
f
±
.
å
¾
a
)
.
´
ã
-
.
õ
ª
.
0760
ô
Ê
a
;
e
Ò
.
÷
P
#
_
×
.
.
.
ï
0770
(
.
!
.
.
¦
*
.
f
Ó
û
ô
p
é
t
0780
Â
.
}
o
P
ï
.
å
,
ü
°
.
<
.
Þ
%
0790
Þ
n
U
*
.
v
.
D
.
e
.
°
î
Î
¯
Ä
07A0
@
.
Ø
¨
þ
(
À
Ú
æ
.
¾
Ø
Ë
1
µ
?
07B0
Ó
3
.
µ
¶
.
¨
.
.
.
j
.
Ã
.
Â
.
07C0
.
.
.
.
G
0
E
.
!
.
.
Ó
.
.
ä
.
07D0
º
3
³
Í
Q
.
Ì
.
.
.
Ñ
m
Ø
.
B
.
07E0
b
Æ
|
ß
V
.
.
W
ä
=
.
.
.
:
»
07F0
:
.
Æ
*
7
¡
ÿ
e
º
ü
¿
Ü
¨
.
b
/
0800
é
.
W
|
Ò
.
¾
.
t
*
ë
Í
*
.
H
.
0810
÷
.
.
.
.
.
E
È
.
w
.
J
.
Ã
b
z
0820
È
ç
B
#
.
"
Ï
±
K
Ä
.
Z
=
·
Õ
,
0830
¬
c
.
N
`
.
K
.
í
|
F
û
.
ó
.
³
0840
.
ª
.
.
¤
Ç
y
$
.
P
Æ
l
r
.
®
.
0850
.
.
.
Ö
"
.
\
.
£
.
ª
'
ý
Ý
g
Å
0860
¢
+
M
§
ø
Ð
|
G
Ò
A
ù
.
#
.
Á
@
0870
'
è
é
$
s
»
u
Ü
à
ë
.
F
³
.
ñ
ã
0880
.
3
|
+
.
â
A
{
÷
»
7
È
£
b
®
.
0890
.
ø
à
Õ
.
.
à
.
.
¤
³
Ê
õ
ö
á
[
08A0
.
.
'
À
î
.
Í
.
B
.
w
2
û
U
¢
B
08B0
E
.
.
§
ì
B
k
r
.
.
µ
.
ñ
ã
ö
;
08C0
3
ä
À
.
.
¹
m
.
×
\
ç
õ
n
â
`
<
08D0
à
~
½
T
&
.
]
l
7
<
.
.
<
Ê
.
®
08E0
a
ü
è
9
6
.
.
J
Ô
.
±
]
w
k
i
08F0
è
¾
.
e
.
i
.
>
P
.
b
.
.
.
-
é
0900
c
á
8
.
»
ù
T
ç
.
´
.
à
7
î
û
)
0910
Ó
¼
ø
D
y
Å
.
.
.
0
.
.
.
0
.
.
0920
z
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
0930
.
.
.
.
Á
Æ
½
?
Y
{
²
.
3
8
å
Q
0940
Ø
w
q
F
.
^
*
.
H
.
÷
.
.
.
.
v
0950
.
0
a
1
.
1
.
0
.
U
.
.
.
.
U
S
0960
D
i
w
w
w
.
U
.
.
.
.
D
i
g
i
C
0970
e
r
t
I
n
c
.
U
C
A
Î
S
U
.
.
0980
.
.
w
w
w
.
d
i
g
i
c
e
r
t
.
c
0990
o
m
\
¥
.
.
.
.
U
.
.
.
.
D
i
g
09A0
i
C
e
r
t
G
l
o
b
a
l
R
o
o
09B0
t
C
A
.
.
1
5
1
5
0
8
0
4
1
2
09C0
0
0
0
0
Z
.
.
3
0
0
8
0
4
1
2
0
09D0
0
0
0
Z
0
K
1
.
1
.
0
.
U
.
.
.
09E0
.
U
S
D
i
D
i
g
i
U
.
.
.
.
D
i
09F0
g
i
C
e
r
t
I
n
c
e
s
U
.
.
.
0A00
.
D
i
g
i
D
i
g
i
C
e
r
t
C
l
0A10
o
u
d
S
e
r
v
i
c
e
s
C
A
-
0A20
1
*
.
H
.
÷
.
.
.
.
0
.
.
.
.
.
0A30
.
.
.
Ñ
.
ö
.
.
y
T
'
W
Ç
/
.
h
0A40
<
.
Ñ
.
ö
.
.
y
T
'
W
Ç
/
.
h
<
0A50
.
<
Í
g
ì
E
.
,
.
ò
¤
G
Ä
Ù
S
B
0A60
E
.
»
ä
þ
3
Á
×
¼
F
/
Ñ
.
æ
·
µ
0A70
g
x
|
j
p
¾
ý
¸
å
¶
T
Ï
L
^
¬
¸
0A80
"
t
s
U
)
.
s
È
d
÷
Ð
.
.
.
y
.
0A90
P
¿
_
õ
Ô
Ì
.
B
a
.
.
.
¹
A
ª
Î
0AA0
N
.
.
.
¬
Ö
Å
¾
[
.
s
µ
.
¤
«
q
0AB0
b
Ô
.
ê
@
9
.
¦
ö
»
/
è
ç
.
Â
.
0AC0
ö
.
2
Í
ì
ø
>
¿
.
ç
t
#
.
K
Ú
ê
0AD0
¿
s
¦
%
<
ý
¿
©
å
h
ÿ
ø
0
¢
`
Ç
0AE0
;
.
£
ó
Å
.
;
;
ý
.
1
¡
|
t
.
Ð
0AF0
¿
.
Ä
½
h
ñ
¥
ç
k
§
ß
.
.
~
F
%
0B00
N
æ
è
.
ó
ö
.
Ç
Ô
o
.
'
B
]
a
0B10
¼
?
`
Ò
|
.
r
É
|
°
.
ÿ
ù
H
.
S
0B20
.
ú
"
¯
·
Í
Q
]
m
Ý
.
t
.
ð
3
O
0B30
ô
Ç
À
>
V
F
G
¯
s
.
Ü
z
>
£
ò
0B40
]
ÿ
.
.
.
0
.
.
.
U
.
.
.
.
ÿ
.
0B50
.
.
.
U
.
.
4
.
ÿ
+
.
0
&
0
$
ÿ
0B60
.
+
.
c
s
p
.
U
.
.
i
c
ÿ
r
t
.
0B70
c
.
.
o
b
a
l
+
.
.
.
.
.
.
.
r
0B80
l
0
7
t
G
l
o
+
.
.
.
.
.
0
.
A
0B90
.
h
t
t
p
:
/
/
o
c
s
p
.
d
i
g
0BA0
i
c
e
r
t
.
c
o
m
U
.
.
0
7
.
5
0BB0
.
3
.
1
h
t
t
p
:
/
.
1
h
t
t
p
0BC0
:
/
/
c
r
l
4
.
d
i
g
i
c
e
r
t
0BD0
.
c
o
m
/
D
i
g
i
C
e
r
t
G
l
o
0BE0
b
a
l
R
o
o
t
C
A
.
c
r
l
.
1
h
0BF0
t
t
p
.
1
h
t
t
p
:
/
/
c
r
l
3
0C00
.
d
i
g
i
c
e
r
t
.
c
o
m
/
D
i
0C10
g
i
C
e
r
t
G
l
o
b
a
l
R
o
o
t
0C20
C
A
.
c
r
l
U
.
0
2
.
.
U
.
0C30
.
U
.
.
0
(
.
.
+
.
+
.
.
.
.
0C40
.
.
.
h
t
t
p
s
:
/
/
w
w
w
.
d
0C50
i
g
i
c
e
r
t
.
c
o
m
/
C
P
S
U
0C60
.
.
Ý
Q
Ð
¢
1
s
©
s
®
.
´
.
~
]
0C70
.
W
Ë
.
ð
÷
U
.
#
.
Þ
P
5
V
Ñ
L
0C80
»
f
ð
£
â
.
.
Ã
.
²
=
Ñ
U
*
.
H
0C90
.
÷
.
.
.
.
.
.
)
Ä
È
¦
þ
´
8
(
0CA0
÷
£
.
g
.
ê
.
;
.
K
@
b
b
.
<
.
0CB0
Æ
.
Ü
6
§
O
2
q
F
.
^
.
.
\
k
ð
0CC0
m
m
Ù
!
v
.
½
F
Ä
¹
f
.
M
ÿ
.
.
0CD0
z
.
i
.
²
Ö
ÿ
É
.
p
¾
£
Ì
.
!
.
0CE0
î
\
.
$
.
Â
.
.
à
Ì
.
.
.
.
¸
.
0CF0
.
µ
[
.
+
*
÷
×
¥
/
J
e
¨
Ä
ä
Å
0D00
Ç
q
©
.
F
O
«
m
K
*
.
Ë
ñ
©
;
ö
0D10
.
!
9
´
ë
.
`
.
.
.
.
¿
Þ
«
Ò
F
0D20
.
.
.
;
v
.
ù
.
Õ
Î
S
.
B
{
)
M
0D30
F
Ñ
.
Í
d
ì
!
.
O
/
.
C
X
Ñ
e
í
0D40
\
¥
û
D
.
Ò
P
è
Þ
f
Ä
¶
1
.
.
3
0D50
.
°
É
Æ
K
.
ç
[
5
.
Ù
F
Î
1
ë
¿
0D60
¸
ö
.
.
.
.
.
"
V
Ä
#
.
T
ç
R
3
0D70
.
%
Ë
.
ì
D
U
.
c
.
r
³
Í
.
^
~
0D80
.
'
.
Õ
¤
ê
°
â
¥
Ü
.
)
%
.
è
Î
0D90
,
é
é
Ð
|
ï
Î
.
.
.
Û
.
.
.
×
.
0DA0
.
.
I
.
.
.
A
.
c
.
y
C
ñ
p
_
ß
0DB0
Õ
.
s
ú
.
n
.
²
r
Ø
.
Ú
Ú
.
Ï
Q
0DC0
Î
Î
.
$
.
¬
.
¸
ä
.
.
¾
{
.
.
þ
0DD0
ç
.
.
.
ê
ú
z
z
.
.
.
ÿ
r
4
"
;
0DE0
*
B
´
#
ö
.
É
.
.
.
.
.
.
û
ì
.
0DF0
V
.
:
b
¦
Þ
¥
¬
.
Þ
.
.
K
.
R
}
0E00
£
.
{
.
Ô
¨
«
¶
¹
.
%
"
x
.
¡
?
0E10
.
Ý
.
Ò
.
å
^
l
X
{
ú
°
°
Þ
.
.
0E20
&
.
®
ß
[
.
è
+
ß
.
.
Y
5
ó
.
w
0E30
.
Ú
.
¡
.
.
K
R
´
ù
¼
t
V
.
.
.
0E40
.
6
.
§
.
Á
.
Ñ
g
b
/
Ì
.
.
.
Ü
0E50
`
¸
.
2
E
.
´
§
/
.
&
.
ã
.
h
*
0E60
}
.
c
r
'
.
.
J
&
Ô
Æ
C
v
¤
y
7
0E70
ý
.
.
@
ç
.
&
Ø
.
Y
¨
b
.
]
.
*
0E80
³
ê
³
=
k
.
L
m
.
è
.
-
x
»
é
ã
0E90
+
7
Y
d
]
0
.
ý
¼
.
m
7
»
ö
î
\
0EA0
Ð
.
.
G
x
³
:
.
¼
.
&
·
Æ
.
j
Ù
0EB0
.
ü
à
Ô
J
#
.
.
5
ß
.
H
V
â
.
ä
0EC0
Ü
Ç
¾
.
.
¢
ø
Â
.
:
F
.
W
É
t
d
0ED0
.
.
.
ì
Q
.
f
`
¼
`
Ô
t
¢
¹
.
¡
0EE0
Õ
Ö
.
A
.
.
.
A
©
W
?
K
.
.
.
A
0EF0
.
c
.
y
C
ñ
p
_
ß
Õ
.
s
ú
.
n
.
0F00
²
r
Ø
.
Ú
Ú
.
Ï
Q
Î
Î
.
$
.
¬
.
0F10
¸
ä
.
.
¾
{
.
.
þ
ç
.
.
.
ê
ú
z
0F20
z
.
.
.
ÿ
r
4
"
;
*
B
´
#
ö
.
É
0F30
.
.
.
.
.
.
.
.
û
ì
.
V
.
:
b
¦
0F40
Þ
¥
¬
.
Þ
.
.
K
.
R
}
£
.
{
.
Ô
0F50
¨
«
¶
¹
.
%
"
x
.
¡
?
.
Ý
.
Ò
.
0F60
å
^
l
X
{
ú
°
°
Þ
.
.
&
.
®
ß
[
0F70
.
è
+
ß
.
.
Y
5
ó
.
w
.
Ú
.
¡
.
0F80
.
K
R
´
ù
¼
t
V
.
.
.
.
6
.
§
.
0F90
Á
.
Ñ
g
b
/
Ì
.
.
.
Ü
`
¸
.
2
E
0FA0
.
´
§
/
.
&
.
ã
.
h
*
}
.
c
r
'
0FB0
.
.
J
&
Ô
Æ
C
v
¤
y
7
ý
.
.
@
ç
0FC0
.
&
Ø
.
Y
¨
b
.
]
.
*
³
ê
³
=
k
0FD0
.
L
m
.
è
.
-
x
»
é
ã
+
7
Y
d
]
0FE0
0
.
ý
¼
.
m
7
»
ö
î
\
Ð
.
.
G
x
0FF0
³
:
.
¼
.
&
·
Æ
.
j
Ù
.
ü
à
Ô
J
1000
#
.
.
5
ß
.
H
V
â
.
ä
Ü
Ç
¾
.
.
1010
¢
ø
Â
.
:
F
.
W
É
t
d
.
.
.
ì
Q
1020
.
f
`
¼
`
Ô
t
¢
¹
.
¡
Õ
Ö
.
A
.
1030
.
.
A
©
W
?
K
.
.
.
.
.
.
.
@
.
1040
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1050
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1060
.
.
.
.
.
.
.
.
.
.
.
- Frame 22: 775 bytes on wire (6200 bits), 775 bytes captured (6200 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 719
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 4031, Ack: 576, Len: 699
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 699
- Sequence number: 4031 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x87d3 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
- Content Type: Handshake (22)
- Version: TLS 1.2 (0x0303)
- Length: 4354
- Handshake Protocol: Server Hello
- Handshake Type: Server Hello (2)
- Length: 85
- Version: TLS 1.2 (0x0303)
- Random: 5dba9a9ff6839ad974d9dbc076e2f47e45f8e0862536fa90...
- GMT Unix Time: Oct 31, 2019 09:26:07.000000000 CET
- Random Bytes: f6839ad974d9dbc076e2f47e45f8e0862536fa90e7c5c9dc...
- Session ID Length: 32
- Session ID: cd020000bbdc7a2c263510011d4ad8b65b735f266ac1688e...
- Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
- Compression Method: null (0)
- Extensions Length: 13
- Extension: status_request (len=0)
- Type: status_request (5)
- Length: 0
- Extension: extended_master_secret (len=0)
- Type: extended_master_secret (23)
- Length: 0
- Extension: renegotiation_info (len=1)
- Type: renegotiation_info (65281)
- Length: 1
- Renegotiation Info extension
- Renegotiation info extension length: 0
- Handshake Protocol: Certificate
- Handshake Type: Certificate (11)
- Length: 3415
- Certificates Length: 3412
- Certificates (3412 bytes)
- Certificate Length: 2232
- Certificate: 308208b43082079ca0030201020210092569d941330e7435... (id-at-commonName=outlook.com,id-at-organizationName=Microsoft Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=US)
- signedCertificate
- version: v3 (2)
- serialNumber: 0x092569d941330e74355ccace4dbfc4ca
- signature (sha256WithRSAEncryption)
- Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
- issuer: rdnSequence (0)
- rdnSequence: 3 items (id-at-commonName=DigiCert Cloud Services CA-1,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
- RDNSequence item: 1 item (id-at-countryName=US)
- RelativeDistinguishedName item (id-at-countryName=US)
- Id: 2.5.4.6 (id-at-countryName)
- CountryName: US
- RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
- RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
- Id: 2.5.4.10 (id-at-organizationName)
- DirectoryString: printableString (1)
- printableString: DigiCert Inc
- RDNSequence item: 1 item (id-at-commonName=DigiCert Cloud Services CA-1)
- RelativeDistinguishedName item (id-at-commonName=DigiCert Cloud Services CA-1)
- Id: 2.5.4.3 (id-at-commonName)
- DirectoryString: printableString (1)
- printableString: DigiCert Cloud Services CA-1
- validity
- notBefore: utcTime (0)
- utcTime: 19-04-11 00:00:00 (UTC)
- notAfter: utcTime (0)
- utcTime: 21-04-11 12:00:00 (UTC)
- subject: rdnSequence (0)
- rdnSequence: 5 items (id-at-commonName=outlook.com,id-at-organizationName=Microsoft Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=US)
- RDNSequence item: 1 item (id-at-countryName=US)
- RelativeDistinguishedName item (id-at-countryName=US)
- Id: 2.5.4.6 (id-at-countryName)
- CountryName: US
- RDNSequence item: 1 item (id-at-stateOrProvinceName=Washington)
- RelativeDistinguishedName item (id-at-stateOrProvinceName=Washington)
- Id: 2.5.4.8 (id-at-stateOrProvinceName)
- DirectoryString: printableString (1)
- printableString: Washington
- RDNSequence item: 1 item (id-at-localityName=Redmond)
- RelativeDistinguishedName item (id-at-localityName=Redmond)
- Id: 2.5.4.7 (id-at-localityName)
- DirectoryString: printableString (1)
- RDNSequence item: 1 item (id-at-organizationName=Microsoft Corporation)
- RelativeDistinguishedName item (id-at-organizationName=Microsoft Corporation)
- Id: 2.5.4.10 (id-at-organizationName)
- DirectoryString: printableString (1)
- printableString: Microsoft Corporation
- RDNSequence item: 1 item (id-at-commonName=outlook.com)
- RelativeDistinguishedName item (id-at-commonName=outlook.com)
- Id: 2.5.4.3 (id-at-commonName)
- DirectoryString: printableString (1)
- printableString: outlook.com
- subjectPublicKeyInfo
- algorithm (rsaEncryption)
- Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
- subjectPublicKey: 3082010a028201010097643d366165795f5a6e9a493bb597...
- modulus: 0x0097643d366165795f5a6e9a493bb597555125f28c333767...
- publicExponent: 65537
- extensions: 10 items
- Extension (id-ce-authorityKeyIdentifier)
- Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
- AuthorityKeyIdentifier
- keyIdentifier: dd51d0a23173a973ae8fb4017e5d8c57cb9ff0f7
- Extension (id-ce-subjectKeyIdentifier)
- Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
- SubjectKeyIdentifier: e98d0f1bfe31d8afffb8ffd0a4a89da72a201ff5
- Extension (id-ce-subjectAltName)
- Extension Id: 2.5.29.17 (id-ce-subjectAltName)
- GeneralNames: 23 items
- GeneralName: dNSName (2)
- dNSName: *.internal.outlook.com
- GeneralName: dNSName (2)
- GeneralName: dNSName (2)
- GeneralName: dNSName (2)
- GeneralName: dNSName (2)
- GeneralName: dNSName (2)
- dNSName: *.outlook.office365.com
- GeneralName: dNSName (2)
- GeneralName: dNSName (2)
- dNSName: outlook.office.com
- GeneralName: dNSName (2)
- dNSName: substrate.office.com
- GeneralName: dNSName (2)
- dNSName: attachment.outlook.live.net
- GeneralName: dNSName (2)
- dNSName: attachment.outlook.office.net
- GeneralName: dNSName (2)
- dNSName: attachment.outlook.officeppe.net
- GeneralName: dNSName (2)
- dNSName: attachments.office.net
- GeneralName: dNSName (2)
- dNSName: *.clo.footprintdns.com
- GeneralName: dNSName (2)
- dNSName: *.nrb.footprintdns.com
- GeneralName: dNSName (2)
- dNSName: ccs.login.microsoftonline.com
- GeneralName: dNSName (2)
- dNSName: ccs-sdf.login.microsoftonline.com
- GeneralName: dNSName (2)
- dNSName: substrate-sdf.office.com
- GeneralName: dNSName (2)
- dNSName: attachments-sdf.office.net
- GeneralName: dNSName (2)
- GeneralName: dNSName (2)
- dNSName: mail.services.live.com
- GeneralName: dNSName (2)
- GeneralName: dNSName (2)
- Extension (id-ce-keyUsage)
- Extension Id: 2.5.29.15 (id-ce-keyUsage)
- critical: True
- Padding: 5
- KeyUsage: a0 (digitalSignature, keyEncipherment)
- 1... .... = digitalSignature: True
- .0.. .... = contentCommitment: False
- ..1. .... = keyEncipherment: True
- Extension (id-ce-extKeyUsage)
- Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
- KeyPurposeIDs: 2 items
- KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
- KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
- Extension (id-ce-cRLDistributionPoints)
- Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints)
- CRLDistPointsSyntax: 2 items
- DistributionPoint
- distributionPoint: fullName (0)
- fullName: 1 item
- GeneralName: uniformResourceIdentifier (6)
- uniformResourceIdentifier: http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl
- DistributionPoint
- distributionPoint: fullName (0)
- fullName: 1 item
- GeneralName: uniformResourceIdentifier (6)
- uniformResourceIdentifier: http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl
- Extension (id-ce-certificatePolicies)
- Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
- CertificatePoliciesSyntax: 2 items
- PolicyInformation
- policyIdentifier: 2.16.840.1.114412.1.1 (US company arc.114412.1.1)
- policyQualifiers: 1 item
- PolicyQualifierInfo
- Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
- DirectoryString: https://www.digicert.com/CPS
- PolicyInformation
- policyIdentifier: 2.23.140.1.2.2 (joint-iso-itu-t.23.140.1.2.2)
- Extension (id-pe-authorityInfoAccessSyntax)
- Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccessSyntax)
- AuthorityInfoAccessSyntax: 2 items
- AccessDescription
- accessMethod: 1.3.6.1.5.5.7.48.1 (id-pkix.48.1)
- accessLocation: 6
- uniformResourceIdentifier: http://ocspx.digicert.com
- AccessDescription
- accessMethod: 1.3.6.1.5.5.7.48.2 (id-pkix.48.2)
- accessLocation: 6
- uniformResourceIdentifier: http://cacerts.digicert.com/DigiCertCloudServicesCA-1.crt
- Extension (id-ce-basicConstraints)
- Extension Id: 2.5.29.19 (id-ce-basicConstraints)
- critical: True
- BasicConstraintsSyntax [0 length]
- Extension (SignedCertificateTimestampList)
- Extension Id: 1.3.6.1.4.1.11129.2.4.2 (SignedCertificateTimestampList)
- Serialized SCT List Length: 360
- Signed Certificate Timestamp (Google 'Skydiver' log)
- Serialized SCT Length: 118
- SCT Version: 0
- Log ID: bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a...
- Timestamp: Apr 11, 2019 23:37:04.829000000 UTC
- Extensions length: 0
- Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Length: 71
- Signature: 3045022100aa97825bde05b3bec5fb643e2727cd77fa79f4...
- Signed Certificate Timestamp (DigiCert CT2 log)
- Serialized SCT Length: 118
- SCT Version: 0
- Log ID: 8775bfe7597cf88c43995fbdf36eff568d475636ff4ab560...
- Timestamp: Apr 11, 2019 23:37:05.099000000 UTC
- Extensions length: 0
- Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Length: 71
- Signature: 3045022066b187e5be61291bb4e32d1cf5aa1cf4ca613b65...
- Signed Certificate Timestamp (Unknown Log)
- Serialized SCT Length: 118
- SCT Version: 0
- Log ID: 4494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b5...
- Timestamp: Apr 11, 2019 23:37:04.706000000 UTC
- Extensions length: 0
- Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Length: 71
- Signature: 304502210082d38095e403ba33b3cd5192cc071c9bd16dd8...
- algorithmIdentifier (sha256WithRSAEncryption)
- Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
- Padding: 0
- encrypted: 45c88b77814a7fc3627ac8e742238d22cfb14bc4805a3db7...
- Certificate Length: 1174
- Certificate: 308204923082037aa0030201020210019ec1c6bd3f597bb2... (id-at-commonName=DigiCert Cloud Services CA-1,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
- signedCertificate
- version: v3 (2)
- serialNumber: 0x019ec1c6bd3f597bb20c3338e551d877
- signature (sha256WithRSAEncryption)
- Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
- issuer: rdnSequence (0)
- rdnSequence: 4 items (id-at-commonName=DigiCert Global Root CA,id-at-organizationalUnitName=www.digicert.com,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
- RDNSequence item: 1 item (id-at-countryName=US)
- RelativeDistinguishedName item (id-at-countryName=US)
- Id: 2.5.4.6 (id-at-countryName)
- CountryName: US
- RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
- RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
- Id: 2.5.4.10 (id-at-organizationName)
- DirectoryString: printableString (1)
- printableString: DigiCert Inc
- RDNSequence item: 1 item (id-at-organizationalUnitName=www.digicert.com)
- RelativeDistinguishedName item (id-at-organizationalUnitName=www.digicert.com)
- Id: 2.5.4.11 (id-at-organizationalUnitName)
- DirectoryString: printableString (1)
- printableString: www.digicert.com
- RDNSequence item: 1 item (id-at-commonName=DigiCert Global Root CA)
- RelativeDistinguishedName item (id-at-commonName=DigiCert Global Root CA)
- Id: 2.5.4.3 (id-at-commonName)
- DirectoryString: printableString (1)
- printableString: DigiCert Global Root CA
- validity
- notBefore: utcTime (0)
- utcTime: 15-08-04 12:00:00 (UTC)
- notAfter: utcTime (0)
- utcTime: 30-08-04 12:00:00 (UTC)
- subject: rdnSequence (0)
- rdnSequence: 3 items (id-at-commonName=DigiCert Cloud Services CA-1,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
- RDNSequence item: 1 item (id-at-countryName=US)
- RelativeDistinguishedName item (id-at-countryName=US)
- Id: 2.5.4.6 (id-at-countryName)
- CountryName: US
- RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
- RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
- Id: 2.5.4.10 (id-at-organizationName)
- DirectoryString: printableString (1)
- printableString: DigiCert Inc
- RDNSequence item: 1 item (id-at-commonName=DigiCert Cloud Services CA-1)
- RelativeDistinguishedName item (id-at-commonName=DigiCert Cloud Services CA-1)
- Id: 2.5.4.3 (id-at-commonName)
- DirectoryString: printableString (1)
- printableString: DigiCert Cloud Services CA-1
- subjectPublicKeyInfo
- algorithm (rsaEncryption)
- Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
- subjectPublicKey: 3082010a0282010100d1adf6871479542757c72f05683c9b...
- modulus: 0x00d1adf6871479542757c72f05683c9b3ccd67ec45102c84...
- publicExponent: 65537
- extensions: 7 items
- Extension (id-ce-basicConstraints)
- Extension Id: 2.5.29.19 (id-ce-basicConstraints)
- critical: True
- BasicConstraintsSyntax
- cA: True
- pathLenConstraint: 0
- Extension (id-ce-keyUsage)
- Extension Id: 2.5.29.15 (id-ce-keyUsage)
- critical: True
- Padding: 1
- KeyUsage: 86 (digitalSignature, keyCertSign, cRLSign)
- 1... .... = digitalSignature: True
- .0.. .... = contentCommitment: False
- ..0. .... = keyEncipherment: False
- ...0 .... = dataEncipherment: False
- .... 0... = keyAgreement: False
- .... .1.. = keyCertSign: True
- .... ..1. = cRLSign: True
- Extension (id-pe-authorityInfoAccessSyntax)
- Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccessSyntax)
- AuthorityInfoAccessSyntax: 1 item
- AccessDescription
- accessMethod: 1.3.6.1.5.5.7.48.1 (id-pkix.48.1)
- accessLocation: 6
- uniformResourceIdentifier: http://ocsp.digicert.com
- Extension (id-ce-cRLDistributionPoints)
- Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints)
- CRLDistPointsSyntax: 2 items
- DistributionPoint
- distributionPoint: fullName (0)
- fullName: 1 item
- GeneralName: uniformResourceIdentifier (6)
- uniformResourceIdentifier: http://crl4.digicert.com/DigiCertGlobalRootCA.crl
- DistributionPoint
- distributionPoint: fullName (0)
- fullName: 1 item
- GeneralName: uniformResourceIdentifier (6)
- uniformResourceIdentifier: http://crl3.digicert.com/DigiCertGlobalRootCA.crl
- Extension (id-ce-certificatePolicies)
- Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
- CertificatePoliciesSyntax: 1 item
- PolicyInformation
- policyIdentifier: 2.5.29.32.0 (id-ce-certificatePolicies.0)
- policyQualifiers: 1 item
- PolicyQualifierInfo
- Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
- DirectoryString: https://www.digicert.com/CPS
- Extension (id-ce-subjectKeyIdentifier)
- Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
- SubjectKeyIdentifier: dd51d0a23173a973ae8fb4017e5d8c57cb9ff0f7
- Extension (id-ce-authorityKeyIdentifier)
- Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
- AuthorityKeyIdentifier
- keyIdentifier: 03de503556d14cbb66f0a3e21b1bc397b23dd155
- algorithmIdentifier (sha256WithRSAEncryption)
- Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
- Padding: 0
- encrypted: 0829c4c8a6feb43828f7a319678cea053b0e4b4062621e3c...
- Handshake Protocol: Certificate Status
- Handshake Type: Certificate Status (22)
- Length: 475
- Certificate Status Type: OCSP (1)
- OCSP Response Length: 471
- Handshake Protocol: Server Key Exchange
- Handshake Type: Server Key Exchange (12)
- Length: 329
- EC Diffie-Hellman Server Params
- Curve Type: named_curve (0x03)
- Named Curve: secp256r1 (0x0017)
- Pubkey Length: 65
- Pubkey: 04638a7943f1705fdfd50473fa016e03b272d892dada96cf...
- Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Length: 256
- Signature: 16fbec0856903a62a6dea5ac04de8e094b0f527da3857b0c...
- Handshake Protocol: Certificate Request
- Handshake Type: Certificate Request (13)
- Length: 26
- Certificate types count: 3
- Certificate types (3 types)
- Certificate type: RSA Sign (1)
- Certificate type: DSS Sign (2)
- Certificate type: ECDSA Sign (64)
- Signature Hash Algorithms Length: 18
- Signature Hash Algorithms (9 algorithms)
- Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
- Signature Hash Algorithm Hash: SHA384 (5)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
- Signature Hash Algorithm Hash: SHA1 (2)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
- Signature Hash Algorithm Hash: SHA384 (5)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: ecdsa_sha1 (0x0203)
- Signature Hash Algorithm Hash: SHA1 (2)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: SHA1 DSA (0x0202)
- Signature Hash Algorithm Hash: SHA1 (2)
- Signature Hash Algorithm Signature: DSA (2)
- Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
- Signature Hash Algorithm Hash: SHA512 (6)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
- Signature Hash Algorithm Hash: SHA512 (6)
- Signature Hash Algorithm Signature: ECDSA (3)
- Distinguished Names Length: 0
- Handshake Protocol: Server Hello Done
- Handshake Type: Server Hello Done (14)
- Length: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8a
97
0040
ca
c5
e6
8a
50
00
01
40
0b
8a
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
æ
.
P
.
.
@
.
.
.
.
- Frame 23: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4730, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 4730 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x0b8a [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
99
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8a
97
0040
ca
c5
e6
8a
50
00
01
40
03
ae
00
00
16
03
03
00
0050
4d
0b
00
00
03
00
00
00
10
00
00
42
41
04
c8
17
0060
18
7d
ba
95
71
8c
93
cf
cd
40
75
eb
a2
45
66
77
0070
bf
c0
b0
65
9a
d9
7f
df
12
85
4f
cb
56
0e
9a
e2
0080
f1
85
c8
f8
ae
23
b2
32
e0
bc
e3
64
c5
d0
83
ff
0090
9a
97
24
14
0a
42
b1
b2
d1
5a
8a
41
cd
71
14
03
00A0
03
00
01
16
03
03
00
28
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
æ
.
P
.
.
@
.
®
.
.
.
.
.
.
0050
M
.
.
.
.
.
.
.
.
.
.
B
A
.
È
.
0060
.
}
º
.
q
.
.
Ï
Í
@
u
ë
¢
E
f
w
0070
¿
À
°
e
.
Ù
.
ß
.
.
O
Ë
V
.
.
â
0080
ñ
.
È
ø
®
#
²
2
à
¼
ã
d
Å
Ð
.
ÿ
0090
.
.
$
.
.
B
±
²
Ñ
Z
.
A
Í
q
.
.
00A0
.
.
.
.
.
.
.
(
- Frame 24: 209 bytes on wire (1672 bits), 209 bytes captured (1672 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 153
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4730, Len: 133
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 133
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 4730 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x03ae [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
- Content Type: Handshake (22)
- Version: TLS 1.2 (0x0303)
- Length: 77
- Handshake Protocol: Certificate
- Handshake Type: Certificate (11)
- Length: 3
- Certificates Length: 0
- Handshake Protocol: Client Key Exchange
- Handshake Type: Client Key Exchange (16)
- Length: 66
- EC Diffie-Hellman Client Params
- Pubkey Length: 65
- Pubkey: 04c817187dba95718c93cfcd4075eba2456677bfc0b0659a...
- TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
- Content Type: Change Cipher Spec (20)
- Version: TLS 1.2 (0x0303)
- Length: 1
- Change Cipher Spec Message
- TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
- Content Type: Handshake (22)
- Version: TLS 1.2 (0x0303)
- Length: 40
- Handshake Protocol: Encrypted Handshake Message
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
61
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8b
1c
0040
ca
c5
e6
8a
50
00
01
40
19
58
00
00
17
03
03
00
0050
48
00
00
00
00
00
00
00
01
33
48
77
ad
4d
bf
b5
0060
88
b0
9a
b1
d6
56
b2
c3
e4
b3
23
fb
f1
e1
96
1a
0070
17
24
85
92
5c
63
e1
a0
31
b5
06
fb
fc
39
50
e7
0080
c7
f8
70
a2
23
94
8c
86
1e
b9
ac
db
33
89
ac
b9
0090
92
17
e3
57
71
a3
af
51
10
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
a
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
æ
.
P
.
.
@
.
X
.
.
.
.
.
.
0050
H
.
.
.
.
.
.
.
.
3
H
w
.
M
¿
µ
0060
.
°
.
±
Ö
V
²
Ã
ä
³
#
û
ñ
á
.
.
0070
.
$
.
.
\
c
á
.
1
µ
.
û
ü
9
P
ç
0080
Ç
ø
p
¢
#
.
.
.
.
¹
¬
Û
3
.
¬
¹
0090
.
.
ã
W
q
£
¯
Q
.
- Frame 25: 153 bytes on wire (1224 bits), 153 bytes captured (1224 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 97
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 709, Ack: 4730, Len: 77
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 77
- Sequence number: 709 (relative sequence number)
- Acknowledgment number: 4730 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x1958 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 72
- Encrypted Application Data: 0000000000000001334877ad4dbfb588b09ab1d656b2c3e4...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
47
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e6
8a
0040
84
ad
8b
1c
50
00
80
00
b8
29
00
00
14
03
03
00
0050
01
00
16
03
03
00
28
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
G
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
æ
.
0040
.
.
.
.
P
.
.
.
¸
)
.
.
.
.
.
.
0050
.
.
.
.
.
.
(
- Frame 26: 127 bytes on wire (1016 bits), 127 bytes captured (1016 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 71
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 4730, Ack: 709, Len: 51
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 51
- Sequence number: 4730 (relative sequence number)
- Acknowledgment number: 709 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xb829 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
- Content Type: Change Cipher Spec (20)
- Version: TLS 1.2 (0x0303)
- Length: 1
- Change Cipher Spec Message
- TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
- Content Type: Handshake (22)
- Version: TLS 1.2 (0x0303)
- Length: 40
- Handshake Protocol: Encrypted Handshake Message
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8b
69
0040
ca
c5
e6
bd
50
00
01
40
0a
85
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
i
0040
Ê
Å
æ
½
P
.
.
@
.
.
.
.
- Frame 27: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 4781, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 786 (relative sequence number)
- Acknowledgment number: 4781 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x0a85 [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
01
1f
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e6
bd
0040
84
ad
8b
69
50
00
80
00
24
83
00
00
17
03
03
01
0050
06
00
00
00
00
00
00
00
01
18
9f
af
ad
0f
0b
5f
0060
f1
e1
af
15
84
db
55
aa
17
7d
af
89
0d
e0
9c
57
0070
c7
40
57
fe
d5
80
64
d5
c6
3d
46
d6
8f
f0
96
fd
0080
30
66
da
2e
92
2c
9e
c5
12
3b
d7
52
1a
5f
7d
99
0090
d4
10
c8
27
25
58
c4
67
9a
df
27
fc
7d
dc
d8
2b
00A0
77
7a
50
cd
3a
36
31
73
17
90
b3
da
23
b9
a8
e4
00B0
3c
33
58
c6
1f
4b
eb
0a
5a
f1
74
0d
ca
31
bc
2a
00C0
5a
e2
4d
3a
7a
ef
70
6f
d5
db
68
46
b4
20
c7
fb
00D0
5b
67
67
ee
9b
4e
44
4b
57
ac
ec
24
c4
06
b6
ab
00E0
af
94
a5
96
7e
e5
3c
7c
05
82
8d
81
20
cb
bd
9f
00F0
62
8a
11
34
a8
1a
f6
e6
e8
b7
46
ba
e5
4a
03
cc
0100
db
f2
38
51
50
41
25
21
44
6a
50
08
77
97
50
38
0110
14
80
9b
f8
a2
35
79
eb
a7
36
db
ac
0a
ad
3c
fa
0120
7a
01
17
7d
d6
19
d4
41
33
fc
37
4c
47
c5
da
68
0130
9b
d1
9f
ee
3a
96
55
c0
0d
3c
29
7d
d6
ca
89
18
0140
fb
e1
2a
9f
d6
6b
ed
56
19
44
42
22
23
f2
3c
2b
0150
59
aa
48
ad
8c
6d
7c
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
.
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
æ
½
0040
.
.
.
i
P
.
.
.
$
.
.
.
.
.
.
.
0050
.
.
.
.
.
.
.
.
.
.
.
¯
.
.
.
_
0060
ñ
á
¯
.
.
Û
U
ª
.
}
¯
.
.
à
.
W
0070
Ç
@
W
þ
Õ
.
d
Õ
Æ
=
F
Ö
.
ð
.
ý
0080
0
f
Ú
.
.
,
.
Å
.
;
×
R
.
_
}
.
0090
Ô
.
È
'
%
X
Ä
g
.
ß
'
ü
}
Ü
Ø
+
00A0
w
z
P
Í
:
6
1
s
.
.
³
Ú
#
¹
¨
ä
00B0
<
3
X
Æ
.
K
ë
.
Z
ñ
t
.
Ê
1
¼
*
00C0
Z
â
M
:
z
ï
p
o
Õ
Û
h
F
´
Ç
û
00D0
[
g
g
î
.
N
D
K
W
¬
ì
$
Ä
.
¶
«
00E0
¯
.
¥
.
~
å
<
|
.
.
.
.
Ë
½
.
00F0
b
.
.
4
¨
.
ö
æ
è
·
F
º
å
J
.
Ì
0100
Û
ò
8
Q
P
A
%
!
D
j
P
.
w
.
P
8
0110
.
.
.
ø
¢
5
y
ë
§
6
Û
¬
.
.
<
ú
0120
z
.
.
}
Ö
.
Ô
A
3
ü
7
L
G
Å
Ú
h
0130
.
Ñ
.
î
:
.
U
À
.
<
)
}
Ö
Ê
.
.
0140
û
á
*
.
Ö
k
í
V
.
D
B
"
#
ò
<
+
0150
Y
ª
H
.
.
m
|
- Frame 28: 343 bytes on wire (2744 bits), 343 bytes captured (2744 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 287
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 4781, Ack: 786, Len: 267
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 267
- Sequence number: 4781 (relative sequence number)
- Acknowledgment number: 786 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x2483 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 262
- Encrypted Application Data: 0000000000000001189fafad0f0b5ff1e1af1584db55aa17...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8b
69
0040
ca
c5
e7
c8
50
00
01
53
09
67
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
i
0040
Ê
Å
ç
È
P
.
.
S
.
g
.
.
- Frame 29: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 5048, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 786 (relative sequence number)
- Acknowledgment number: 5048 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x0967 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
3d
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8b
69
0040
ca
c5
e7
c8
50
00
01
53
aa
74
00
00
17
03
03
00
0050
24
00
00
00
00
00
00
00
02
bf
02
00
91
4c
43
69
0060
e2
5b
a8
50
43
84
0b
60
be
db
70
94
9e
b4
39
ec
0070
f1
b1
98
f4
db
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
=
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
i
0040
Ê
Å
ç
È
P
.
.
S
ª
t
.
.
.
.
.
.
0050
$
.
.
.
.
.
.
.
.
¿
.
.
.
L
C
i
0060
â
[
¨
P
C
.
.
`
¾
Û
p
.
.
´
9
ì
0070
ñ
±
.
ô
Û
- Frame 30: 117 bytes on wire (936 bits), 117 bytes captured (936 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 61
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 5048, Len: 41
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 41
- Sequence number: 786 (relative sequence number)
- Acknowledgment number: 5048 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xaa74 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 36
- Encrypted Application Data: 0000000000000002bf0200914c4369e25ba85043840b60be...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
43
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e7
c8
0040
84
ad
8b
92
50
00
80
00
75
a6
00
00
17
03
03
00
0050
2a
00
00
00
00
00
00
00
02
92
50
44
6b
35
c5
ad
0060
8c
80
3f
54
74
38
8d
c0
5c
dc
c5
32
ae
2f
b8
3b
0070
79
27
09
20
01
b3
24
75
2f
3e
1f
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
C
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
ç
È
0040
.
.
.
.
P
.
.
.
u
¦
.
.
.
.
.
.
0050
*
.
.
.
.
.
.
.
.
.
P
D
k
5
Å
.
0060
.
.
?
T
t
8
.
À
\
Ü
Å
2
®
/
¸
;
0070
y
'
.
.
³
$
u
/
>
.
- Frame 31: 123 bytes on wire (984 bits), 123 bytes captured (984 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 67
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5048, Ack: 827, Len: 47
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 47
- Sequence number: 5048 (relative sequence number)
- Acknowledgment number: 827 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x75a6 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 42
- Encrypted Application Data: 00000000000000029250446b35c5ad8c803f5474388dc05c...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
5f
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8b
92
0040
ca
c5
e7
f7
50
00
01
53
b7
0d
00
00
17
03
03
00
0050
46
00
00
00
00
00
00
00
03
51
9a
b3
44
41
be
76
0060
00
60
ed
a8
48
d5
6f
dd
f3
5d
5c
ea
3a
12
d9
99
0070
79
9c
75
8f
0a
30
86
66
fd
29
9f
21
96
19
cf
0e
0080
b1
06
c3
6e
59
f4
b7
32
64
ba
5b
f6
78
61
c4
87
0090
b9
f6
7c
a0
eb
39
20
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
_
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
ç
÷
P
.
.
S
·
.
.
.
.
.
.
.
0050
F
.
.
.
.
.
.
.
.
Q
.
³
D
A
¾
v
0060
.
`
í
¨
H
Õ
o
Ý
ó
]
\
ê
:
.
Ù
.
0070
y
.
u
.
.
0
.
f
ý
)
.
!
.
.
Ï
.
0080
±
.
Ã
n
Y
ô
·
2
d
º
[
ö
x
a
Ä
.
0090
¹
ö
|
.
ë
9
- Frame 32: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 95
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 827, Ack: 5095, Len: 75
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 75
- Sequence number: 827 (relative sequence number)
- Acknowledgment number: 5095 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xb70d [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 70
- Encrypted Application Data: 0000000000000003519ab34441be760060eda848d56fddf3...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
43
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e7
f7
0040
84
ad
8b
dd
50
00
80
00
a8
a5
00
00
17
03
03
00
0050
2a
00
00
00
00
00
00
00
03
d9
12
57
c5
cc
0a
6d
0060
28
07
0d
50
00
49
0e
e9
77
65
a0
0d
02
43
b6
1f
0070
2a
27
ff
db
95
25
2e
69
88
db
2c
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
C
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
ç
÷
0040
.
.
.
Ý
P
.
.
.
¨
¥
.
.
.
.
.
.
0050
*
.
.
.
.
.
.
.
.
Ù
.
W
Å
Ì
.
m
0060
(
.
.
P
.
I
.
é
w
e
.
.
.
C
¶
.
0070
*
'
ÿ
Û
.
%
.
i
.
Û
,
- Frame 33: 123 bytes on wire (984 bits), 123 bytes captured (984 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 67
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5095, Ack: 902, Len: 47
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 47
- Sequence number: 5095 (relative sequence number)
- Acknowledgment number: 902 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xa8a5 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 42
- Encrypted Application Data: 0000000000000003d91257c5cc0a6d28070d5000490ee977...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
43
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8b
dd
0040
ca
c5
e8
26
50
00
01
53
59
f5
00
00
17
03
03
00
0050
2a
00
00
00
00
00
00
00
04
fd
8b
42
cd
88
5a
db
0060
89
f4
82
b2
c9
f1
bd
28
07
ee
c2
04
f9
a0
9f
00
0070
cb
19
82
7a
a9
49
21
b0
8b
dd
17
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
C
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
Ý
0040
Ê
Å
è
&
P
.
.
S
Y
õ
.
.
.
.
.
.
0050
*
.
.
.
.
.
.
.
.
ý
.
B
Í
.
Z
Û
0060
.
ô
.
²
É
ñ
½
(
.
î
Â
.
ù
.
.
.
0070
Ë
.
.
z
©
I
!
°
.
Ý
.
- Frame 34: 123 bytes on wire (984 bits), 123 bytes captured (984 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 67
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 902, Ack: 5142, Len: 47
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 47
- Sequence number: 902 (relative sequence number)
- Acknowledgment number: 5142 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x59f5 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 42
- Encrypted Application Data: 0000000000000004fd8b42cd885adb89f482b2c9f1bd2807...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
14
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e8
26
0040
84
ad
8c
0c
50
00
80
00
89
b8
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
.
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
è
&
0040
.
.
.
.
P
.
.
.
.
¸
.
.
- Frame 35: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5142, Ack: 949, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5142 (relative sequence number)
- Acknowledgment number: 949 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x89b8 [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
56
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e8
26
0040
84
ad
8c
0c
50
00
80
00
9b
e6
00
00
17
03
03
00
0050
3d
00
00
00
00
00
00
00
04
55
91
da
dd
6e
75
67
0060
d6
99
11
71
e3
b9
96
e3
72
1a
f9
fd
0c
5f
64
fe
0070
30
6b
23
b8
ea
b1
85
93
35
fe
7f
a4
2f
69
c0
42
0080
12
4e
a6
5f
8a
7b
39
e7
f1
b2
29
45
6b
a0
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
V
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
è
&
0040
.
.
.
.
P
.
.
.
.
æ
.
.
.
.
.
.
0050
=
.
.
.
.
.
.
.
.
U
.
Ú
Ý
n
u
g
0060
Ö
.
.
q
ã
¹
.
ã
r
.
ù
ý
.
_
d
þ
0070
0
k
#
¸
ê
±
.
.
5
þ
.
¤
/
i
À
B
0080
.
N
¦
_
.
{
9
ç
ñ
²
)
E
k
.
- Frame 36: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 86
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5142, Ack: 949, Len: 66
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 66
- Sequence number: 5142 (relative sequence number)
- Acknowledgment number: 949 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x9be6 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 61
- Encrypted Application Data: 00000000000000045591dadd6e7567d6991171e3b996e372...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
76
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8c
0c
0040
ca
c5
e8
68
50
00
01
53
f6
1f
00
00
17
03
03
00
0050
5d
00
00
00
00
00
00
00
05
c1
32
e4
7f
e3
02
d1
0060
64
43
e5
3f
e3
48
b5
e8
5c
e3
48
0d
08
6f
52
2e
0070
37
d3
b7
68
33
2e
ca
c9
35
b3
f0
e9
17
62
d3
15
0080
ee
c4
0f
2f
f8
ec
30
d9
33
18
e2
85
74
f8
d2
f8
0090
c6
c5
6e
20
06
f0
5c
de
29
76
03
01
a8
8f
ec
fe
00A0
ce
a2
13
a0
fc
d7
b0
f0
7f
4a
6f
3e
a0
18
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
v
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
è
h
P
.
.
S
ö
.
.
.
.
.
.
.
0050
]
.
.
.
.
.
.
.
.
Á
2
ä
.
ã
.
Ñ
0060
d
C
å
?
ã
H
µ
è
\
ã
H
.
.
o
R
.
0070
7
Ó
·
h
3
.
Ê
É
5
³
ð
é
.
b
Ó
.
0080
î
Ä
.
/
ø
ì
0
Ù
3
.
â
.
t
ø
Ò
ø
0090
Æ
Å
n
.
ð
\
Þ
)
v
.
.
¨
.
ì
þ
00A0
Î
¢
.
.
ü
×
°
ð
.
J
o
>
.
.
- Frame 37: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 118
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 949, Ack: 5208, Len: 98
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 98
- Sequence number: 949 (relative sequence number)
- Acknowledgment number: 5208 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xf61f [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 93
- Encrypted Application Data: 0000000000000005c132e47fe302d16443e53fe348b5e85c...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
46
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e8
68
0040
84
ad
8c
6e
50
00
80
00
d4
48
00
00
17
03
03
00
0050
2d
00
00
00
00
00
00
00
05
c9
be
93
d0
95
3c
5d
0060
12
c1
62
cc
5b
04
bb
69
27
31
2d
ca
d4
0c
ab
2e
0070
8b
5f
b0
96
54
4a
e5
4f
37
34
40
be
4e
89
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
F
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
è
h
0040
.
.
.
n
P
.
.
.
Ô
H
.
.
.
.
.
.
0050
-
.
.
.
.
.
.
.
.
É
¾
.
Ð
.
<
]
0060
.
Á
b
Ì
[
.
»
i
'
1
-
Ê
Ô
.
«
.
0070
.
_
°
.
T
J
å
O
7
4
@
¾
N
.
- Frame 38: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 70
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5208, Ack: 1047, Len: 50
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 50
- Sequence number: 5208 (relative sequence number)
- Acknowledgment number: 1047 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xd448 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 45
- Encrypted Application Data: 0000000000000005c9be93d0953c5d12c162cc5b04bb6927...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
5d
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8c
6e
0040
ca
c5
e8
9a
50
00
01
53
37
c5
00
00
17
03
03
00
0050
44
00
00
00
00
00
00
00
06
7f
4f
ae
11
96
b5
97
0060
56
9d
b4
b4
48
dc
a8
60
59
29
6d
d1
9a
14
fe
b0
0070
3b
de
b7
0d
d3
7e
f6
c2
17
26
18
d6
bd
16
07
a8
0080
8c
64
a3
c5
07
85
88
7f
c4
bf
98
8b
62
df
bc
42
0090
55
15
40
31
74
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
]
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
n
0040
Ê
Å
è
.
P
.
.
S
7
Å
.
.
.
.
.
.
0050
D
.
.
.
.
.
.
.
.
.
O
®
.
.
µ
.
0060
V
.
´
´
H
Ü
¨
`
Y
)
m
Ñ
.
.
þ
°
0070
;
Þ
·
.
Ó
~
ö
Â
.
&
.
Ö
½
.
.
¨
0080
.
d
£
Å
.
.
.
.
Ä
¿
.
.
b
ß
¼
B
0090
U
.
@
1
t
- Frame 39: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 93
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1047, Ack: 5258, Len: 73
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 73
- Sequence number: 1047 (relative sequence number)
- Acknowledgment number: 5258 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x37c5 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 68
- Encrypted Application Data: 00000000000000067f4fae1196b597569db4b448dca86059...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
49
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e8
9a
0040
84
ad
8c
b7
50
00
80
00
3e
32
00
00
17
03
03
00
0050
30
00
00
00
00
00
00
00
06
12
bd
0e
79
01
60
61
0060
df
78
ea
bf
99
a0
10
40
b3
c5
40
90
ed
37
7e
a2
0070
9c
e7
43
e5
fa
98
b1
e7
4b
85
1f
ab
8c
f2
d9
e8
0080
30
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
I
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
è
.
0040
.
.
.
·
P
.
.
.
>
2
.
.
.
.
.
.
0050
0
.
.
.
.
.
.
.
.
.
½
.
y
.
`
a
0060
ß
x
ê
¿
.
.
.
@
³
Å
@
.
í
7
~
¢
0070
.
ç
C
å
ú
.
±
ç
K
.
.
«
.
ò
Ù
è
0080
0
- Frame 40: 129 bytes on wire (1032 bits), 129 bytes captured (1032 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 73
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5258, Ack: 1120, Len: 53
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 53
- Sequence number: 5258 (relative sequence number)
- Acknowledgment number: 1120 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x3e32 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 48
- Encrypted Application Data: 000000000000000612bd0e79016061df78eabf99a01040b3...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
37
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8c
b7
0040
ca
c5
e8
cf
50
00
01
53
c6
b6
00
00
17
03
03
00
0050
1e
00
00
00
00
00
00
00
07
1e
0c
23
09
a1
0b
7e
0060
05
ec
78
a0
a3
0c
4f
e2
99
7a
81
05
2f
d1
24
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
7
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
·
0040
Ê
Å
è
Ï
P
.
.
S
Æ
¶
.
.
.
.
.
.
0050
.
.
.
.
.
.
.
.
.
.
.
#
.
¡
.
~
0060
.
ì
x
.
£
.
O
â
.
z
.
.
/
Ñ
$
- Frame 41: 111 bytes on wire (888 bits), 111 bytes captured (888 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 55
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1120, Ack: 5311, Len: 35
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 35
- Sequence number: 1120 (relative sequence number)
- Acknowledgment number: 5311 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xc6b6 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 30
- Encrypted Application Data: 00000000000000071e0c2309a10b7e05ec78a0a30c4fe299...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
5f
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e8
cf
0040
84
ad
8c
da
50
00
80
00
35
e9
00
00
17
03
03
00
0050
46
00
00
00
00
00
00
00
07
10
84
0c
c7
ab
8e
be
0060
d8
e8
68
5c
f0
56
c1
fa
ad
3b
28
32
f0
25
b7
9b
0070
74
60
8c
99
53
f8
0d
d6
ed
70
20
25
6a
30
ad
f9
0080
14
b7
b0
55
51
65
47
f4
4f
24
94
fc
9f
a2
b7
b2
0090
17
b7
ff
4b
05
4c
61
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
_
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
è
Ï
0040
.
.
.
Ú
P
.
.
.
5
é
.
.
.
.
.
.
0050
F
.
.
.
.
.
.
.
.
.
.
.
Ç
«
.
¾
0060
Ø
è
h
\
ð
V
Á
ú
.
;
(
2
ð
%
·
.
0070
t
`
.
.
S
ø
.
Ö
í
p
%
j
0
.
ù
0080
.
·
°
U
Q
e
G
ô
O
$
.
ü
.
¢
·
²
0090
.
·
ÿ
K
.
L
a
- Frame 42: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 95
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5311, Ack: 1155, Len: 75
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 75
- Sequence number: 5311 (relative sequence number)
- Acknowledgment number: 1155 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x35e9 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 70
- Encrypted Application Data: 000000000000000710840cc7ab8ebed8e8685cf056c1faad...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
02
07
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8c
da
0040
ca
c5
e9
1a
50
00
01
53
05
e6
00
00
17
03
03
01
0050
ee
00
00
00
00
00
00
00
08
52
2b
c4
b5
79
97
c6
0060
c2
84
a7
ef
12
ff
13
45
1b
0c
e5
b0
9c
7b
96
05
0070
4e
d8
6b
e1
09
53
a4
f8
ac
9e
e0
95
1a
af
8f
50
0080
9c
b7
13
16
c3
89
52
f3
c9
1c
1c
9c
f4
d0
2b
41
0090
81
48
cd
d1
f8
eb
2a
62
f4
f6
b1
11
59
8c
35
4e
00A0
46
bf
f3
9a
3f
c9
e5
e7
9a
1f
67
a1
ce
2b
c4
ef
00B0
7a
1c
93
1f
b1
89
44
87
aa
c7
3a
5f
15
c3
f1
a8
00C0
ad
e4
a4
16
59
8e
85
cc
92
26
68
8a
1c
41
4f
c3
00D0
e7
92
4f
5a
15
64
e0
f1
19
83
96
e0
78
b0
79
86
00E0
62
ce
9a
f9
50
9d
13
5c
c6
e8
4a
7a
07
56
33
37
00F0
99
0a
6a
0e
9a
f7
9b
51
77
5f
66
3a
da
7e
fe
7d
0100
a9
20
09
7a
2f
e0
5e
68
81
7a
90
31
c7
77
d4
41
0110
f1
39
9f
2b
59
5a
b4
75
a8
26
e2
04
26
9b
58
dc
0120
5f
56
b0
d2
b2
b8
1b
a5
70
55
f6
01
62
57
11
80
0130
01
c6
11
af
ef
f8
92
bc
a0
8c
d1
8f
55
61
f4
db
0140
91
b1
70
c8
1c
bc
c9
df
0f
47
79
4c
95
99
bc
b6
0150
a4
56
7c
d1
c0
bf
a6
c4
27
92
57
06
ba
de
a7
63
0160
f6
c4
ed
64
62
0c
02
98
79
31
b2
a9
93
40
b7
10
0170
15
1f
cd
f0
64
3b
35
57
49
f2
61
01
ef
8c
c5
6a
0180
4e
d7
14
7e
4f
7f
85
25
dd
b6
9e
08
ab
bf
d7
90
0190
84
28
dd
cc
58
0a
71
28
42
d9
61
57
90
2a
8f
8d
01A0
9f
4b
64
71
e3
d1
42
94
8e
0a
ae
3a
35
44
4c
1f
01B0
a5
ef
6c
01
cd
ce
dc
f2
8a
73
2a
51
48
95
7a
55
01C0
cf
d4
d4
74
81
fa
8e
ed
fb
58
ef
3c
26
cf
f5
b4
01D0
24
9a
46
a0
89
6c
4b
de
95
af
7e
69
60
e2
60
0c
01E0
84
c5
b1
9f
9d
e4
37
37
8a
35
46
19
6b
a8
33
71
01F0
37
ec
6f
53
48
50
df
84
43
f6
8d
ad
0a
91
19
ea
0200
e5
17
de
74
95
c6
5f
83
af
78
e5
7a
8e
49
34
03
0210
b6
da
93
9d
61
51
f7
17
9e
27
47
9f
bd
e4
38
f4
0220
20
c8
73
a6
32
16
01
fc
cd
8e
d9
e1
c8
e2
bb
df
0230
e9
81
7e
3a
b1
fc
74
ef
fd
32
c2
75
a2
36
80
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
Ú
0040
Ê
Å
é
.
P
.
.
S
.
æ
.
.
.
.
.
.
0050
î
.
.
.
.
.
.
.
.
R
+
Ä
µ
y
.
Æ
0060
Â
.
§
ï
.
ÿ
.
E
.
.
å
°
.
{
.
.
0070
N
Ø
k
á
.
S
¤
ø
¬
.
à
.
.
¯
.
P
0080
.
·
.
.
Ã
.
R
ó
É
.
.
.
ô
Ð
+
A
0090
.
H
Í
Ñ
ø
ë
*
b
ô
ö
±
.
Y
.
5
N
00A0
F
¿
ó
.
?
É
å
ç
.
.
g
¡
Î
+
Ä
ï
00B0
z
.
.
.
±
.
D
.
ª
Ç
:
_
.
Ã
ñ
¨
00C0
.
ä
¤
.
Y
.
.
Ì
.
&
h
.
.
A
O
Ã
00D0
ç
.
O
Z
.
d
à
ñ
.
.
.
à
x
°
y
.
00E0
b
Î
.
ù
P
.
.
\
Æ
è
J
z
.
V
3
7
00F0
.
.
j
.
.
÷
.
Q
w
_
f
:
Ú
~
þ
}
0100
©
.
z
/
à
^
h
.
z
.
1
Ç
w
Ô
A
0110
ñ
9
.
+
Y
Z
´
u
¨
&
â
.
&
.
X
Ü
0120
_
V
°
Ò
²
¸
.
¥
p
U
ö
.
b
W
.
.
0130
.
Æ
.
¯
ï
ø
.
¼
.
.
Ñ
.
U
a
ô
Û
0140
.
±
p
È
.
¼
É
ß
.
G
y
L
.
.
¼
¶
0150
¤
V
|
Ñ
À
¿
¦
Ä
'
.
W
.
º
Þ
§
c
0160
ö
Ä
í
d
b
.
.
.
y
1
²
©
.
@
·
.
0170
.
.
Í
ð
d
;
5
W
I
ò
a
.
ï
.
Å
j
0180
N
×
.
~
O
.
.
%
Ý
¶
.
.
«
¿
×
.
0190
.
(
Ý
Ì
X
.
q
(
B
Ù
a
W
.
*
.
.
01A0
.
K
d
q
ã
Ñ
B
.
.
.
®
:
5
D
L
.
01B0
¥
ï
l
.
Í
Î
Ü
ò
.
s
*
Q
H
.
z
U
01C0
Ï
Ô
Ô
t
.
ú
.
í
û
X
ï
<
&
Ï
õ
´
01D0
$
.
F
.
.
l
K
Þ
.
¯
~
i
`
â
`
.
01E0
.
Å
±
.
.
ä
7
7
.
5
F
.
k
¨
3
q
01F0
7
ì
o
S
H
P
ß
.
C
ö
.
.
.
.
.
ê
0200
å
.
Þ
t
.
Æ
_
.
¯
x
å
z
.
I
4
.
0210
¶
Ú
.
.
a
Q
÷
.
.
'
G
.
½
ä
8
ô
0220
È
s
¦
2
.
.
ü
Í
.
Ù
á
È
â
»
ß
0230
é
.
~
:
±
ü
t
ï
ý
2
Â
u
¢
6
.
- Frame 43: 575 bytes on wire (4600 bits), 575 bytes captured (4600 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 519
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1155, Ack: 5386, Len: 499
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 499
- Sequence number: 1155 (relative sequence number)
- Acknowledgment number: 5386 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x05e6 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 494
- Encrypted Application Data: 0000000000000008522bc4b57997c6c284a7ef12ff13451b...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
14
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e9
1a
0040
84
ad
8e
cd
50
00
80
00
86
03
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
.
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
é
.
0040
.
.
.
Í
P
.
.
.
.
.
.
.
- Frame 44: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5386, Ack: 1654, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5386 (relative sequence number)
- Acknowledgment number: 1654 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x8603 [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
a6
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e9
1a
0040
84
ad
8e
cd
50
00
80
00
e1
0d
00
00
17
03
03
00
0050
8d
00
00
00
00
00
00
00
08
39
13
54
dc
d9
e2
58
0060
70
5b
39
79
6b
d7
91
b5
9a
17
0b
d1
0c
d8
27
e7
0070
47
27
eb
13
e5
55
86
37
07
e0
04
25
1b
8f
41
42
0080
85
80
5c
34
30
9f
26
10
a3
81
97
b7
da
ee
76
e9
0090
c1
f1
03
a7
54
3b
6a
03
41
b4
6b
a6
bf
44
d5
86
00A0
49
ac
7d
7a
0e
4c
78
af
20
eb
70
e6
05
af
33
41
00B0
cd
4a
c0
29
4d
11
a2
94
8d
51
68
de
98
0d
f7
ed
00C0
31
14
62
07
31
6f
19
8e
74
19
ee
87
63
8e
97
73
00D0
6b
0c
af
a2
99
8f
a4
51
98
cd
15
a0
af
97
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
¦
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
é
.
0040
.
.
.
Í
P
.
.
.
á
.
.
.
.
.
.
.
0050
.
.
.
.
.
.
.
.
.
9
.
T
Ü
Ù
â
X
0060
p
[
9
y
k
×
.
µ
.
.
.
Ñ
.
Ø
'
ç
0070
G
'
ë
.
å
U
.
7
.
à
.
%
.
.
A
B
0080
.
.
\
4
0
.
&
.
£
.
.
·
Ú
î
v
é
0090
Á
ñ
.
§
T
;
j
.
A
´
k
¦
¿
D
Õ
.
00A0
I
¬
}
z
.
L
x
¯
ë
p
æ
.
¯
3
A
00B0
Í
J
À
)
M
.
¢
.
.
Q
h
Þ
.
.
÷
í
00C0
1
.
b
.
1
o
.
.
t
.
î
.
c
.
.
s
00D0
k
.
¯
¢
.
.
¤
Q
.
Í
.
.
¯
.
- Frame 45: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 166
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5386, Ack: 1654, Len: 146
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 146
- Sequence number: 5386 (relative sequence number)
- Acknowledgment number: 1654 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xe10d [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 141
- Encrypted Application Data: 0000000000000008391354dcd9e258705b39796bd791b59a...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
37
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8e
cd
0040
ca
c5
e9
ac
50
00
01
67
8e
32
00
00
17
03
03
00
0050
1e
00
00
00
00
00
00
00
09
bb
7e
e8
29
5b
c5
b6
0060
15
dc
15
ac
08
3d
9a
db
d3
47
38
6a
0c
a1
df
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
7
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
Í
0040
Ê
Å
é
¬
P
.
.
g
.
2
.
.
.
.
.
.
0050
.
.
.
.
.
.
.
.
.
»
~
è
)
[
Å
¶
0060
.
Ü
.
¬
.
=
.
Û
Ó
G
8
j
.
¡
ß
- Frame 46: 111 bytes on wire (888 bits), 111 bytes captured (888 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 55
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1654, Ack: 5532, Len: 35
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 35
- Sequence number: 1654 (relative sequence number)
- Acknowledgment number: 5532 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x8e32 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 30
- Encrypted Application Data: 0000000000000009bb7ee8295bc5b615dc15ac083d9adbd3...
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
61
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e9
ac
0040
84
ad
8e
f0
50
00
80
00
a8
bb
00
00
17
03
03
00
0050
48
00
00
00
00
00
00
00
09
4c
45
3e
bc
f4
16
ad
0060
68
4a
48
d2
d4
8e
4c
e9
39
68
54
9e
7f
2b
8b
56
0070
28
3d
13
2f
d1
fa
9d
02
19
38
c6
a1
97
ec
31
8d
0080
d9
cb
da
c7
e2
15
ad
43
81
01
4c
15
8a
8f
af
39
0090
66
6f
d7
3b
12
7c
7f
3e
7f
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
a
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
é
¬
0040
.
.
.
ð
P
.
.
.
¨
»
.
.
.
.
.
.
0050
H
.
.
.
.
.
.
.
.
L
E
>
¼
ô
.
.
0060
h
J
H
Ò
Ô
.
L
é
9
h
T
.
.
+
.
V
0070
(
=
.
/
Ñ
ú
.
.
.
8
Æ
¡
.
ì
1
.
0080
Ù
Ë
Ú
Ç
â
.
.
C
.
.
L
.
.
.
¯
9
0090
f
o
×
;
.
|
.
>
.
- Frame 47: 153 bytes on wire (1224 bits), 153 bytes captured (1224 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 97
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5532, Ack: 1689, Len: 77
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 77
- Sequence number: 5532 (relative sequence number)
- Acknowledgment number: 1689 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xa8bb [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
- Content Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 72
- Encrypted Application Data: 00000000000000094c453ebcf416ad684a48d2d48e4ce939...
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
33
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8e
f0
0040
ca
c5
e9
f9
50
00
01
67
24
c6
00
00
15
03
03
00
0050
1a
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
3
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
ð
0040
Ê
Å
é
ù
P
.
.
g
$
Æ
.
.
.
.
.
.
0050
.
- Frame 48: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 51
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1689, Ack: 5609, Len: 31
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 31
- Sequence number: 1689 (relative sequence number)
- Acknowledgment number: 5609 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x24c6 [unverified]
- Urgent pointer: 0
- Secure Sockets Layer
- TLSv1.2 Record Layer: Encrypted Alert
- Content Type: Alert (21)
- Version: TLS 1.2 (0x0303)
- Length: 26
- Alert Message: Encrypted Alert
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
0b
98
73
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8f
0f
0040
ca
c5
e9
f9
50
00
01
67
03
7b
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
s
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
é
ù
P
.
.
g
.
{
.
.
- Frame 49: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1720, Ack: 5609, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1720 (relative sequence number)
- Acknowledgment number: 5609 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x037b [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
14
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e9
f9
0040
84
ad
8f
10
50
00
80
00
84
e1
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
.
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
é
ù
0040
.
.
.
.
P
.
.
.
.
á
.
.
- Frame 50: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5609, Ack: 1721, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5609 (relative sequence number)
- Acknowledgment number: 1721 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x84e1 [unverified]
- Urgent pointer: 0
0000
00
00
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
00
00
00
00
14
06
73
26
03
10
26
02
07
00
14
0020
00
00
00
00
00
00
00
02
20
01
06
a8
30
81
a0
01
0030
01
30
01
04
02
40
02
30
02
4b
aa
14
ca
c5
e9
f9
0040
84
ad
8f
10
50
00
80
00
84
e0
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
.
.
.
.
.
s
&
.
.
&
.
.
.
.
0020
.
.
.
.
.
.
.
.
.
.
¨
0
.
.
.
0030
.
0
.
.
.
@
.
0
.
K
ª
.
Ê
Å
é
ù
0040
.
.
.
.
P
.
.
.
.
à
.
.
- Frame 51: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
- Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5609, Ack: 1721, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5609 (relative sequence number)
- Acknowledgment number: 1721 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x84e0 [unverified]
- Urgent pointer: 0
0000
00
04
ff
fe
00
00
00
00
00
00
00
00
00
00
86
dd
0010
60
09
2f
e2
00
14
06
40
20
01
06
a8
30
81
a0
01
0020
01
30
01
04
02
40
02
30
26
03
10
26
02
07
00
14
0030
00
00
00
00
00
00
00
02
aa
14
02
4b
84
ad
8f
10
0040
ca
c5
e9
fa
50
00
01
67
03
7a
00
00
0000
.
.
ÿ
þ
.
.
.
.
.
.
.
.
.
.
.
Ý
0010
`
.
/
â
.
.
.
@
.
.
¨
0
.
.
.
0020
.
0
.
.
.
@
.
0
&
.
.
&
.
.
.
.
0030
.
.
.
.
.
.
.
.
ª
.
.
K
.
.
.
.
0040
Ê
Å
é
ú
P
.
.
g
.
z
.
.
- Frame 52: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
- Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
- Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
- .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
- .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1001 0010 1111 1110 0010 = Flow Label: 0x92fe2
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
- Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1721, Ack: 5610, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1721 (relative sequence number)
- Acknowledgment number: 5610 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x037a [unverified]
- Urgent pointer: 0