SMTP over TLS

Paste this command into your terminal:

The password to connect is

Question 1: The SMTP server

What is the name of the SMTP server ?

Question 2: Version of TLS

What is the version of the TLS protocol used for this session ?

TLS 1.2

TLS 1.3

TLS 1.0

Question 3: Latency

How many messages are sent by the client before transmitting its first encrypted record ?

Question 4: A simple SMTP over TLS trace

The SMTP protocol was originally used directly above TCP. All emails were sent in clear text between SMTP servers. Today, most SMTP servers run SMTP over TLS over TCP. The attached trace provides a sample connection.

#	Length	Summary
0	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 0, Len: 0`
1	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 0, Ack: 1, Len: 0`
2	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 1, Len: 0`
3	189 bytes	`Simple Mail Transfer Protocol`
4	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 114, Len: 0`
5	124 bytes	`Simple Mail Transfer Protocol`
6	304 bytes	`Simple Mail Transfer Protocol`
7	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 114, Ack: 49, Len: 228`
8	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 49, Ack: 342, Len: 0`
9	86 bytes	`Simple Mail Transfer Protocol`
10	105 bytes	`Simple Mail Transfer Protocol`
11	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 59, Ack: 371, Len: 0`
12	593 bytes	`Secure Sockets Layer`
13	76 bytes	`Secure Sockets Layer`
14	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 1591, Len: 0`
15	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 371, Ack: 576, Len: 1220`
16	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 1591, Len: 0`
17	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 1591, Ack: 576, Len: 1220`
18	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 2811, Len: 0`
19	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 2811, Ack: 576, Len: 1220`
20	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4031, Len: 0`
21	4203 bytes	`Secure Sockets Layer`
22	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4730, Len: 0`
23	168 bytes	`Secure Sockets Layer`
24	153 bytes	`Secure Sockets Layer`
25	87 bytes	`Secure Sockets Layer`
26	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 4781, Len: 0`
27	343 bytes	`Secure Sockets Layer`
28	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 5048, Len: 0`
29	117 bytes	`Secure Sockets Layer`
30	123 bytes	`Secure Sockets Layer`
31	151 bytes	`Secure Sockets Layer`
32	123 bytes	`Secure Sockets Layer`
33	123 bytes	`Secure Sockets Layer`
34	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5142, Ack: 949, Len: 0`
35	142 bytes	`Secure Sockets Layer`
36	174 bytes	`Secure Sockets Layer`
37	126 bytes	`Secure Sockets Layer`
38	149 bytes	`Secure Sockets Layer`
39	129 bytes	`Secure Sockets Layer`
40	111 bytes	`Secure Sockets Layer`
41	151 bytes	`Secure Sockets Layer`
42	575 bytes	`Secure Sockets Layer`
43	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5386, Ack: 1654, Len: 0`
44	222 bytes	`Secure Sockets Layer`
45	111 bytes	`Secure Sockets Layer`
46	153 bytes	`Secure Sockets Layer`
47	81 bytes	`Secure Sockets Layer`
48	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1720, Ack: 5609, Len: 0`
49	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5609, Ack: 1721, Len: 0`
50	76 bytes	`Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5609, Ack: 1721, Len: 0`
51	76 bytes	`Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1721, Ack: 5610, Len: 0`

0000  0004fffe00000000  00000000000086dd
0010  600b987300280640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8857
0040  00000000a0007080  9ad50000

0000  ..ÿþ...........Ý
0010  `..s.(.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...W
0040  ......p..Õ..

Frame 1: 96 bytes on wire (768 bits), 96 bytes captured (768 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 40
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 0, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 0 (relative sequence number)
- Acknowledgment number: 0
- 1010 .... = Header Length: 40 bytes (10)
- Window size value: 28800
- Calculated window size: 28800
- Checksum: 0x9ad5 [unverified]
- Urgent pointer: 0

0000  0000fffe00000000  00000000000086dd
0010  60000000002006f2  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5d410
0040  84ad885880001ffe  c1a40000

0000  ..ÿþ...........Ý
0010  `.... .ò&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÔ.
0040  ...X...þÁ¤..

Frame 2: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 32
- Next Header: TCP (6)
- Hop Limit: 242
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 0, Ack: 1, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 0 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Window size value: 8190
- Calculated window size: 8190
- Checksum: 0xc1a4 [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  600b987300140640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8858
0040  cac5d411500000e1  20a10000

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...X
0040  ÊÅÔ.P..á ¡..

Frame 3: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 1, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 225
- Calculated window size: 28800
- Window size scaling factor: 128
- Checksum: 0x20a1 [unverified]
- Urgent pointer: 0

0000  0000fffe00000000  00000000000086dd
0010  6000000000850673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5d411
0040  84ad885850008000  157b000032323020
0050  414d305052303130  324341303030322e
0060  6f75746c6f6f6b2e  6f66666963653336
0070  352e636f6d204d69  63726f736f667420
0080  45534d5450204d41  494c205365727669
0090  6365207265616479  206174205468752c
00A0  203331204f637420  323031392030383a
00B0  32363a3036202b30  3030300d0a

0000  ..ÿþ...........Ý
0010  `......s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÔ.
0040  ...XP....{..220
0050  AM0PR0102CA0002.
0060  outlook.office36
0070  5.com Microsoft
0080  ESMTP MAIL Servi
0090  ce ready at Thu,
00A0   31 Oct 2019 08:
00B0  26:06 +0000..

Frame 4: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 133
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 1, Ack: 1, Len: 113
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 113
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x157b [unverified]
- Urgent pointer: 0
Simple Mail Transfer Protocol
- Response: 220 AM0PR0102CA0002.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 31 Oct 2019 08:26:06 +0000\r\n
  - Response code:
    Service ready (220)
  - Response parameter: AM0PR0102CA0002.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 31 Oct 2019 08:26:06 +0000

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...X
0040  ÊÅÔ.P..á 0..

Frame 5: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 114, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 114 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 225
- Calculated window size: 28800
- Window size scaling factor: 128
- Checksum: 0x2030 [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  600b987300440640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8858
0040  cac5d482500000e1  0439000045484c4f
0050  205b495076363a32  3030313a3661383a
0060  333038313a613030  313a3133303a3130
0070  343a3234303a3233  305d0d0a

0000  ..ÿþ...........Ý
0010  `..s.D.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...X
0040  ÊÅÔ.P..á.9..EHLO
0050   [IPv6:2001:6a8:
0060  3081:a001:130:10
0070  4:240:230]..

Frame 6: 124 bytes on wire (992 bits), 124 bytes captured (992 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 68
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1, Ack: 114, Len: 48
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 48
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 114 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 225
- Calculated window size: 28800
- Window size scaling factor: 128
- Checksum: 0x0439 [unverified]
- Urgent pointer: 0
Simple Mail Transfer Protocol
- Command Line: EHLO [IPv6:2001:6a8:3081:a001:130:104:240:230]\r\n
  - Command: EHLO
  - Request parameter: [IPv6:2001:6a8:3081:a001:130:104:240:230]

0000  0000fffe00000000  00000000000086dd
0010  6000000000f80673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5d482
0040  84ad888850008000  c7ae00003235302d
0050  414d305052303130  324341303030322e
0060  6f75746c6f6f6b2e  6f66666963653336
0070  352e636f6d204865  6c6c6f205b323030
0080  313a3661383a3330  38313a613030313a
0090  3133303a3130343a  3234303a3233305d
00A0  0d0a3235302d5349  5a45203135373238
00B0  363430300d0a3235  302d504950454c49
00C0  4e494e470d0a3235  302d44534e0d0a32
00D0  35302d454e48414e  4345445354415455
00E0  53434f4445530d0a  3235302d53544152
00F0  54544c530d0a3235  302d384249544d49
0100  4d450d0a3235302d  42494e4152594d49
0110  4d450d0a3235302d  4348554e4b494e47
0120  0d0a32353020534d  5450555446380d0a

0000  ..ÿþ...........Ý
0010  `....ø.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÔ.
0040  ....P...Ç®..250-
0050  AM0PR0102CA0002.
0060  outlook.office36
0070  5.com Hello [200
0080  1:6a8:3081:a001:
0090  130:104:240:230]
00A0  ..250-SIZE 15728
00B0  6400..250-PIPELI
00C0  NING..250-DSN..2
00D0  50-ENHANCEDSTATU
00E0  SCODES..250-STAR
00F0  TTLS..250-8BITMI
0100  ME..250-BINARYMI
0110  ME..250-CHUNKING
0120  ..250 SMTPUTF8..

Frame 7: 304 bytes on wire (2432 bits), 304 bytes captured (2432 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 248
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 114, Ack: 49, Len: 228
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 228
- Sequence number: 114 (relative sequence number)
- Acknowledgment number: 49 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xc7ae [unverified]
- Urgent pointer: 0
Simple Mail Transfer Protocol
- Response: 250-AM0PR0102CA0002.outlook.office365.com Hello [2001:6a8:3081:a001:130:104:240:230]\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: AM0PR0102CA0002.outlook.office365.com Hello [2001:6a8:3081:a001:130:104:240:230]
- Response: 250-SIZE 157286400\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: SIZE 157286400
- Response: 250-PIPELINING\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: PIPELINING
- Response: 250-DSN\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: DSN
- Response: 250-ENHANCEDSTATUSCODES\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: ENHANCEDSTATUSCODES
- Response: 250-STARTTLS\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: STARTTLS
- Response: 250-8BITMIME\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: 8BITMIME
- Response: 250-BINARYMIME\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: BINARYMIME
- Response: 250-CHUNKING\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: CHUNKING
- Response: 250 SMTPUTF8\r\n
  - Response code: Requested mail action okay, completed (250)
  - Response parameter: SMTPUTF8

0000  ..ÿþ...........Ý
0010  `....ø.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÔ.
0040  ....P...Ç®..

Frame 8: 304 bytes on wire (2432 bits), 304 bytes captured (2432 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 248
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 114, Ack: 49, Len: 228
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 228
- Sequence number: 114 (relative sequence number)
- Acknowledgment number: 49 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xc7ae [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  600b987300200640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8888
0040  cac5d566800000ea  a9860000

0000  ..ÿþ...........Ý
0010  `..s. .@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅÕf...ê©...

Frame 9: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 32
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 49, Ack: 342, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 49 (relative sequence number)
- Acknowledgment number: 342 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0xa986 [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  600b9873001e0640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8888
0040  cac5d566500000ea  dca8000053544152
0050  54544c530d0a

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅÕfP..êÜ¨..STAR
0050  TTLS..

Frame 10: 86 bytes on wire (688 bits), 86 bytes captured (688 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 30
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 49, Ack: 342, Len: 10
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 10
- Sequence number: 49 (relative sequence number)
- Acknowledgment number: 342 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0xdca8 [unverified]
- Urgent pointer: 0
Simple Mail Transfer Protocol
- Command Line: STARTTLS\r\n
  - Command: STAR
  - Request parameter: TLS

0000  0000fffe00000000  00000000000086dd
0010  6000000000310673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5d566
0040  84ad889250008000  3e1e000032323020
0050  322e302e3020534d  5450207365727665
0060  722072656164790d  0a

0000  ..ÿþ...........Ý
0010  `....1.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÕf
0040  ....P...>...220
0050  2.0.0 SMTP serve
0060  r ready..

Frame 11: 105 bytes on wire (840 bits), 105 bytes captured (840 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 49
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 342, Ack: 59, Len: 29
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 29
- Sequence number: 342 (relative sequence number)
- Acknowledgment number: 59 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x3e1e [unverified]
- Urgent pointer: 0
Simple Mail Transfer Protocol
- Response: 220 2.0.0 SMTP server ready\r\n
  - Response code:
    Service ready (220)
  - Response parameter: 2.0.0 SMTP server ready

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅÕ.P..ê.ì..

Frame 12: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 59, Ack: 371, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 59 (relative sequence number)
- Acknowledgment number: 371 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0x1eec [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  600b987302190640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8892
0040  cac5d583500000ea  62db000016030102
0050  00010001fc030375  daea4a1f8a5e4c8c
0060  ecc25aa474bc05b5  2e2aefbc46116355
0070  e42cd8bd4fd6f120  cfa993ddfc86e430
0080  bca86ac468dc989d  5280aa99559bac0f
0090  6448744c09582e1f  001c130113031302
00A0  c02bc02fcca9cca8  c02cc030c013c014
00B0  002f0035000a0100  0197000000170015
00C0  000012736d74702e  6f66666963653336
00D0  352e636f6d001700  00ff01000100000a
00E0  000e000c001d0017  0018001901000101
00F0  000b000201000023  0000000500050100
0100  0000000033006b00  69001d0020b5ec69
0110  cef4b0fbdf418e4f  6bdc6b0b93eee85e
0120  839f2dc99fd19db4  c33a5bb812001700
0130  41043dcae13c6630  fa7edf31d105df89
0140  29e736c1bb6d6841  77de5abc6e1cbce7
0150  413dc7d05dd22979  8dca410c92da701a
0160  a28ca2e91f46924a  1bc163375cbf6466
0170  47b5002b0009087f  1703030302030100
0180  0d00180016040305  0306030804080508
0190  0604010501060102  030201002d000201
01A0  01001500ac000000  0000000000000000
01B0  0000000000000000  0000000000000000
01C0  0000000000000000  0000000000000000
01D0  0000000000000000  0000000000000000
01E0  0000000000000000  0000000000000000
01F0  0000000000000000  0000000000000000
0200  0000000000000000  0000000000000000
0210  0000000000000000  0000000000000000
0220  0000000000000000  0000000000000000
0230  0000000000000000  0000000000000000
0240  0000000000000000  0000000000000000
0250  00

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅÕ.P..êbÛ......
0050  ....ü..uÚêJ..^L.
0060  ìÂZ¤t¼.µ.*ï¼F.cU
0070  ä,Ø½OÖñ Ï©.Ýü.ä0
0080  ¼¨jÄhÜ..R.ª.U.¬.
0090  dHtL.X..........
00A0  À+À/Ì©Ì¨À,À0À.À.
00B0  ./.5............
00C0  ...smtp.office36
00D0  5.com....ÿ......
00E0  ................
00F0  .......#........
0100  ....3.k.i... µìi
0110  Îô°ûßA.OkÜk..îè^
0120  ..-É.Ñ.´Ã:[¸....
0130  A.=Êá<f0ú~ß1Ñ.ß.
0140  )ç6Á»mhAwÞZ¼n.¼ç
0150  A=ÇÐ]Ò)y.ÊA..Úp.
0160  ¢.¢é.F.J.Ác7\¿df
0170  Gµ.+............
0180  ................
0190  ............-...
01A0  ....¬...........
01B0  ................
01C0  ................
01D0  ................
01E0  ................
01F0  ................
0200  ................
0210  ................
0220  ................
0230  ................
0240  ................
0250  .

Frame 13: 593 bytes on wire (4744 bits), 593 bytes captured (4744 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 537
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 59, Ack: 371, Len: 517
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 517
- Sequence number: 59 (relative sequence number)
- Acknowledgment number: 371 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 234
- Calculated window size: 29952
- Window size scaling factor: 128
- Checksum: 0x62db [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1 Record Layer: Handshake Protocol: Client Hello
  - Content Type: Handshake (22)
  - Version: TLS 1.0 (0x0301)
  - Length: 512
  - Handshake Protocol: Client Hello
    - Handshake Type: Client Hello (1)
    - Length: 508
    - Version: TLS 1.2 (0x0303)
    - Random: 75daea4a1f8a5e4c8cecc25aa474bc05b52e2aefbc461163...
      - GMT Unix Time: Aug 28, 2032 06:44:58.000000000 CEST
      - Random Bytes: 1f8a5e4c8cecc25aa474bc05b52e2aefbc46116355e42cd8...
    - Session ID Length: 32
    - Session ID: cfa993ddfc86e430bca86ac468dc989d5280aa99559bac0f...
    - Cipher Suites Length: 28
    - Cipher Suites (14 suites)
      - Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
      - Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
      - Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
      - Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
      - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
      - Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
      - Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
      - Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
      - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
      - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
      - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
      - Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
      - Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
      - Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
    - Compression Methods Length: 1
    - Compression Methods (1 method)
      - Compression Method: null (0)
    - Extensions Length: 407
    - Extension: server_name (len=23)
      - Type: server_name (0)
      - Length: 23
      - Server Name Indication extension
        Server Name list length: 21
        Server Name Type: host_name (0)
        Server Name length: 18
        Server Name: smtp.office365.com
    - Extension: extended_master_secret (len=0)
      - Type: extended_master_secret (23)
      - Length: 0
    - Extension: renegotiation_info (len=1)
      - Type: renegotiation_info (65281)
      - Length: 1
      - Renegotiation Info extension
        Renegotiation info extension length: 0
    - Extension: supported_groups (len=14)
      - Type: supported_groups (10)
      - Length: 14
      - Supported Groups List Length: 12
      - Supported Groups (6 groups)
        Supported Group: x25519 (0x001d)
        Supported Group: secp256r1 (0x0017)
        Supported Group: secp384r1 (0x0018)
        Supported Group: secp521r1 (0x0019)
        Supported Group: ffdhe2048 (0x0100)
        Supported Group: ffdhe3072 (0x0101)
    - Extension: ec_point_formats (len=2)
      - Type: ec_point_formats (11)
      - Length: 2
      - EC point formats Length: 1
      - Elliptic curves point formats (1)
        EC point format: uncompressed (0)
    - Extension: SessionTicket TLS (len=0)
      - Type: SessionTicket TLS (35)
      - Length: 0
    - Extension: status_request (len=5)
      - Type: status_request (5)
      - Length: 5
      - Certificate Status Type: OCSP (1)
      - Responder ID list Length: 0
      - Request Extensions Length: 0
    - Extension: key_share (len=107)
      - Type: key_share (51)
      - Length: 107
      - Key Share extension
        Client Key Share Length: 105
        Key Share Entry: Group: x25519, Key Exchange length: 32
        Group: x25519 (29)
        Key Exchange Length: 32
        Key Exchange: b5ec69cef4b0fbdf418e4f6bdc6b0b93eee85e839f2dc99f...
        Key Share Entry: Group: secp256r1, Key Exchange length: 65
        Group: secp256r1 (23)
        Key Exchange Length: 65
        Key Exchange: 043dcae13c6630fa7edf31d105df8929e736c1bb6d684177...
    - Extension: supported_versions (len=9)
      - Type: supported_versions (43)
      - Length: 9
      - Supported Versions length: 8
      - Supported Version: TLS 1.3 (draft 23) (0x7f17)
      - Supported Version: TLS 1.2 (0x0303)
      - Supported Version: TLS 1.1 (0x0302)
      - Supported Version: TLS 1.0 (0x0301)
    - Extension: signature_algorithms (len=24)
      - Type: signature_algorithms (13)
      - Length: 24
      - Signature Hash Algorithms Length: 22
      - Signature Hash Algorithms (11 algorithms)
        Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
        Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
        Signature Hash Algorithm Hash: SHA384 (5)
        Signature Hash Algorithm Signature: ECDSA (3)
        Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
        Signature Hash Algorithm Hash: SHA512 (6)
        Signature Hash Algorithm Signature: ECDSA (3)
        Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
        Signature Hash Algorithm Hash: Unknown (8)
        Signature Hash Algorithm Signature: Unknown (4)
        Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
        Signature Hash Algorithm Hash: Unknown (8)
        Signature Hash Algorithm Signature: Unknown (5)
        Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
        Signature Hash Algorithm Hash: Unknown (8)
        Signature Hash Algorithm Signature: Unknown (6)
        Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: RSA (1)
        Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
        Signature Hash Algorithm Hash: SHA384 (5)
        Signature Hash Algorithm Signature: RSA (1)
        Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
        Signature Hash Algorithm Hash: SHA512 (6)
        Signature Hash Algorithm Signature: RSA (1)
        Signature Algorithm: ecdsa_sha1 (0x0203)
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: ECDSA (3)
        Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: RSA (1)
    - Extension: psk_key_exchange_modes (len=2)
      - Type: psk_key_exchange_modes (45)
      - Length: 2
      - PSK Key Exchange Modes Length: 1
      - PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
    - Extension: padding (len=172)
      - Type: padding (21)
      - Length: 172
      - Padding Data: 000000000000000000000000000000000000000000000000...

0000  0000fffe00000000  00000000000086dd
0010  6000000004d80673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5d583
0040  84ad8a9750008000  88130000

0000  ..ÿþ...........Ý
0010  `....Ø.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÕ.
0040  ....P.......

Frame 14: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 371, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 371 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x8813 [unverified]
- Urgent pointer: 0
Secure Sockets Layer

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅÚGP.......

Frame 15: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 1591, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 1591 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 256
- Calculated window size: 32768
- Window size scaling factor: 128
- Checksum: 0x180d [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `....Ø.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÕ.
0040  ....P.......

Frame 16: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 371, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 371 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x8813 [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `..s. .@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅÚG........

Frame 17: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 32
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 1591, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 1591 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Window size value: 256
- Calculated window size: 32768
- Window size scaling factor: 128
- Checksum: 0x9c9e [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `....Ø.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅÚG
0040  ....P....Ä..

Frame 18: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 1591, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 1591 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x98c4 [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅß.P....2..

Frame 19: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 2811, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 2811 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 279
- Calculated window size: 35712
- Window size scaling factor: 128
- Checksum: 0x1332 [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `....Ø.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅß.
0040  ....P...Q4..

Frame 20: 1296 bytes on wire (10368 bits), 1296 bytes captured (10368 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 1240
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 2811, Ack: 576, Len: 1220
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 1220
- Sequence number: 2811 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x5134 [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅãÏP..-.X..

Frame 21: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4031, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 4031 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 301
- Calculated window size: 38528
- Window size scaling factor: 128
- Checksum: 0x0e58 [unverified]
- Urgent pointer: 0

0000  1603031102020000  5503035dba9a9ff6
0010  839ad974d9dbc076  e2f47e45f8e08625
0020  36fa90e7c5c9dc67  94694e20cd020000
0030  bbdc7a2c26351001  1d4ad8b65b735f26
0040  6ac1688ece551384  8165d196c0300000
0050  0d00050000001700  00ff010001000b00
0060  0d57000d540008b8  308208b4300d0609
0070  2a864886020d0109  2569d941330e7435
0080  5ccace4dbfc4ca3d  b7d52c2a864886f7
0090  0d01010b7c46304b  310b311530135504
00A0  06040a5553446944  69676955040a130c
00B0  4469676943657274  20496e6365734292
00C0  7732550403131c44  6967694365727420
00D0  436c6f7564205365  7276696365732043
00E0  412d31776b170d31  3930343131303030
00F0  3030305a170d3231  3034313131323030
0100  30305a306a310b31  1330115504060408
0110  555357615265646d  550408130a576173
0120  68696e67746f6e69  636f6e3114550407
0130  13075265646d6f6e  646c6f55040a1315
0140  4d6963724d696372  6f736f667420436f
0150  72706f726174696f  6e3012550403130b
0160  6f75746c6f75746c  6f6f6b2e636f6d2a
0170  864886f70d010101  3082010a02820101
0180  0097643d36616579  5f5a6e9a493bb500
0190  97643d366165795f  5a6e9a493bb59755
01A0  5125f28c3337679d  1ee7e00c7124e73c
01B0  5653441037f95770  294d365fc449af88
01C0  ea504b76dff32ddf  a634c37e3598baa1
01D0  8632305b3eda7cb4  49fbe1ecc3ce228f
01E0  2f93075af402ea18  69355eb307295f80
01F0  352e5e6a392fcc6a  4d1f2228943d2d59
0200  2ec7c9c3ba79a318  ae757d5aed8f4986
0210  b61964cae6b87860  52d9cbc7b6ffd01c
0220  b75208b0c1c8a9de  a548679fe8394e63
0230  f9b6ce4712fba4e1  fead0612f1626b9b
0240  420c3d007509f723  4afbc349f65a69e7
0250  4f0efe3f02c8238f  f47a7e7183a3d2f9
0260  54f4740a21eb2336  5822daec7f1c2e7e
0270  cf2db4d4e25cc711  d250f8d77ab58d3c
0280  2214c1da383d2c74  ba160f0bc644c889
0290  010001301f060355  1d2304183014e98d
02A0  0f551d23d8af0730  8202dd51d0a23173
02B0  a973ae8fb4017e5d  8c57cb9ff0f76f6d
02C0  820d551d0e696365  33e98d0f1bfe31d8
02D0  afffb8ffd0a4a89d  a72a201ff5436572
02E0  74436c551d115365  7276696365738216
02F0  2a2e696e7465726e  616c2e6f75746c6f
0300  6f6b2e636f6d820d  2a2e6f75746c6f6f
0310  6b2e636f6d820b6f  75746c6f6f6b2e63
0320  6f6d820d6f666669  63653336352e636f
0330  6d820f2a2e6f6666  6963653336352e63
0340  6f6d82172a2e6f75  746c6f6f6b2e6f66
0350  666963653336352e  636f6d820c2a2e6f
0360  66666963652e636f  6d82126f75746c6f
0370  6f6b2e6f66666963  652e636f6d821473
0380  7562737472617465  2e6f66666963652e
0390  636f6d821b617474  6163686d656e742e
03A0  6f75746c6f6f6b2e  6c6976652e6e6574
03B0  821d617474616368  6d656e742e6f7574
03C0  6c6f6f6b2e6f6666  6963652e6e657482
03D0  206174746163686d  656e742e6f75746c
03E0  6f6f6b2e6f666669  63657070652e6e65
03F0  7482166174746163  686d656e74732e6f
0400  66666963652e6e65  7482162a2e636c6f
0410  2e666f6f74707269  6e74646e732e636f
0420  6d82162a2e6e7262  2e666f6f74707269
0430  6e74646e732e636f  6d821d6363732e6c
0440  6f67696e2e6d6963  726f736f66746f6e
0450  6c696e652e636f6d  82216363732d7364
0460  662e6c6f67696e2e  6d6963726f736f66
0470  746f6e6c696e652e  636f6d8218737562
0480  7374726174652d73  64662e6f66666963
0490  652e636f6d821a61  74746163686d656e
04A0  74732d7364662e6f  66666963652e6e65
04B0  74820a2a2e6c6976  652e636f6d82166d
04C0  61696c2e73657276  696365732e6c6976
04D0  652e636f6d820b68  6f746d61696c2e63
04E0  6f6d820d2a2e686f  746d61696c2e636f
04F0  6d2a0b66d3551d0f  e974ff8d7d6f5005
0500  a0c0dae682551d25  31b53fd306082b06
0510  0105050703010608  2b06010505070302
0520  551d1f303fa03da0  3b8639687474703a
0530  2f2f637286396874  74703a2f2f63726c
0540  332e646967696365  72742e636f6d2f44
0550  6967694365727443  6c6f756453657276
0560  6963657343412d31  2d67312e63726c86
0570  3968747470863968  7474703a2f2f6372
0580  6c342e6469676963  6572742e636f6d2f
0590  4469676943657274  436c6f7564536572
05A0  766963657343412d  312d67312e63726c
05B0  551d203037060960  8648010202608648
05C0  0186fd6c01013028  06082b0601050507
05D0  020168747470733a  2f2f7777772e6469
05E0  6769636572742e63  6f6d2f4350536781
05F0  0c0102022b060105  0507010130250608
0600  2b06010505073001  8619687474703a2f
0610  2f632b0601050507  3001696768747470
0620  3a2f2f6f63737078  2e64696769636572
0630  742e636f6d2b0601  0505073002687474
0640  703a2f687474703a  2f2f636163657274
0650  732e646967696365  72742e636f6d2f44
0660  6967694365727443  6c6f756453657276
0670  6963657343412d31  2e637274551d13ff
0680  2b06010401d67902  04020168007600bb
0690  d9dfbc1f8a71b593  942397aa927b4738
06A0  57950aab007600bb  d9dfbc1f8a71b593
06B0  942397aa927b4738  57950aab52e81a90
06C0  9664368e1ed18500  00016a0ec30c3d00
06D0  0004030047304502  2100aa97825bde05
06E0  b3bec5fb643e2727  cd77fa79f4415be4
06F0  9e2291c2c015d224  5bec0220580b3541
0700  4bed553250e56adb  80387ef727ccc315
0710  5cb3172497c9e06d  fb49429c00760087
0720  75bfe7597cf88c43  995fbdf36eff568d
0730  475636ff4ab560c1  b4eaff5ea0830f00
0740  00016a0ec30d4b00  0004030047304502
0750  2066b187e5be6129  1bb4e32d1cf5aa1c
0760  f4ca613b65d208f7  50235fd7001791ef
0770  280221008e20a62a  0b66d3fbf470e974
0780  c28d7d6f50ef92e5  2cfcb0823c1bde25
0790  de6e552a00760044  94652eb0eeceafc4
07A0  4007d8a8fe28c0da  e682bed8cb31b53f
07B0  d33396b5b681a800  00016a0ec30bc200
07C0  0004030047304502  210082d38095e403
07D0  ba33b3cd5192cc07  1c9bd16dd8004292
07E0  62c67cdf56821957  e43d02200c873abb
07F0  3a94c62a37a1ff65  bafcbfdca811622f
0800  e907577cd285be96  742aebcd2a864886
0810  f70d01010b0045c8  8b77814a7fc3627a
0820  c8e742238d22cfb1  4bc4805a3db7d52c
0830  ac63004e60164b89  ed7c46fb1ff307b3
0840  9faa9d7fa4c77924  9050c66c7286ae87
0850  82118dd6221a5c8b  a388aa27fddd67c5
0860  a22b4da7f8d07c47  d241f9152312c140
0870  27e8e92473bb75dc  e0eb1446b38cf1e3
0880  a0337c2b7fe2417b  f7bb37c8a362ae9b
0890  86f8e0d51d98e019  1fa4b3caf5f6e15b
08A0  859327c0ee0ccd8c  42927732fb55a242
08B0  4597a0a7ec426b72  0f02b597f1e3f63b
08C0  33e4c0991cb96d92  d75ce7f56ee2603c
08D0  e07ebd5426015d6c  373c9a083cca0dae
08E0  61fce83936209584  4ad48eb15d776b69
08F0  e8be1e658969093e  500962838f812de9
0900  63e13892bbf954e7  06b411e037eefb29
0910  d3bcf84479c50004  9630820492308203
0920  7aa0030201020201  010b050003820102
0930  0008019ec1c6bd3f  597bb20c3338e551
0940  d8777146055e2a86  4886f70d01010b76
0950  0b3061310b311530  13550406040a5553
0960  44697777772e5504  0a130c4469676943
0970  65727420496e6303  554341ce5355040b
0980  13107777772e6469  6769636572742e63
0990  6f6d5ca59e0b8485  5504031317446967
09A0  694365727420476c  6f62616c20526f6f
09B0  74204341170d3135  3135303830343132
09C0  303030305a170d33  3030383034313230
09D0  3030305a304b310b  3115301355040604
09E0  0a55534469446967  6955040a130c4469
09F0  6769436572742049  6e63657355040313
0A00  1c44696769446967  694365727420436c
0A10  6f75642053657276  696365732043412d
0A20  312a864886f70d01  01013082010a0282
0A30  010100d1adf68714  79542757c72f0568
0A40  3c00d1adf6871479  542757c72f05683c
0A50  9b3ccd67ec45102c  84f2a447c4d95342
0A60  4509bbe4fe33c1d7  bc462fd18be6b7b5
0A70  67787c6a70befdb8  e5b654cf4c5eacb8
0A80  22747355290873c8  64f7d095090e7983
0A90  50bf5ff5d4cc9b42  618e8004b941aace
0AA0  4e12999bacd6c5be  5b0273b516a4ab71
0AB0  62d498ea403985a6  f6bb2fe8e787c28b
0AC0  f69c32cdecf83ebf  89e77423824bdaea
0AD0  bf73a6253cfdbfa9  e568fff830a260c7
0AE0  3b2ea3f3c57f3b3b  fd0f31a17c740fd0
0AF0  bf14c4bd68f1a5e7  6ba7df9b007e4625
0B00  4ee6e813f3f606c7  d46f0b2720425d61
0B10  bc3f60d27c9672c9  7cb08bfff9480553
0B20  04fa22afb7cd515d  6ddd907403f0334f
0B30  f4c7c03e564647af  73208bdc7a3ea3f2
0B40  5dff010001301206  03551d130101ff04
0B50  040302551d133406  ff2b0630263024ff
0B60  082b006373702e55  1d0f6963ff72742e
0B70  6301866f62616c2b  0601050507010172
0B80  6c303774476c6f2b  0601050507300141
0B90  2e687474703a2f2f  6f6373702e646967
0BA0  69636572742e636f  6d551d1f3037a035
0BB0  a033863168747470  3a2f863168747470
0BC0  3a2f2f63726c342e  6469676963657274
0BD0  2e636f6d2f446967  6943657274476c6f
0BE0  62616c526f6f7443  412e63726c863168
0BF0  7474708631687474  703a2f2f63726c33
0C00  2e64696769636572  742e636f6d2f4469
0C10  676943657274476c  6f62616c526f6f74
0C20  43412e63726c551d  2030320604551d20
0C30  00551d2000302806  082b062b06010505
0C40  0702016874747073  3a2f2f7777772e64
0C50  696769636572742e  636f6d2f43505355
0C60  1d0edd51d0a23173  a973ae8fb4017e5d
0C70  8c57cb9ff0f7551d  2303de503556d14c
0C80  bb66f0a3e21b1bc3  97b23dd1552a8648
0C90  86f70d01010b0008  29c4c8a6feb43828
0CA0  f7a319678cea053b  0e4b4062621e3c14
0CB0  c605dc36a74f3271  46055e801d5c6bf0
0CC0  6d6dd921760bbd46  c4b966974dff8014
0CD0  7a876984b2d6ffc9  1670bea3cc8b21ad
0CE0  ee5c8d24adc28f99  e0cc9e8a0903b80f
0CF0  9ab55b902b2af7d7  a52f4a65a8c4e4c5
0D00  c771a996464fab6d  4b2a16cbf1a93bf6
0D10  1f2139b4ebad6004  829b12bfdeabd246
0D20  1d0c0d3b7602f90b  d5ce5385427b294d
0D30  46d18bcd64ec2116  4f2f014358d165ed
0D40  5ca5fb44a0d250e8  de66c4b6319e8733
0D50  03b0c9c64b12e75b  3594d946ce31ebbf
0D60  b8f69e0b84858222  56c4238454e75233
0D70  0c25cb1aec44550f  639672b3cd195e7e
0D80  0e2785d5a4eab0e2  a5dc06292590e8ce
0D90  2ce9e9d07cefce16  0001db010001d70c
0DA0  0001490300174104  638a7943f1705fdf
0DB0  d50473fa016e03b2  72d892dada96cf51
0DC0  cece962410ac14b8  e42e02be7b0087fe
0DD0  e716910aeafa7a7a  941d0eff7234223b
0DE0  2a42b423f61dc98f  0401010016fbec08
0DF0  56903a62a6dea5ac  04de8e094b0f527d
0E00  a3857b0cd4a8abb6  b99b2522788ca13f
0E10  9ddd13d20de55e6c  587bfab0b0de1b8f
0E20  269caedf5b80e82b  df87965935f31f77
0E30  17da03a19b174b52  b4f9bc745618169d
0E40  053610a78dc198d1  67622fcc02919bdc
0E50  60b81c32457fb4a7  2f9f2603e31c682a
0E60  7d9463722794004a  26d4c64376a47937
0E70  fd9f0640e79826d8  1559a862915d0f2a
0E80  b3eab33d6b964c6d  0de8052d78bbe9e3
0E90  2b3759645d301afd  bc1f6d37bbf6ee5c
0EA0  d013164778b33a84  bc8b26b7c6886ad9
0EB0  adfce0d44a230015  35df904856e205e4
0EC0  dcc7be9b00a2f8c2  013a461157c97464
0ED0  9f9d0eec51926660  bc60d474a2b983a1
0EE0  d5d62e410f938241  a9573f4b03001741
0EF0  04638a7943f1705f  dfd50473fa016e03
0F00  b272d892dada96cf  51cece962410ac14
0F10  b8e42e02be7b0087  fee716910aeafa7a
0F20  7a941d0eff723422  3b2a42b423f61dc9
0F30  8f04010401010016  fbec0856903a62a6
0F40  dea5ac04de8e094b  0f527da3857b0cd4
0F50  a8abb6b99b252278  8ca13f9ddd13d20d
0F60  e55e6c587bfab0b0  de1b8f269caedf5b
0F70  80e82bdf87965935  f31f7717da03a19b
0F80  174b52b4f9bc7456  18169d053610a78d
0F90  c198d167622fcc02  919bdc60b81c3245
0FA0  7fb4a72f9f2603e3  1c682a7d94637227
0FB0  94004a26d4c64376  a47937fd9f0640e7
0FC0  9826d81559a86291  5d0f2ab3eab33d6b
0FD0  964c6d0de8052d78  bbe9e32b3759645d
0FE0  301afdbc1f6d37bb  f6ee5cd013164778
0FF0  b33a84bc8b26b7c6  886ad9adfce0d44a
1000  23001535df904856  e205e4dcc7be9b00
1010  a2f8c2013a461157  c974649f9d0eec51
1020  926660bc60d474a2  b983a1d5d62e410f
1030  938241a9573f4b0d  00001a0301024000
1040  1204010401050105  0102010201040304
1050  0305030503020302  0302020202060106
1060  010603060300000e  000000

0000  ........U..]º..ö
0010  ..ÙtÙÛÀvâô~Eøà.%
0020  6ú.çÅÉÜg.iN Í...
0030  »Üz,&5...JØ¶[s_&
0040  jÁh.ÎU...eÑ.À0..
0050  .........ÿ......
0060  .W..T..¸0..´0...
0070  *.H.....%iÙA3.t5
0080  \ÊÎM¿ÄÊ=·Õ,*.H.÷
0090  ....|F0K1.1.0.U.
00A0  ...USDiDigiU....
00B0  DigiCert IncesB.
00C0  w2U....DigiCert
00D0  Cloud Services C
00E0  A-1wk..190411000
00F0  000Z..2104111200
0100  00Z0j1.1.0.U....
0110  USWaRedmU....Was
0120  hingtonicon1.U..
0130  ..RedmondloU....
0140  MicrMicrosoft Co
0150  rporation0.U....
0160  outloutlook.com*
0170  .H.÷....0.......
0180  ..d=6aey_Zn.I;µ.
0190  .d=6aey_Zn.I;µ.U
01A0  Q%ò.37g..çà.q$ç<
01B0  VSD.7ùWp)M6_ÄI¯.
01C0  êPKvßó-ß¦4Ã~5.º¡
01D0  .20[>Ú|´IûáìÃÎ".
01E0  /..Zô.ê.i5^³.)_.
01F0  5.^j9/ÌjM."(.=-Y
0200  .ÇÉÃºy£.®u}Zí.I.
0210  ¶.dÊæ¸x`RÙËÇ¶ÿÐ.
0220  ·R.°ÁÈ©Þ¥Hg.è9Nc
0230  ù¶ÎG.û¤áþ...ñbk.
0240  B.=.u.÷#JûÃIöZiç
0250  O.þ?.È#.ôz~q.£Òù
0260  Tôt.!ë#6X"Úì...~
0270  Ï-´Ôâ\Ç.ÒPø×zµ.<
0280  ".ÁÚ8=,tº...ÆDÈ.
0290  ...0...U.#..0.é.
02A0  .U.#Ø¯.0..ÝQÐ¢1s
02B0  ©s®.´.~].WË.ð÷om
02C0  ..U..ice3é...þ1Ø
02D0  ¯ÿ¸ÿÐ¤¨.§* .õCer
02E0  tClU..Services..
02F0  *.internal.outlo
0300  ok.com..*.outloo
0310  k.com..outlook.c
0320  om..office365.co
0330  m..*.office365.c
0340  om..*.outlook.of
0350  fice365.com..*.o
0360  ffice.com..outlo
0370  ok.office.com..s
0380  ubstrate.office.
0390  com..attachment.
03A0  outlook.live.net
03B0  ..attachment.out
03C0  look.office.net.
03D0   attachment.outl
03E0  ook.officeppe.ne
03F0  t..attachments.o
0400  ffice.net..*.clo
0410  .footprintdns.co
0420  m..*.nrb.footpri
0430  ntdns.com..ccs.l
0440  ogin.microsofton
0450  line.com.!ccs-sd
0460  f.login.microsof
0470  tonline.com..sub
0480  strate-sdf.offic
0490  e.com..attachmen
04A0  ts-sdf.office.ne
04B0  t..*.live.com..m
04C0  ail.services.liv
04D0  e.com..hotmail.c
04E0  om..*.hotmail.co
04F0  m*.fÓU..étÿ.}oP.
0500  .ÀÚæ.U.%1µ?Ó..+.
0510  ........+.......
0520  U..0?.=.;.9http:
0530  //cr.9http://crl
0540  3.digicert.com/D
0550  igiCertCloudServ
0560  icesCA-1-g1.crl.
0570  9http.9http://cr
0580  l4.digicert.com/
0590  DigiCertCloudSer
05A0  vicesCA-1-g1.crl
05B0  U. 07..`.H...`.H
05C0  ..ýl..0(..+.....
05D0  ..https://www.di
05E0  gicert.com/CPSg.
05F0  ....+.......0%..
0600  +.....0...http:/
0610  /c+.....0.ighttp
0620  ://ocspx.digicer
0630  t.com+.....0.htt
0640  p:/http://cacert
0650  s.digicert.com/D
0660  igiCertCloudServ
0670  icesCA-1.crtU..ÿ
0680  +....Öy....h.v.»
0690  Ùß¼..qµ..#.ª.{G8
06A0  W..«.v.»Ùß¼..qµ.
06B0  .#.ª.{G8W..«Rè..
06C0  .d6..Ñ....j.Ã.=.
06D0  ....G0E.!.ª..[Þ.
06E0  ³¾Åûd>''ÍwúyôA[ä
06F0  .".ÂÀ.Ò$[ì. X.5A
0700  KíU2PåjÛ.8~÷'ÌÃ.
0710  \³.$.ÉàmûIB..v..
0720  u¿çY|ø.C._½ónÿV.
0730  GV6ÿJµ`Á´êÿ^....
0740  ..j.Ã.K.....G0E.
0750   f±.å¾a).´ã-.õª.
0760  ôÊa;eÒ.÷P#_×...ï
0770  (.!.. ¦*.fÓûôpét
0780  Â.}oPï.å,ü°.<.Þ%
0790  ÞnU*.v.D.e.°îÎ¯Ä
07A0  @.Ø¨þ(ÀÚæ.¾ØË1µ?
07B0  Ó3.µ¶.¨...j.Ã.Â.
07C0  ....G0E.!..Ó..ä.
07D0  º3³ÍQ.Ì...ÑmØ.B.
07E0  bÆ|ßV..Wä=. ..:»
07F0  :.Æ*7¡ÿeºü¿Ü¨.b/
0800  é.W|Ò.¾.t*ëÍ*.H.
0810  ÷.....EÈ.w.J.Ãbz
0820  ÈçB#."Ï±KÄ.Z=·Õ,
0830  ¬c.N`.K.í|Fû.ó.³
0840  .ª..¤Çy$.PÆlr.®.
0850  ...Ö".\.£.ª'ýÝgÅ
0860  ¢+M§øÐ|GÒAù.#.Á@
0870  'èé$s»uÜàë.F³.ñã
0880  .3|+.âA{÷»7È£b®.
0890  .øàÕ..à..¤³Êõöá[
08A0  ..'Àî.Í.B.w2ûU¢B
08B0  E..§ìBkr..µ.ñãö;
08C0  3äÀ..¹m.×\çõnâ`<
08D0  à~½T&.]l7<..<Ê.®
08E0  aüè96 ..JÔ.±]wki
08F0  è¾.e.i.>P.b...-é
0900  cá8.»ùTç.´.à7îû)
0910  Ó¼øDyÅ...0...0..
0920  z...............
0930  ....ÁÆ½?Y{².38åQ
0940  ØwqF.^*.H.÷....v
0950  .0a1.1.0.U....US
0960  Diwww.U....DigiC
0970  ert Inc.UCAÎSU..
0980  ..www.digicert.c
0990  om\¥....U....Dig
09A0  iCert Global Roo
09B0  t CA..1515080412
09C0  0000Z..300804120
09D0  000Z0K1.1.0.U...
09E0  .USDiDigiU....Di
09F0  giCert IncesU...
0A00  .DigiDigiCert Cl
0A10  oud Services CA-
0A20  1*.H.÷....0.....
0A30  ...Ñ.ö..yT'WÇ/.h
0A40  <.Ñ.ö..yT'WÇ/.h<
0A50  .<ÍgìE.,.ò¤GÄÙSB
0A60  E.»äþ3Á×¼F/Ñ.æ·µ
0A70  gx|jp¾ý¸å¶TÏL^¬¸
0A80  "tsU).sÈd÷Ð...y.
0A90  P¿_õÔÌ.Ba...¹AªÎ
0AA0  N...¬ÖÅ¾[.sµ.¤«q
0AB0  bÔ.ê@9.¦ö»/èç.Â.
0AC0  ö.2Íìø>¿.çt#.KÚê
0AD0  ¿s¦%<ý¿©åhÿø0¢`Ç
0AE0  ;.£óÅ.;;ý.1¡|t.Ð
0AF0  ¿.Ä½hñ¥çk§ß..~F%
0B00  Næè.óö.ÇÔo.' B]a
0B10  ¼?`Ò|.rÉ|°.ÿùH.S
0B20  .ú"¯·ÍQ]mÝ.t.ð3O
0B30  ôÇÀ>VFG¯s .Üz>£ò
0B40  ]ÿ...0...U....ÿ.
0B50  ...U..4.ÿ+.0&0$ÿ
0B60  .+.csp.U..icÿrt.
0B70  c..obal+.......r
0B80  l07tGlo+.....0.A
0B90  .http://ocsp.dig
0BA0  icert.comU..07.5
0BB0  .3.1http:/.1http
0BC0  ://crl4.digicert
0BD0  .com/DigiCertGlo
0BE0  balRootCA.crl.1h
0BF0  ttp.1http://crl3
0C00  .digicert.com/Di
0C10  giCertGlobalRoot
0C20  CA.crlU. 02..U.
0C30  .U. .0(..+.+....
0C40  ...https://www.d
0C50  igicert.com/CPSU
0C60  ..ÝQÐ¢1s©s®.´.~]
0C70  .WË.ð÷U.#.ÞP5VÑL
0C80  »fð£â..Ã.²=ÑU*.H
0C90  .÷......)ÄÈ¦þ´8(
0CA0  ÷£.g.ê.;.K@bb.<.
0CB0  Æ.Ü6§O2qF.^..\kð
0CC0  mmÙ!v.½FÄ¹f.Mÿ..
0CD0  z.i.²ÖÿÉ.p¾£Ì.!.
0CE0  î\.$.Â..àÌ....¸.
0CF0  .µ[.+*÷×¥/Je¨ÄäÅ
0D00  Çq©.FO«mK*.Ëñ©;ö
0D10  .!9´ë.`....¿Þ«ÒF
0D20  ...;v.ù.ÕÎS.B{)M
0D30  FÑ.Ídì!.O/.CXÑeí
0D40  \¥ûD.ÒPèÞfÄ¶1..3
0D50  .°ÉÆK.ç[5.ÙFÎ1ë¿
0D60  ¸ö....."VÄ#.TçR3
0D70  .%Ë.ìDU.c.r³Í.^~
0D80  .'.Õ¤ê°â¥Ü.)%.èÎ
0D90  ,ééÐ|ïÎ...Û...×.
0DA0  ..I...A.c.yCñp_ß
0DB0  Õ.sú.n.²rØ.ÚÚ.ÏQ
0DC0  ÎÎ.$.¬.¸ä..¾{..þ
0DD0  ç...êúzz...ÿr4";
0DE0  *B´#ö.É......ûì.
0DF0  V.:b¦Þ¥¬.Þ..K.R}
0E00  £.{.Ô¨«¶¹.%"x.¡?
0E10  .Ý.Ò.å^lX{ú°°Þ..
0E20  &.®ß[.è+ß..Y5ó.w
0E30  .Ú.¡..KR´ù¼tV...
0E40  .6.§.Á.Ñgb/Ì...Ü
0E50  `¸.2E.´§/.&.ã.h*
0E60  }.cr'..J&ÔÆCv¤y7
0E70  ý..@ç.&Ø.Y¨b.].*
0E80  ³ê³=k.Lm.è.-x»éã
0E90  +7Yd]0.ý¼.m7»öî\
0EA0  Ð..Gx³:.¼.&·Æ.jÙ
0EB0  .üàÔJ#..5ß.HVâ.ä
0EC0  ÜÇ¾..¢øÂ.:F.WÉtd
0ED0  ...ìQ.f`¼`Ôt¢¹.¡
0EE0  ÕÖ.A...A©W?K...A
0EF0  .c.yCñp_ßÕ.sú.n.
0F00  ²rØ.ÚÚ.ÏQÎÎ.$.¬.
0F10  ¸ä..¾{..þç...êúz
0F20  z...ÿr4";*B´#ö.É
0F30  ........ûì.V.:b¦
0F40  Þ¥¬.Þ..K.R}£.{.Ô
0F50  ¨«¶¹.%"x.¡?.Ý.Ò.
0F60  å^lX{ú°°Þ..&.®ß[
0F70  .è+ß..Y5ó.w.Ú.¡.
0F80  .KR´ù¼tV....6.§.
0F90  Á.Ñgb/Ì...Ü`¸.2E
0FA0  .´§/.&.ã.h*}.cr'
0FB0  ..J&ÔÆCv¤y7ý..@ç
0FC0  .&Ø.Y¨b.].*³ê³=k
0FD0  .Lm.è.-x»éã+7Yd]
0FE0  0.ý¼.m7»öî\Ð..Gx
0FF0  ³:.¼.&·Æ.jÙ.üàÔJ
1000  #..5ß.HVâ.äÜÇ¾..
1010  ¢øÂ.:F.WÉtd...ìQ
1020  .f`¼`Ôt¢¹.¡ÕÖ.A.
1030  ..A©W?K.......@.
1040  ................
1050  ................
1060  ...........

Frame 22: 775 bytes on wire (6200 bits), 775 bytes captured (6200 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 719
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 4031, Ack: 576, Len: 699
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 699
- Sequence number: 4031 (relative sequence number)
- Acknowledgment number: 576 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x87d3 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
  - Content Type: Handshake (22)
  - Version: TLS 1.2 (0x0303)
  - Length: 4354
  - Handshake Protocol: Server Hello
    - Handshake Type: Server Hello (2)
    - Length: 85
    - Version: TLS 1.2 (0x0303)
    - Random: 5dba9a9ff6839ad974d9dbc076e2f47e45f8e0862536fa90...
      - GMT Unix Time: Oct 31, 2019 09:26:07.000000000 CET
      - Random Bytes: f6839ad974d9dbc076e2f47e45f8e0862536fa90e7c5c9dc...
    - Session ID Length: 32
    - Session ID: cd020000bbdc7a2c263510011d4ad8b65b735f266ac1688e...
    - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    - Compression Method: null (0)
    - Extensions Length: 13
    - Extension: status_request (len=0)
      - Type: status_request (5)
      - Length: 0
    - Extension: extended_master_secret (len=0)
      - Type: extended_master_secret (23)
      - Length: 0
    - Extension: renegotiation_info (len=1)
      - Type: renegotiation_info (65281)
      - Length: 1
      - Renegotiation Info extension
        Renegotiation info extension length: 0
  - Handshake Protocol: Certificate
    - Handshake Type: Certificate (11)
    - Length: 3415
    - Certificates Length: 3412
    - Certificates (3412 bytes)
      - Certificate Length: 2232
      - Certificate: 308208b43082079ca0030201020210092569d941330e7435... (id-at-commonName=outlook.com,id-at-organizationName=Microsoft Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=US)
        signedCertificate
        version: v3 (2)
        serialNumber: 0x092569d941330e74355ccace4dbfc4ca
        signature (sha256WithRSAEncryption)
        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
        issuer: rdnSequence (0)
        rdnSequence: 3 items (id-at-commonName=DigiCert Cloud Services CA-1,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
        RDNSequence item: 1 item (id-at-countryName=US)
        RelativeDistinguishedName item (id-at-countryName=US)
        Id: 2.5.4.6 (id-at-countryName)
        CountryName: US
        RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
        RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
        Id: 2.5.4.10 (id-at-organizationName)
        DirectoryString: printableString (1)
        printableString: DigiCert Inc
        RDNSequence item: 1 item (id-at-commonName=DigiCert Cloud Services CA-1)
        RelativeDistinguishedName item (id-at-commonName=DigiCert Cloud Services CA-1)
        Id: 2.5.4.3 (id-at-commonName)
        DirectoryString: printableString (1)
        printableString: DigiCert Cloud Services CA-1
        validity
        notBefore: utcTime (0)
        utcTime: 19-04-11 00:00:00 (UTC)
        notAfter: utcTime (0)
        utcTime: 21-04-11 12:00:00 (UTC)
        subject: rdnSequence (0)
        rdnSequence: 5 items (id-at-commonName=outlook.com,id-at-organizationName=Microsoft Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=US)
        RDNSequence item: 1 item (id-at-countryName=US)
        RelativeDistinguishedName item (id-at-countryName=US)
        Id: 2.5.4.6 (id-at-countryName)
        CountryName: US
        RDNSequence item: 1 item (id-at-stateOrProvinceName=Washington)
        RelativeDistinguishedName item (id-at-stateOrProvinceName=Washington)
        Id: 2.5.4.8 (id-at-stateOrProvinceName)
        DirectoryString: printableString (1)
        printableString: Washington
        RDNSequence item: 1 item (id-at-localityName=Redmond)
        RelativeDistinguishedName item (id-at-localityName=Redmond)
        Id: 2.5.4.7 (id-at-localityName)
        DirectoryString: printableString (1)
        printableString: Redmond
        RDNSequence item: 1 item (id-at-organizationName=Microsoft Corporation)
        RelativeDistinguishedName item (id-at-organizationName=Microsoft Corporation)
        Id: 2.5.4.10 (id-at-organizationName)
        DirectoryString: printableString (1)
        printableString: Microsoft Corporation
        RDNSequence item: 1 item (id-at-commonName=outlook.com)
        RelativeDistinguishedName item (id-at-commonName=outlook.com)
        Id: 2.5.4.3 (id-at-commonName)
        DirectoryString: printableString (1)
        printableString: outlook.com
        subjectPublicKeyInfo
        algorithm (rsaEncryption)
        Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
        subjectPublicKey: 3082010a028201010097643d366165795f5a6e9a493bb597...
        modulus: 0x0097643d366165795f5a6e9a493bb597555125f28c333767...
        publicExponent: 65537
        extensions: 10 items
        Extension (id-ce-authorityKeyIdentifier)
        Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
        AuthorityKeyIdentifier
        keyIdentifier: dd51d0a23173a973ae8fb4017e5d8c57cb9ff0f7
        Extension (id-ce-subjectKeyIdentifier)
        Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
        SubjectKeyIdentifier: e98d0f1bfe31d8afffb8ffd0a4a89da72a201ff5
        Extension (id-ce-subjectAltName)
        Extension Id: 2.5.29.17 (id-ce-subjectAltName)
        GeneralNames: 23 items
        GeneralName: dNSName (2)
        dNSName: *.internal.outlook.com
        GeneralName: dNSName (2)
        dNSName: *.outlook.com
        GeneralName: dNSName (2)
        dNSName: outlook.com
        GeneralName: dNSName (2)
        dNSName: office365.com
        GeneralName: dNSName (2)
        dNSName: *.office365.com
        GeneralName: dNSName (2)
        dNSName: *.outlook.office365.com
        GeneralName: dNSName (2)
        dNSName: *.office.com
        GeneralName: dNSName (2)
        dNSName: outlook.office.com
        GeneralName: dNSName (2)
        dNSName: substrate.office.com
        GeneralName: dNSName (2)
        dNSName: attachment.outlook.live.net
        GeneralName: dNSName (2)
        dNSName: attachment.outlook.office.net
        GeneralName: dNSName (2)
        dNSName: attachment.outlook.officeppe.net
        GeneralName: dNSName (2)
        dNSName: attachments.office.net
        GeneralName: dNSName (2)
        dNSName: *.clo.footprintdns.com
        GeneralName: dNSName (2)
        dNSName: *.nrb.footprintdns.com
        GeneralName: dNSName (2)
        dNSName: ccs.login.microsoftonline.com
        GeneralName: dNSName (2)
        dNSName: ccs-sdf.login.microsoftonline.com
        GeneralName: dNSName (2)
        dNSName: substrate-sdf.office.com
        GeneralName: dNSName (2)
        dNSName: attachments-sdf.office.net
        GeneralName: dNSName (2)
        dNSName: *.live.com
        GeneralName: dNSName (2)
        dNSName: mail.services.live.com
        GeneralName: dNSName (2)
        dNSName: hotmail.com
        GeneralName: dNSName (2)
        dNSName: *.hotmail.com
        Extension (id-ce-keyUsage)
        Extension Id: 2.5.29.15 (id-ce-keyUsage)
        critical: True
        Padding: 5
        KeyUsage: a0 (digitalSignature, keyEncipherment)
        1... .... = digitalSignature: True
        .0.. .... = contentCommitment: False
        ..1. .... = keyEncipherment: True
        Extension (id-ce-extKeyUsage)
        Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
        KeyPurposeIDs: 2 items
        KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
        KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
        Extension (id-ce-cRLDistributionPoints)
        Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints)
        CRLDistPointsSyntax: 2 items
        DistributionPoint
        distributionPoint: fullName (0)
        fullName: 1 item
        GeneralName: uniformResourceIdentifier (6)
        uniformResourceIdentifier: http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl
        DistributionPoint
        distributionPoint: fullName (0)
        fullName: 1 item
        GeneralName: uniformResourceIdentifier (6)
        uniformResourceIdentifier: http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl
        Extension (id-ce-certificatePolicies)
        Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
        CertificatePoliciesSyntax: 2 items
        PolicyInformation
        policyIdentifier: 2.16.840.1.114412.1.1 (US company arc.114412.1.1)
        policyQualifiers: 1 item
        PolicyQualifierInfo
        Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
        DirectoryString: https://www.digicert.com/CPS
        PolicyInformation
        policyIdentifier: 2.23.140.1.2.2 (joint-iso-itu-t.23.140.1.2.2)
        Extension (id-pe-authorityInfoAccessSyntax)
        Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccessSyntax)
        AuthorityInfoAccessSyntax: 2 items
        AccessDescription
        accessMethod: 1.3.6.1.5.5.7.48.1 (id-pkix.48.1)
        accessLocation: 6
        uniformResourceIdentifier: http://ocspx.digicert.com
        AccessDescription
        accessMethod: 1.3.6.1.5.5.7.48.2 (id-pkix.48.2)
        accessLocation: 6
        uniformResourceIdentifier: http://cacerts.digicert.com/DigiCertCloudServicesCA-1.crt
        Extension (id-ce-basicConstraints)
        Extension Id: 2.5.29.19 (id-ce-basicConstraints)
        critical: True
        BasicConstraintsSyntax [0 length]
        Extension (SignedCertificateTimestampList)
        Extension Id: 1.3.6.1.4.1.11129.2.4.2 (SignedCertificateTimestampList)
        Serialized SCT List Length: 360
        Signed Certificate Timestamp (Google 'Skydiver' log)
        Serialized SCT Length: 118
        SCT Version: 0
        Log ID: bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a...
        Timestamp: Apr 11, 2019 23:37:04.829000000 UTC
        Extensions length: 0
        Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
        Signature Length: 71
        Signature: 3045022100aa97825bde05b3bec5fb643e2727cd77fa79f4...
        Signed Certificate Timestamp (DigiCert CT2 log)
        Serialized SCT Length: 118
        SCT Version: 0
        Log ID: 8775bfe7597cf88c43995fbdf36eff568d475636ff4ab560...
        Timestamp: Apr 11, 2019 23:37:05.099000000 UTC
        Extensions length: 0
        Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
        Signature Length: 71
        Signature: 3045022066b187e5be61291bb4e32d1cf5aa1cf4ca613b65...
        Signed Certificate Timestamp (Unknown Log)
        Serialized SCT Length: 118
        SCT Version: 0
        Log ID: 4494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b5...
        Timestamp: Apr 11, 2019 23:37:04.706000000 UTC
        Extensions length: 0
        Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
        Signature Length: 71
        Signature: 304502210082d38095e403ba33b3cd5192cc071c9bd16dd8...
        algorithmIdentifier (sha256WithRSAEncryption)
        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
        Padding: 0
        encrypted: 45c88b77814a7fc3627ac8e742238d22cfb14bc4805a3db7...
      - Certificate Length: 1174
      - Certificate: 308204923082037aa0030201020210019ec1c6bd3f597bb2... (id-at-commonName=DigiCert Cloud Services CA-1,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
        signedCertificate
        version: v3 (2)
        serialNumber: 0x019ec1c6bd3f597bb20c3338e551d877
        signature (sha256WithRSAEncryption)
        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
        issuer: rdnSequence (0)
        rdnSequence: 4 items (id-at-commonName=DigiCert Global Root CA,id-at-organizationalUnitName=www.digicert.com,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
        RDNSequence item: 1 item (id-at-countryName=US)
        RelativeDistinguishedName item (id-at-countryName=US)
        Id: 2.5.4.6 (id-at-countryName)
        CountryName: US
        RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
        RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
        Id: 2.5.4.10 (id-at-organizationName)
        DirectoryString: printableString (1)
        printableString: DigiCert Inc
        RDNSequence item: 1 item (id-at-organizationalUnitName=www.digicert.com)
        RelativeDistinguishedName item (id-at-organizationalUnitName=www.digicert.com)
        Id: 2.5.4.11 (id-at-organizationalUnitName)
        DirectoryString: printableString (1)
        printableString: www.digicert.com
        RDNSequence item: 1 item (id-at-commonName=DigiCert Global Root CA)
        RelativeDistinguishedName item (id-at-commonName=DigiCert Global Root CA)
        Id: 2.5.4.3 (id-at-commonName)
        DirectoryString: printableString (1)
        printableString: DigiCert Global Root CA
        validity
        notBefore: utcTime (0)
        utcTime: 15-08-04 12:00:00 (UTC)
        notAfter: utcTime (0)
        utcTime: 30-08-04 12:00:00 (UTC)
        subject: rdnSequence (0)
        rdnSequence: 3 items (id-at-commonName=DigiCert Cloud Services CA-1,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
        RDNSequence item: 1 item (id-at-countryName=US)
        RelativeDistinguishedName item (id-at-countryName=US)
        Id: 2.5.4.6 (id-at-countryName)
        CountryName: US
        RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
        RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
        Id: 2.5.4.10 (id-at-organizationName)
        DirectoryString: printableString (1)
        printableString: DigiCert Inc
        RDNSequence item: 1 item (id-at-commonName=DigiCert Cloud Services CA-1)
        RelativeDistinguishedName item (id-at-commonName=DigiCert Cloud Services CA-1)
        Id: 2.5.4.3 (id-at-commonName)
        DirectoryString: printableString (1)
        printableString: DigiCert Cloud Services CA-1
        subjectPublicKeyInfo
        algorithm (rsaEncryption)
        Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
        subjectPublicKey: 3082010a0282010100d1adf6871479542757c72f05683c9b...
        modulus: 0x00d1adf6871479542757c72f05683c9b3ccd67ec45102c84...
        publicExponent: 65537
        extensions: 7 items
        Extension (id-ce-basicConstraints)
        Extension Id: 2.5.29.19 (id-ce-basicConstraints)
        critical: True
        BasicConstraintsSyntax
        cA: True
        pathLenConstraint: 0
        Extension (id-ce-keyUsage)
        Extension Id: 2.5.29.15 (id-ce-keyUsage)
        critical: True
        Padding: 1
        KeyUsage: 86 (digitalSignature, keyCertSign, cRLSign)
        1... .... = digitalSignature: True
        .0.. .... = contentCommitment: False
        ..0. .... = keyEncipherment: False
        ...0 .... = dataEncipherment: False
        .... 0... = keyAgreement: False
        .... .1.. = keyCertSign: True
        .... ..1. = cRLSign: True
        Extension (id-pe-authorityInfoAccessSyntax)
        Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccessSyntax)
        AuthorityInfoAccessSyntax: 1 item
        AccessDescription
        accessMethod: 1.3.6.1.5.5.7.48.1 (id-pkix.48.1)
        accessLocation: 6
        uniformResourceIdentifier: http://ocsp.digicert.com
        Extension (id-ce-cRLDistributionPoints)
        Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints)
        CRLDistPointsSyntax: 2 items
        DistributionPoint
        distributionPoint: fullName (0)
        fullName: 1 item
        GeneralName: uniformResourceIdentifier (6)
        uniformResourceIdentifier: http://crl4.digicert.com/DigiCertGlobalRootCA.crl
        DistributionPoint
        distributionPoint: fullName (0)
        fullName: 1 item
        GeneralName: uniformResourceIdentifier (6)
        uniformResourceIdentifier: http://crl3.digicert.com/DigiCertGlobalRootCA.crl
        Extension (id-ce-certificatePolicies)
        Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
        CertificatePoliciesSyntax: 1 item
        PolicyInformation
        policyIdentifier: 2.5.29.32.0 (id-ce-certificatePolicies.0)
        policyQualifiers: 1 item
        PolicyQualifierInfo
        Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
        DirectoryString: https://www.digicert.com/CPS
        Extension (id-ce-subjectKeyIdentifier)
        Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
        SubjectKeyIdentifier: dd51d0a23173a973ae8fb4017e5d8c57cb9ff0f7
        Extension (id-ce-authorityKeyIdentifier)
        Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
        AuthorityKeyIdentifier
        keyIdentifier: 03de503556d14cbb66f0a3e21b1bc397b23dd155
        algorithmIdentifier (sha256WithRSAEncryption)
        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
        Padding: 0
        encrypted: 0829c4c8a6feb43828f7a319678cea053b0e4b4062621e3c...
  - Handshake Protocol: Certificate Status
    - Handshake Type: Certificate Status (22)
    - Length: 475
    - Certificate Status Type: OCSP (1)
    - OCSP Response Length: 471
  - Handshake Protocol: Server Key Exchange
    - Handshake Type: Server Key Exchange (12)
    - Length: 329
    - EC Diffie-Hellman Server Params
      - Curve Type: named_curve (0x03)
      - Named Curve: secp256r1 (0x0017)
      - Pubkey Length: 65
      - Pubkey: 04638a7943f1705fdfd50473fa016e03b272d892dada96cf...
      - Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: RSA (1)
      - Signature Length: 256
      - Signature: 16fbec0856903a62a6dea5ac04de8e094b0f527da3857b0c...
  - Handshake Protocol: Certificate Request
    - Handshake Type: Certificate Request (13)
    - Length: 26
    - Certificate types count: 3
    - Certificate types (3 types)
      - Certificate type: RSA Sign (1)
      - Certificate type: DSS Sign (2)
      - Certificate type: ECDSA Sign (64)
    - Signature Hash Algorithms Length: 18
    - Signature Hash Algorithms (9 algorithms)
      - Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: RSA (1)
      - Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
        Signature Hash Algorithm Hash: SHA384 (5)
        Signature Hash Algorithm Signature: RSA (1)
      - Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: RSA (1)
      - Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
      - Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
        Signature Hash Algorithm Hash: SHA384 (5)
        Signature Hash Algorithm Signature: ECDSA (3)
      - Signature Algorithm: ecdsa_sha1 (0x0203)
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: ECDSA (3)
      - Signature Algorithm: SHA1 DSA (0x0202)
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: DSA (2)
      - Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
        Signature Hash Algorithm Hash: SHA512 (6)
        Signature Hash Algorithm Signature: RSA (1)
      - Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
        Signature Hash Algorithm Hash: SHA512 (6)
        Signature Hash Algorithm Signature: ECDSA (3)
    - Distinguished Names Length: 0
  - Handshake Protocol: Server Hello Done
    - Handshake Type: Server Hello Done (14)
    - Length: 0

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅæ.P..@....

Frame 23: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4730, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 4730 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x0b8a [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  600b987300990640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8a97
0040  cac5e68a50000140  03ae000016030300
0050  4d0b000003000000  100000424104c817
0060  187dba95718c93cf  cd4075eba2456677
0070  bfc0b0659ad97fdf  12854fcb560e9ae2
0080  f185c8f8ae23b232  e0bce364c5d083ff
0090  9a9724140a42b1b2  d15a8a41cd711403
00A0  0300011603030028

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅæ.P..@.®......
0050  M..........BA.È.
0060  .}º.q..ÏÍ@uë¢Efw
0070  ¿À°e.Ù.ß..OËV..â
0080  ñ.Èø®#²2à¼ãdÅÐ.ÿ
0090  ..$..B±²ÑZ.AÍq..
00A0  .......(

Frame 24: 209 bytes on wire (1672 bits), 209 bytes captured (1672 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 153
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 576, Ack: 4730, Len: 133
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 133
- Sequence number: 576 (relative sequence number)
- Acknowledgment number: 4730 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x03ae [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
  - Content Type: Handshake (22)
  - Version: TLS 1.2 (0x0303)
  - Length: 77
  - Handshake Protocol: Certificate
    - Handshake Type: Certificate (11)
    - Length: 3
    - Certificates Length: 0
  - Handshake Protocol: Client Key Exchange
    - Handshake Type: Client Key Exchange (16)
    - Length: 66
    - EC Diffie-Hellman Client Params
      - Pubkey Length: 65
      - Pubkey: 04c817187dba95718c93cfcd4075eba2456677bfc0b0659a...
- TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
  - Content Type: Change Cipher Spec (20)
  - Version: TLS 1.2 (0x0303)
  - Length: 1
  - Change Cipher Spec Message
- TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
  - Content Type: Handshake (22)
  - Version: TLS 1.2 (0x0303)
  - Length: 40
  - Handshake Protocol: Encrypted Handshake Message

0000  0004fffe00000000  00000000000086dd
0010  600b987300610640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8b1c
0040  cac5e68a50000140  1958000017030300
0050  4800000000000000  01334877ad4dbfb5
0060  88b09ab1d656b2c3  e4b323fbf1e1961a
0070  172485925c63e1a0  31b506fbfc3950e7
0080  c7f870a223948c86  1eb9acdb3389acb9
0090  9217e35771a3af51  10

0000  ..ÿþ...........Ý
0010  `..s.a.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅæ.P..@.X......
0050  H........3Hw.M¿µ
0060  .°.±ÖV²Ãä³#ûñá..
0070  .$..\cá.1µ.ûü9Pç
0080  Çøp¢#....¹¬Û3.¬¹
0090  ..ãWq£¯Q.

Frame 25: 153 bytes on wire (1224 bits), 153 bytes captured (1224 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 97
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 709, Ack: 4730, Len: 77
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 77
- Sequence number: 709 (relative sequence number)
- Acknowledgment number: 4730 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x1958 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 72
  - Encrypted Application Data: 0000000000000001334877ad4dbfb588b09ab1d656b2c3e4...

0000  0000fffe00000000  00000000000086dd
0010  6000000000470673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e68a
0040  84ad8b1c50008000  b829000014030300
0050  01001603030028

0000  ..ÿþ...........Ý
0010  `....G.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅæ.
0040  ....P...¸)......
0050  ......(

Frame 26: 127 bytes on wire (1016 bits), 127 bytes captured (1016 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 71
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 4730, Ack: 709, Len: 51
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 51
- Sequence number: 4730 (relative sequence number)
- Acknowledgment number: 709 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xb829 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
  - Content Type: Change Cipher Spec (20)
  - Version: TLS 1.2 (0x0303)
  - Length: 1
  - Change Cipher Spec Message
- TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
  - Content Type: Handshake (22)
  - Version: TLS 1.2 (0x0303)
  - Length: 40
  - Handshake Protocol: Encrypted Handshake Message

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...i
0040  ÊÅæ½P..@....

Frame 27: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 4781, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 786 (relative sequence number)
- Acknowledgment number: 4781 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 320
- Calculated window size: 40960
- Window size scaling factor: 128
- Checksum: 0x0a85 [unverified]
- Urgent pointer: 0

0000  0000fffe00000000  00000000000086dd
0010  60000000011f0673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e6bd
0040  84ad8b6950008000  2483000017030301
0050  0600000000000000  01189fafad0f0b5f
0060  f1e1af1584db55aa  177daf890de09c57
0070  c74057fed58064d5  c63d46d68ff096fd
0080  3066da2e922c9ec5  123bd7521a5f7d99
0090  d410c8272558c467  9adf27fc7ddcd82b
00A0  777a50cd3a363173  1790b3da23b9a8e4
00B0  3c3358c61f4beb0a  5af1740dca31bc2a
00C0  5ae24d3a7aef706f  d5db6846b420c7fb
00D0  5b6767ee9b4e444b  57acec24c406b6ab
00E0  af94a5967ee53c7c  05828d8120cbbd9f
00F0  628a1134a81af6e6  e8b746bae54a03cc
0100  dbf2385150412521  446a500877975038
0110  14809bf8a23579eb  a736dbac0aad3cfa
0120  7a01177dd619d441  33fc374c47c5da68
0130  9bd19fee3a9655c0  0d3c297dd6ca8918
0140  fbe12a9fd66bed56  1944422223f23c2b
0150  59aa48ad8c6d7c

0000  ..ÿþ...........Ý
0010  `......s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅæ½
0040  ...iP...$.......
0050  ...........¯..._
0060  ñá¯..ÛUª.}¯..à.W
0070  Ç@WþÕ.dÕÆ=FÖ.ð.ý
0080  0fÚ..,.Å.;×R._}.
0090  Ô.È'%XÄg.ß'ü}ÜØ+
00A0  wzPÍ:61s..³Ú#¹¨ä
00B0  <3XÆ.Kë.Zñt.Ê1¼*
00C0  ZâM:zïpoÕÛhF´ Çû
00D0  [ggî.NDKW¬ì$Ä.¶«
00E0  ¯.¥.~å<|.... Ë½.
00F0  b..4¨.öæè·FºåJ.Ì
0100  Ûò8QPA%!DjP.w.P8
0110  ...ø¢5yë§6Û¬..<ú
0120  z..}Ö.ÔA3ü7LGÅÚh
0130  .Ñ.î:.UÀ.<)}ÖÊ..
0140  ûá*.ÖkíV.DB"#ò<+
0150  YªH..m|

Frame 28: 343 bytes on wire (2744 bits), 343 bytes captured (2744 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 287
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 4781, Ack: 786, Len: 267
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 267
- Sequence number: 4781 (relative sequence number)
- Acknowledgment number: 786 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x2483 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 262
  - Encrypted Application Data: 0000000000000001189fafad0f0b5ff1e1af1584db55aa17...

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...i
0040  ÊÅçÈP..S.g..

Frame 29: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 5048, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 786 (relative sequence number)
- Acknowledgment number: 5048 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x0967 [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  600b9873003d0640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8b69
0040  cac5e7c850000153  aa74000017030300
0050  2400000000000000  02bf0200914c4369
0060  e25ba85043840b60  bedb70949eb439ec
0070  f1b198f4db

0000  ..ÿþ...........Ý
0010  `..s.=.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...i
0040  ÊÅçÈP..Sªt......
0050  $........¿...LCi
0060  â[¨PC..`¾Ûp..´9ì
0070  ñ±.ôÛ

Frame 30: 117 bytes on wire (936 bits), 117 bytes captured (936 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 61
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 786, Ack: 5048, Len: 41
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 41
- Sequence number: 786 (relative sequence number)
- Acknowledgment number: 5048 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xaa74 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 36
  - Encrypted Application Data: 0000000000000002bf0200914c4369e25ba85043840b60be...

0000  0000fffe00000000  00000000000086dd
0010  6000000000430673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e7c8
0040  84ad8b9250008000  75a6000017030300
0050  2a00000000000000  029250446b35c5ad
0060  8c803f5474388dc0  5cdcc532ae2fb83b
0070  7927092001b32475  2f3e1f

0000  ..ÿþ...........Ý
0010  `....C.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅçÈ
0040  ....P...u¦......
0050  *.........PDk5Å.
0060  ..?Tt8.À\ÜÅ2®/¸;
0070  y'. .³$u/>.

Frame 31: 123 bytes on wire (984 bits), 123 bytes captured (984 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 67
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5048, Ack: 827, Len: 47
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 47
- Sequence number: 5048 (relative sequence number)
- Acknowledgment number: 827 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x75a6 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 42
  - Encrypted Application Data: 00000000000000029250446b35c5ad8c803f5474388dc05c...

0000  0004fffe00000000  00000000000086dd
0010  600b9873005f0640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8b92
0040  cac5e7f750000153  b70d000017030300
0050  4600000000000000  03519ab34441be76
0060  0060eda848d56fdd  f35d5cea3a12d999
0070  799c758f0a308666  fd299f219619cf0e
0080  b106c36e59f4b732  64ba5bf67861c487
0090  b9f67ca0eb3920

0000  ..ÿþ...........Ý
0010  `..s._.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅç÷P..S·.......
0050  F........Q.³DA¾v
0060  .`í¨HÕoÝó]\ê:.Ù.
0070  y.u..0.fý).!..Ï.
0080  ±.ÃnYô·2dº[öxaÄ.
0090  ¹ö|.ë9

Frame 32: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 95
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 827, Ack: 5095, Len: 75
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 75
- Sequence number: 827 (relative sequence number)
- Acknowledgment number: 5095 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xb70d [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 70
  - Encrypted Application Data: 0000000000000003519ab34441be760060eda848d56fddf3...

0000  0000fffe00000000  00000000000086dd
0010  6000000000430673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e7f7
0040  84ad8bdd50008000  a8a5000017030300
0050  2a00000000000000  03d91257c5cc0a6d
0060  28070d5000490ee9  7765a00d0243b61f
0070  2a27ffdb95252e69  88db2c

0000  ..ÿþ...........Ý
0010  `....C.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅç÷
0040  ...ÝP...¨¥......
0050  *........Ù.WÅÌ.m
0060  (..P.I.éwe...C¶.
0070  *'ÿÛ.%.i.Û,

Frame 33: 123 bytes on wire (984 bits), 123 bytes captured (984 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 67
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5095, Ack: 902, Len: 47
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 47
- Sequence number: 5095 (relative sequence number)
- Acknowledgment number: 902 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xa8a5 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 42
  - Encrypted Application Data: 0000000000000003d91257c5cc0a6d28070d5000490ee977...

0000  0004fffe00000000  00000000000086dd
0010  600b987300430640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8bdd
0040  cac5e82650000153  59f5000017030300
0050  2a00000000000000  04fd8b42cd885adb
0060  89f482b2c9f1bd28  07eec204f9a09f00
0070  cb19827aa94921b0  8bdd17

0000  ..ÿþ...........Ý
0010  `..s.C.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...Ý
0040  ÊÅè&P..SYõ......
0050  *........ý.BÍ.ZÛ
0060  .ô.²Éñ½(.îÂ.ù...
0070  Ë..z©I!°.Ý.

Frame 34: 123 bytes on wire (984 bits), 123 bytes captured (984 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 67
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 902, Ack: 5142, Len: 47
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 47
- Sequence number: 902 (relative sequence number)
- Acknowledgment number: 5142 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x59f5 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 42
  - Encrypted Application Data: 0000000000000004fd8b42cd885adb89f482b2c9f1bd2807...

0000  0000fffe00000000  00000000000086dd
0010  6000000000140673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e826
0040  84ad8c0c50008000  89b80000

0000  ..ÿþ...........Ý
0010  `......s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅè&
0040  ....P....¸..

Frame 35: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5142, Ack: 949, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5142 (relative sequence number)
- Acknowledgment number: 949 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x89b8 [unverified]
- Urgent pointer: 0

0000  0000fffe00000000  00000000000086dd
0010  6000000000560673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e826
0040  84ad8c0c50008000  9be6000017030300
0050  3d00000000000000  045591dadd6e7567
0060  d6991171e3b996e3  721af9fd0c5f64fe
0070  306b23b8eab18593  35fe7fa42f69c042
0080  124ea65f8a7b39e7  f1b229456ba0

0000  ..ÿþ...........Ý
0010  `....V.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅè&
0040  ....P....æ......
0050  =........U.ÚÝnug
0060  Ö..qã¹.ãr.ùý._dþ
0070  0k#¸ê±..5þ.¤/iÀB
0080  .N¦_.{9çñ²)Ek.

Frame 36: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 86
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5142, Ack: 949, Len: 66
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 66
- Sequence number: 5142 (relative sequence number)
- Acknowledgment number: 949 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x9be6 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 61
  - Encrypted Application Data: 00000000000000045591dadd6e7567d6991171e3b996e372...

0000  0004fffe00000000  00000000000086dd
0010  600b987300760640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8c0c
0040  cac5e86850000153  f61f000017030300
0050  5d00000000000000  05c132e47fe302d1
0060  6443e53fe348b5e8  5ce3480d086f522e
0070  37d3b768332ecac9  35b3f0e91762d315
0080  eec40f2ff8ec30d9  3318e28574f8d2f8
0090  c6c56e2006f05cde  29760301a88fecfe
00A0  cea213a0fcd7b0f0  7f4a6f3ea018

0000  ..ÿþ...........Ý
0010  `..s.v.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅèhP..Sö.......
0050  ]........Á2ä.ã.Ñ
0060  dCå?ãHµè\ãH..oR.
0070  7Ó·h3.ÊÉ5³ðé.bÓ.
0080  îÄ./øì0Ù3.â.tøÒø
0090  ÆÅn .ð\Þ)v..¨.ìþ
00A0  Î¢..ü×°ð.Jo>..

Frame 37: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 118
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 949, Ack: 5208, Len: 98
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 98
- Sequence number: 949 (relative sequence number)
- Acknowledgment number: 5208 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xf61f [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 93
  - Encrypted Application Data: 0000000000000005c132e47fe302d16443e53fe348b5e85c...

0000  0000fffe00000000  00000000000086dd
0010  6000000000460673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e868
0040  84ad8c6e50008000  d448000017030300
0050  2d00000000000000  05c9be93d0953c5d
0060  12c162cc5b04bb69  27312dcad40cab2e
0070  8b5fb096544ae54f  373440be4e89

0000  ..ÿþ...........Ý
0010  `....F.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅèh
0040  ...nP...ÔH......
0050  -........É¾.Ð.<]
0060  .ÁbÌ[.»i'1-ÊÔ.«.
0070  ._°.TJåO74@¾N.

Frame 38: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 70
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5208, Ack: 1047, Len: 50
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 50
- Sequence number: 5208 (relative sequence number)
- Acknowledgment number: 1047 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xd448 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 45
  - Encrypted Application Data: 0000000000000005c9be93d0953c5d12c162cc5b04bb6927...

0000  0004fffe00000000  00000000000086dd
0010  600b9873005d0640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8c6e
0040  cac5e89a50000153  37c5000017030300
0050  4400000000000000  067f4fae1196b597
0060  569db4b448dca860  59296dd19a14feb0
0070  3bdeb70dd37ef6c2  172618d6bd1607a8
0080  8c64a3c50785887f  c4bf988b62dfbc42
0090  5515403174

0000  ..ÿþ...........Ý
0010  `..s.].@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...n
0040  ÊÅè.P..S7Å......
0050  D.........O®..µ.
0060  V.´´HÜ¨`Y)mÑ..þ°
0070  ;Þ·.Ó~öÂ.&.Ö½..¨
0080  .d£Å....Ä¿..bß¼B
0090  U.@1t

Frame 39: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 93
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1047, Ack: 5258, Len: 73
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 73
- Sequence number: 1047 (relative sequence number)
- Acknowledgment number: 5258 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x37c5 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 68
  - Encrypted Application Data: 00000000000000067f4fae1196b597569db4b448dca86059...

0000  0000fffe00000000  00000000000086dd
0010  6000000000490673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e89a
0040  84ad8cb750008000  3e32000017030300
0050  3000000000000000  0612bd0e79016061
0060  df78eabf99a01040  b3c54090ed377ea2
0070  9ce743e5fa98b1e7  4b851fab8cf2d9e8
0080  30

0000  ..ÿþ...........Ý
0010  `....I.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅè.
0040  ...·P...>2......
0050  0.........½.y.`a
0060  ßxê¿...@³Å@.í7~¢
0070  .çCåú.±çK..«.òÙè
0080  0

Frame 40: 129 bytes on wire (1032 bits), 129 bytes captured (1032 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 73
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5258, Ack: 1120, Len: 53
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 53
- Sequence number: 5258 (relative sequence number)
- Acknowledgment number: 1120 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x3e32 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 48
  - Encrypted Application Data: 000000000000000612bd0e79016061df78eabf99a01040b3...

0000  0004fffe00000000  00000000000086dd
0010  600b987300370640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8cb7
0040  cac5e8cf50000153  c6b6000017030300
0050  1e00000000000000  071e0c2309a10b7e
0060  05ec78a0a30c4fe2  997a81052fd124

0000  ..ÿþ...........Ý
0010  `..s.7.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...·
0040  ÊÅèÏP..SÆ¶......
0050  ...........#.¡.~
0060  .ìx.£.Oâ.z../Ñ$

Frame 41: 111 bytes on wire (888 bits), 111 bytes captured (888 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 55
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1120, Ack: 5311, Len: 35
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 35
- Sequence number: 1120 (relative sequence number)
- Acknowledgment number: 5311 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0xc6b6 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 30
  - Encrypted Application Data: 00000000000000071e0c2309a10b7e05ec78a0a30c4fe299...

0000  0000fffe00000000  00000000000086dd
0010  60000000005f0673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e8cf
0040  84ad8cda50008000  35e9000017030300
0050  4600000000000000  0710840cc7ab8ebe
0060  d8e8685cf056c1fa  ad3b2832f025b79b
0070  74608c9953f80dd6  ed7020256a30adf9
0080  14b7b055516547f4  4f2494fc9fa2b7b2
0090  17b7ff4b054c61

0000  ..ÿþ...........Ý
0010  `...._.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅèÏ
0040  ...ÚP...5é......
0050  F...........Ç«.¾
0060  Øèh\ðVÁú.;(2ð%·.
0070  t`..Sø.Öíp %j0.ù
0080  .·°UQeGôO$.ü.¢·²
0090  .·ÿK.La

Frame 42: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 95
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5311, Ack: 1155, Len: 75
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 75
- Sequence number: 5311 (relative sequence number)
- Acknowledgment number: 1155 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x35e9 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 70
  - Encrypted Application Data: 000000000000000710840cc7ab8ebed8e8685cf056c1faad...

0000  0004fffe00000000  00000000000086dd
0010  600b987302070640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8cda
0040  cac5e91a50000153  05e6000017030301
0050  ee00000000000000  08522bc4b57997c6
0060  c284a7ef12ff1345  1b0ce5b09c7b9605
0070  4ed86be10953a4f8  ac9ee0951aaf8f50
0080  9cb71316c38952f3  c91c1c9cf4d02b41
0090  8148cdd1f8eb2a62  f4f6b111598c354e
00A0  46bff39a3fc9e5e7  9a1f67a1ce2bc4ef
00B0  7a1c931fb1894487  aac73a5f15c3f1a8
00C0  ade4a416598e85cc  9226688a1c414fc3
00D0  e7924f5a1564e0f1  198396e078b07986
00E0  62ce9af9509d135c  c6e84a7a07563337
00F0  990a6a0e9af79b51  775f663ada7efe7d
0100  a920097a2fe05e68  817a9031c777d441
0110  f1399f2b595ab475  a826e204269b58dc
0120  5f56b0d2b2b81ba5  7055f60162571180
0130  01c611afeff892bc  a08cd18f5561f4db
0140  91b170c81cbcc9df  0f47794c9599bcb6
0150  a4567cd1c0bfa6c4  27925706badea763
0160  f6c4ed64620c0298  7931b2a99340b710
0170  151fcdf0643b3557  49f26101ef8cc56a
0180  4ed7147e4f7f8525  ddb69e08abbfd790
0190  8428ddcc580a7128  42d96157902a8f8d
01A0  9f4b6471e3d14294  8e0aae3a35444c1f
01B0  a5ef6c01cdcedcf2  8a732a5148957a55
01C0  cfd4d47481fa8eed  fb58ef3c26cff5b4
01D0  249a46a0896c4bde  95af7e6960e2600c
01E0  84c5b19f9de43737  8a3546196ba83371
01F0  37ec6f534850df84  43f68dad0a9119ea
0200  e517de7495c65f83  af78e57a8e493403
0210  b6da939d6151f717  9e27479fbde438f4
0220  20c873a6321601fc  cd8ed9e1c8e2bbdf
0230  e9817e3ab1fc74ef  fd32c275a23680

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...Ú
0040  ÊÅé.P..S.æ......
0050  î........R+Äµy.Æ
0060  Â.§ï.ÿ.E..å°.{..
0070  NØká.S¤ø¬.à..¯.P
0080  .·..Ã.RóÉ...ôÐ+A
0090  .HÍÑøë*bôö±.Y.5N
00A0  F¿ó.?Éåç..g¡Î+Äï
00B0  z...±.D.ªÇ:_.Ãñ¨
00C0  .ä¤.Y..Ì.&h..AOÃ
00D0  ç.OZ.dàñ...àx°y.
00E0  bÎ.ùP..\ÆèJz.V37
00F0  ..j..÷.Qw_f:Ú~þ}
0100  © .z/à^h.z.1ÇwÔA
0110  ñ9.+YZ´u¨&â.&.XÜ
0120  _V°Ò²¸.¥pUö.bW..
0130  .Æ.¯ïø.¼..Ñ.UaôÛ
0140  .±pÈ.¼Éß.GyL..¼¶
0150  ¤V|ÑÀ¿¦Ä'.W.ºÞ§c
0160  öÄídb...y1²©.@·.
0170  ..Íðd;5WIòa.ï.Åj
0180  N×.~O..%Ý¶..«¿×.
0190  .(ÝÌX.q(BÙaW.*..
01A0  .KdqãÑB...®:5DL.
01B0  ¥ïl.ÍÎÜò.s*QH.zU
01C0  ÏÔÔt.ú.íûXï<&Ïõ´
01D0  $.F..lKÞ.¯~i`â`.
01E0  .Å±..ä77.5F.k¨3q
01F0  7ìoSHPß.Cö.....ê
0200  å.Þt.Æ_.¯xåz.I4.
0210  ¶Ú..aQ÷..'G.½ä8ô
0220   Ès¦2..üÍ.ÙáÈâ»ß
0230  é.~:±ütïý2Âu¢6.

Frame 43: 575 bytes on wire (4600 bits), 575 bytes captured (4600 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 519
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1155, Ack: 5386, Len: 499
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 499
- Sequence number: 1155 (relative sequence number)
- Acknowledgment number: 5386 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 339
- Calculated window size: 43392
- Window size scaling factor: 128
- Checksum: 0x05e6 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 494
  - Encrypted Application Data: 0000000000000008522bc4b57997c6c284a7ef12ff13451b...

0000  ..ÿþ...........Ý
0010  `......s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅé.
0040  ...ÍP.......

Frame 44: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5386, Ack: 1654, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5386 (relative sequence number)
- Acknowledgment number: 1654 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x8603 [unverified]
- Urgent pointer: 0

0000  0000fffe00000000  00000000000086dd
0010  6000000000a60673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e91a
0040  84ad8ecd50008000  e10d000017030300
0050  8d00000000000000  08391354dcd9e258
0060  705b39796bd791b5  9a170bd10cd827e7
0070  4727eb13e5558637  07e004251b8f4142
0080  85805c34309f2610  a38197b7daee76e9
0090  c1f103a7543b6a03  41b46ba6bf44d586
00A0  49ac7d7a0e4c78af  20eb70e605af3341
00B0  cd4ac0294d11a294  8d5168de980df7ed
00C0  31146207316f198e  7419ee87638e9773
00D0  6b0cafa2998fa451  98cd15a0af97

0000  ..ÿþ...........Ý
0010  `....¦.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅé.
0040  ...ÍP...á.......
0050  .........9.TÜÙâX
0060  p[9yk×.µ...Ñ.Ø'ç
0070  G'ë.åU.7.à.%..AB
0080  ..\40.&.£..·Úîvé
0090  Áñ.§T;j.A´k¦¿DÕ.
00A0  I¬}z.Lx¯ ëpæ.¯3A
00B0  ÍJÀ)M.¢..QhÞ..÷í
00C0  1.b.1o..t.î.c..s
00D0  k.¯¢..¤Q.Í..¯.

Frame 45: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 166
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5386, Ack: 1654, Len: 146
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 146
- Sequence number: 5386 (relative sequence number)
- Acknowledgment number: 1654 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xe10d [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 141
  - Encrypted Application Data: 0000000000000008391354dcd9e258705b39796bd791b59a...

0000  0004fffe00000000  00000000000086dd
0010  600b987300370640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8ecd
0040  cac5e9ac50000167  8e32000017030300
0050  1e00000000000000  09bb7ee8295bc5b6
0060  15dc15ac083d9adb  d347386a0ca1df

0000  ..ÿþ...........Ý
0010  `..s.7.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...Í
0040  ÊÅé¬P..g.2......
0050  .........»~è)[Å¶
0060  .Ü.¬.=.ÛÓG8j.¡ß

Frame 46: 111 bytes on wire (888 bits), 111 bytes captured (888 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 55
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1654, Ack: 5532, Len: 35
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 35
- Sequence number: 1654 (relative sequence number)
- Acknowledgment number: 5532 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x8e32 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 30
  - Encrypted Application Data: 0000000000000009bb7ee8295bc5b615dc15ac083d9adbd3...

0000  0000fffe00000000  00000000000086dd
0010  6000000000610673  2603102602070014
0020  0000000000000002  200106a83081a001
0030  0130010402400230  024baa14cac5e9ac
0040  84ad8ef050008000  a8bb000017030300
0050  4800000000000000  094c453ebcf416ad
0060  684a48d2d48e4ce9  3968549e7f2b8b56
0070  283d132fd1fa9d02  1938c6a197ec318d
0080  d9cbdac7e215ad43  81014c158a8faf39
0090  666fd73b127c7f3e  7f

0000  ..ÿþ...........Ý
0010  `....a.s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅé¬
0040  ...ðP...¨»......
0050  H........LE>¼ô..
0060  hJHÒÔ.Lé9hT..+.V
0070  (=./Ñú...8Æ¡.ì1.
0080  ÙËÚÇâ..C..L...¯9
0090  fo×;.|.>.

Frame 47: 153 bytes on wire (1224 bits), 153 bytes captured (1224 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 97
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5532, Ack: 1689, Len: 77
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 77
- Sequence number: 5532 (relative sequence number)
- Acknowledgment number: 1689 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0xa8bb [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Application Data Protocol: smtp
  - Content Type: Application Data (23)
  - Version: TLS 1.2 (0x0303)
  - Length: 72
  - Encrypted Application Data: 00000000000000094c453ebcf416ad684a48d2d48e4ce939...

0000  0004fffe00000000  00000000000086dd
0010  600b987300330640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8ef0
0040  cac5e9f950000167  24c6000015030300
0050  1a

0000  ..ÿþ...........Ý
0010  `..s.3.@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K...ð
0040  ÊÅéùP..g$Æ......
0050  .

Frame 48: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 51
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1689, Ack: 5609, Len: 31
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 31
- Sequence number: 1689 (relative sequence number)
- Acknowledgment number: 5609 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x24c6 [unverified]
- Urgent pointer: 0
Secure Sockets Layer
- TLSv1.2 Record Layer: Encrypted Alert
  - Content Type: Alert (21)
  - Version: TLS 1.2 (0x0303)
  - Length: 26
  - Alert Message: Encrypted Alert

0000  ..ÿþ...........Ý
0010  `..s...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅéùP..g.{..

Frame 49: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1011 1001 1000 0111 0011 = Flow Label: 0xb9873
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1720, Ack: 5609, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1720 (relative sequence number)
- Acknowledgment number: 5609 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x037b [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `......s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅéù
0040  ....P....á..

Frame 50: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5609, Ack: 1721, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5609 (relative sequence number)
- Acknowledgment number: 1721 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x84e1 [unverified]
- Urgent pointer: 0

0000  ..ÿþ...........Ý
0010  `......s&..&....
0020  ........ ..¨0...
0030  .0...@.0.Kª.ÊÅéù
0040  ....P....à..

Frame 51: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Unicast to us (0)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2603:1026:207:14::2, Dst: 2001:6a8:3081:a001:130:104:240:230
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 115
- Source: 2603:1026:207:14::2
- Destination: 2001:6a8:3081:a001:130:104:240:230
Transmission Control Protocol, Src Port: 587, Dst Port: 43540, Seq: 5609, Ack: 1721, Len: 0
- Source Port: 587
- Destination Port: 43540
- TCP Segment Len: 0
- Sequence number: 5609 (relative sequence number)
- Acknowledgment number: 1721 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 32768
- Calculated window size: 524288
- Window size scaling factor: 16
- Checksum: 0x84e0 [unverified]
- Urgent pointer: 0

0000  0004fffe00000000  00000000000086dd
0010  60092fe200140640  200106a83081a001
0020  0130010402400230  2603102602070014
0030  0000000000000002  aa14024b84ad8f10
0040  cac5e9fa50000167  037a0000

0000  ..ÿþ...........Ý
0010  `./â...@ ..¨0...
0020  .0...@.0&..&....
0030  ........ª..K....
0040  ÊÅéúP..g.z..

Frame 52: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Linux cooked capture
- Packet type: Sent by us (4)
- Link-layer address type: 65534
- Link-layer address length: 0
- Unused: 0000000000000000
- Protocol: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2001:6a8:3081:a001:130:104:240:230, Dst: 2603:1026:207:14::2
- 0110 .... = Version: 6
- .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  - .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  - .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
- .... .... .... 1001 0010 1111 1110 0010 = Flow Label: 0x92fe2
- Payload Length: 20
- Next Header: TCP (6)
- Hop Limit: 64
- Source: 2001:6a8:3081:a001:130:104:240:230
- Destination: 2603:1026:207:14::2
Transmission Control Protocol, Src Port: 43540, Dst Port: 587, Seq: 1721, Ack: 5610, Len: 0
- Source Port: 43540
- Destination Port: 587
- TCP Segment Len: 0
- Sequence number: 1721 (relative sequence number)
- Acknowledgment number: 5610 (relative ack number)
- 0101 .... = Header Length: 20 bytes (5)
- Window size value: 359
- Calculated window size: 45952
- Window size scaling factor: 128
- Checksum: 0x037a [unverified]
- Urgent pointer: 0

Author(s)	Olivier Bonaventure
Deadline	No deadline
Submission limit	No limitation
Category tags	tls

Information

Tags

Sign in

SMTP over TLS

Question 1: The SMTP server

Question 2: Version of TLS

Question 3: Latency

Question 4: A simple SMTP over TLS trace

Information

Tags

Sign in

SMTP over TLS Collapse context

Question 1: The SMTP server

Question 2: Version of TLS

Question 3: Latency

Question 4: A simple SMTP over TLS trace

SMTP over TLS