[libvirt] [PATCH 0/3] Libvirt Wireshark dissector
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com> Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol. This feature was presented by Michal Privoznik year before last[1]. But it did only support dissecting packet headers. This time I enhanced that dissector to support dissecting packet payload. Furthermore, I provide code generator of dissector. So you can get fresh build of dissector from libvirt RPC specification file at any version you like. [1] http://www.redhat.com/archives/libvir-list/2011-October/msg00301.html Yuto KAWAMURA(kawamuray) (3): Exclude files in VC_LIST_ALWAYS_EXCLUDE_REGEX from bracket-spacing-check Introduce Libvirt Wireshark dissector Add sample output of Wireshark dissector Makefile.am | 3 +- cfg.mk | 10 +- configure.ac | 69 +- devtools/wireshark-dissector/Makefile.am | 28 + devtools/wireshark-dissector/README.md | 25 + .../samples/libvirt-sample.pdml | 7970 ++++++++++++++++++++ devtools/wireshark-dissector/src/.gitignore | 2 + devtools/wireshark-dissector/src/Makefile.am | 31 + devtools/wireshark-dissector/src/moduleinfo.h | 36 + devtools/wireshark-dissector/src/packet-libvirt.c | 512 ++ devtools/wireshark-dissector/src/packet-libvirt.h | 127 + devtools/wireshark-dissector/src/plugin.c | 27 + devtools/wireshark-dissector/util/genxdrstub.pl | 1009 +++ 13 files changed, 9842 insertions(+), 7 deletions(-) create mode 100644 devtools/wireshark-dissector/Makefile.am create mode 100644 devtools/wireshark-dissector/README.md create mode 100644 devtools/wireshark-dissector/samples/libvirt-sample.pdml create mode 100644 devtools/wireshark-dissector/src/.gitignore create mode 100644 devtools/wireshark-dissector/src/Makefile.am create mode 100644 devtools/wireshark-dissector/src/moduleinfo.h create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.c create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.h create mode 100644 devtools/wireshark-dissector/src/plugin.c create mode 100755 devtools/wireshark-dissector/util/genxdrstub.pl -- 1.8.1.5
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com> Files specified in VC_LIST_ALWAYS_EXCLUDE_REGEX should excluded from bracket-spacing-check too. --- cfg.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg.mk b/cfg.mk index e6584e8..3a31815 100644 --- a/cfg.mk +++ b/cfg.mk @@ -899,7 +899,7 @@ _autogen: syntax-check: $(top_srcdir)/HACKING bracket-spacing-check bracket-spacing-check: - $(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \ + $(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$' | grep -Ev -e '$(VC_LIST_ALWAYS_EXCLUDE_REGEX)'`; \ $(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \ { echo '$(ME): incorrect whitespace, see HACKING for rules' 1>&2; \ exit 1; } -- 1.8.1.5
On 18.09.2013 06:18, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Files specified in VC_LIST_ALWAYS_EXCLUDE_REGEX should excluded from bracket-spacing-check too. --- cfg.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cfg.mk b/cfg.mk index e6584e8..3a31815 100644 --- a/cfg.mk +++ b/cfg.mk @@ -899,7 +899,7 @@ _autogen: syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
bracket-spacing-check: - $(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \ + $(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$' | grep -Ev -e '$(VC_LIST_ALWAYS_EXCLUDE_REGEX)'`; \ $(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \ { echo '$(ME): incorrect whitespace, see HACKING for rules' 1>&2; \ exit 1; }
This shouldn't be needed. All the files in $VC_LIST_ALWAYS_EXCLUDE_REGEX should be excluded automatically. If not, then gnulib's broken. Michal
2013/9/18 Michal Privoznik <mprivozn@redhat.com>:
On 18.09.2013 06:18, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Files specified in VC_LIST_ALWAYS_EXCLUDE_REGEX should excluded from bracket-spacing-check too. --- cfg.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cfg.mk b/cfg.mk index e6584e8..3a31815 100644 --- a/cfg.mk +++ b/cfg.mk @@ -899,7 +899,7 @@ _autogen: syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
bracket-spacing-check: - $(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \ + $(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$' | grep -Ev -e '$(VC_LIST_ALWAYS_EXCLUDE_REGEX)'`; \ $(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \ { echo '$(ME): incorrect whitespace, see HACKING for rules' 1>&2; \ exit 1; }
This shouldn't be needed. All the files in $VC_LIST_ALWAYS_EXCLUDE_REGEX should be excluded automatically. If not, then gnulib's broken.
I don't believe that files in VC_LIST_ALWAYS_EXCLUDE_REGEX is excluded from bracket-spacing-check. bracket-spacing-check checks files in VC_LIST and VC_LIST is not applied any exclude filter.
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com> Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol. Added following files to build Wireshark dissector from libvirt source tree. * devtools/: New directory which tools for libvirt developers should be placed. * devtools/wireshark-dissector/*: Source tree of Wireshark dissector plugin. Added followings to configure.ac or Makefile.am. configure.ac * --with-wireshark-dissector: Enable support for building Wireshark dissector. * --with-ws-plugindir: Specify wireshark plugin directory that dissector will installed. * Added devtools/wireshark-dissector/{Makefile,src/Makefile} to AC_CONFIG_FILES. Makefile.am * Added devtools/wireshark-dissector/ to SUBDIR. --- Makefile.am | 3 +- cfg.mk | 8 +- configure.ac | 69 +- devtools/wireshark-dissector/Makefile.am | 28 + devtools/wireshark-dissector/README.md | 25 + devtools/wireshark-dissector/src/.gitignore | 2 + devtools/wireshark-dissector/src/Makefile.am | 31 + devtools/wireshark-dissector/src/moduleinfo.h | 36 + devtools/wireshark-dissector/src/packet-libvirt.c | 512 +++++++++++ devtools/wireshark-dissector/src/packet-libvirt.h | 127 +++ devtools/wireshark-dissector/src/plugin.c | 27 + devtools/wireshark-dissector/util/genxdrstub.pl | 1009 +++++++++++++++++++++ 12 files changed, 1871 insertions(+), 6 deletions(-) create mode 100644 devtools/wireshark-dissector/Makefile.am create mode 100644 devtools/wireshark-dissector/README.md create mode 100644 devtools/wireshark-dissector/src/.gitignore create mode 100644 devtools/wireshark-dissector/src/Makefile.am create mode 100644 devtools/wireshark-dissector/src/moduleinfo.h create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.c create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.h create mode 100644 devtools/wireshark-dissector/src/plugin.c create mode 100755 devtools/wireshark-dissector/util/genxdrstub.pl diff --git a/Makefile.am b/Makefile.am index 4e24ecf..2385b0c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -22,7 +22,8 @@ GENHTML = genhtml SUBDIRS = gnulib/lib include src daemon tools docs gnulib/tests \ python tests po examples/domain-events/events-c examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/python examples/apparmor \ - examples/xml/nwfilter examples/openauth examples/systemtap + examples/xml/nwfilter examples/openauth examples/systemtap \ + devtools/wireshark-dissector ACLOCAL_AMFLAGS = -I m4 -I gnulib/m4 diff --git a/cfg.mk b/cfg.mk index 3a31815..d169c51 100644 --- a/cfg.mk +++ b/cfg.mk @@ -90,7 +90,7 @@ endif # Files that should never cause syntax check failures. VC_LIST_ALWAYS_EXCLUDE_REGEX = \ - (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$ + (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po|devtools/wireshark-dissector/src/plugin.c)$$ # Functions like free() that are no-ops on NULL arguments. useless_free_options = \ @@ -969,7 +969,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \ ^src/rpc/gendispatch\.pl$$ exclude_file_name_regexp--sc_prohibit_nonreentrant = \ - ^((po|tests)/|docs/.*(py|html\.in)|run.in$$) + ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|devtools/wireshark-dissector/util/genxdrstub\.pl$$) exclude_file_name_regexp--sc_prohibit_raw_allocation = \ ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c)$$ @@ -980,7 +980,7 @@ exclude_file_name_regexp--sc_prohibit_readlink = \ exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$ exclude_file_name_regexp--sc_prohibit_sprintf = \ - ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$ + ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)|(devtools/wireshark-dissector/util/genxdrstub\.pl)$$ exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$ @@ -1013,7 +1013,7 @@ exclude_file_name_regexp--sc_correct_id_types = \ exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4 exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \ - ^src/internal\.h$$ + ^(src/internal\.h$$|devtools/wireshark-dissector/src/packet-libvirt.h$$) exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \ ^(python/|tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$) diff --git a/configure.ac b/configure.ac index 69a01ae..83c7de4 100644 --- a/configure.ac +++ b/configure.ac @@ -2561,6 +2561,67 @@ AM_CONDITIONAL([HAVE_LIBNL], [test "$have_libnl" = "yes"]) AC_SUBST([LIBNL_CFLAGS]) AC_SUBST([LIBNL_LIBS]) +dnl wireshark dissector + +AC_ARG_WITH([wireshark-dissector], [ + AS_HELP_STRING([--with-wireshark-dissector], [ + enable wireshark dissector plugin support @<:@default=no@:>@ + ])], + [ with_wireshark_dissector=$withval ], + [ with_wireshark_dissector=no ]) + +if test "$with_wireshark_dissector" != "no"; then + dnl Check for XDR headers existence + AC_CHECK_HEADERS([rpc/types.h]) + + dnl Check for glib-2.0 existence + PKG_CHECK_MODULES([GLIB], [glib-2.0]) + WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS `$PKG_CONFIG --cflags glib-2.0`" + + dnl Search for wireshark(or tshark) command + AC_PATH_PROG([WIRESHARK], [wireshark]) + AC_PATH_PROG([WIRESHARK], [tshark]) + if test -z "$WIRESHARK"; then + AC_MSG_ERROR([command not found wireshark or tshark]) + fi + + dnl Check for wireshark headers + save_CPPFLAGS="$CPPFLAGS" + WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS -I`dirname $WIRESHARK`/../include/wireshark" + CPPFLAGS="$CPPFLAGS $WS_DISSECTOR_CPPFLAGS" + AC_CHECK_HEADERS([wireshark/config.h],, [ + AC_MSG_ERROR([wireshark/config.h is required for wireshark-dissector support]) + ]) + AC_CHECK_HEADERS([wireshark/epan/packet.h wireshark/epan/dissectors/packet-tcp.h],, [ + AC_MSG_ERROR([wireshark/epan/{packet,packet-tcp}.h are required for wireshark-dissector support]) + ], [ + #include <wireshark/config.h> + ]) + CPPFLAGS="$save_CPPFLAGS" + + WS_DISSECTOR_PROTO_FILES='\ + $(top_srcdir)/src/remote/remote_protocol.x \ + $(top_srcdir)/src/remote/qemu_protocol.x \ + $(top_srcdir)/src/remote/lxc_protocol.x \ + $(top_srcdir)/src/rpc/virkeepaliveprotocol.x \ + ' + AC_SUBST([WS_DISSECTOR_PROTO_FILES]) + AC_SUBST([WS_DISSECTOR_CPPFLAGS]) +fi +AM_CONDITIONAL([WITH_WIRESHARK_DISSECTOR], [test "$with_wireshark_dissector" = "yes"]) + +AC_ARG_WITH([ws-plugindir], [ + AC_HELP_STRING([--with-ws-plugindir], [ + wireshark plugins directory that plugin will installed + ])], + [ ws_plugindir=$withval ]) + +if test "$with_wireshark_dissector" != "no" && test -z "$ws_plugindir"; then + ws_version=`$WIRESHARK -v | head -1 | cut -f 2 -d' '` + ws_plugindir=`dirname $WIRESHARK`/../lib/wireshark/plugins/$ws_version +fi +AC_SUBST([ws_plugindir]) + # Check for Linux vs. BSD ifreq members AC_CHECK_MEMBERS([struct ifreq.ifr_newname, struct ifreq.ifr_ifindex, @@ -2646,7 +2707,9 @@ AC_CONFIG_FILES([\ examples/python/Makefile \ examples/hellolibvirt/Makefile \ examples/systemtap/Makefile \ - examples/xml/nwfilter/Makefile]) + examples/xml/nwfilter/Makefile \ + devtools/wireshark-dissector/Makefile \ + devtools/wireshark-dissector/src/Makefile]) AC_OUTPUT AC_MSG_NOTICE([]) @@ -2806,6 +2869,10 @@ AC_MSG_NOTICE([ XML Catalog: $XML_CATALOG_FILE]) AC_MSG_NOTICE([ Init script: $with_init_script]) AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files]) AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Developer Tools]) +AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Wireshark dissector: $with_wireshark_dissector]) +AC_MSG_NOTICE([]) AC_MSG_NOTICE([Privileges]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([ QEMU: $QEMU_USER:$QEMU_GROUP]) diff --git a/devtools/wireshark-dissector/Makefile.am b/devtools/wireshark-dissector/Makefile.am new file mode 100644 index 0000000..6c535b5 --- /dev/null +++ b/devtools/wireshark-dissector/Makefile.am @@ -0,0 +1,28 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Yuto KAWAMURA(kawamuray) +if WITH_WIRESHARK_DISSECTOR +SUBDIRS = src + +# I think wireshark plugin is special case that doesn't need to install +# *.la(libtool archive) files. +# Maybe each plugin functionality should correspond to single file in +# plugins directory. So this hook keeps plugins directory clean. +install-exec-hook: + rm -f $(ws_plugindir)/libvirt.la +endif WITH_WIRESHARK_DISSECTOR diff --git a/devtools/wireshark-dissector/README.md b/devtools/wireshark-dissector/README.md new file mode 100644 index 0000000..e0ea522 --- /dev/null +++ b/devtools/wireshark-dissector/README.md @@ -0,0 +1,25 @@ +About +===== +This is the project of Google Summer of Code 2013 accepted by QEMU.org and libvirt community. +The goal of this project is, provide Wireshark dissector for Libvirt RPC protocol. It will provide Libvirt packet overview/detail analysing in Wireshark. Furthermore, it will be able to build(generated) from RPC protocol definition placed in Libvirt source tree to support latest protocol specification. + +See also: +- http://www.google-melange.com/gsoc/project/google/gsoc2013/kawamuray/7001 +- http://wiki.qemu.org/Features/LibvirtWiresharkDissector + +Installation +============= +Run ./configure with --with-wireshark-dissector option enabled. +Then dissector will compiled with libvirt itself. + +Add/Remove protocol from dissector's support +-------------------------------------------- +Modify xdr\_proto\_files in this directory. + +Changing installation directory +------------------------------- +You can change installation directory of pluggable shared object(libvirt.so) by specifying --with-ws-plugindir=<path>. + +You can install libvirt.so into your local wireshark plugin directory: + + ./configure --with-wireshark-dissector --with-ws-plugindir=$HOME/.wireshark/plugins diff --git a/devtools/wireshark-dissector/src/.gitignore b/devtools/wireshark-dissector/src/.gitignore new file mode 100644 index 0000000..cc78368 --- /dev/null +++ b/devtools/wireshark-dissector/src/.gitignore @@ -0,0 +1,2 @@ +*.so +*.o diff --git a/devtools/wireshark-dissector/src/Makefile.am b/devtools/wireshark-dissector/src/Makefile.am new file mode 100644 index 0000000..f409b2b --- /dev/null +++ b/devtools/wireshark-dissector/src/Makefile.am @@ -0,0 +1,31 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Yuto KAWAMURA(kawamuray) +ws_plugin_LTLIBRARIES = libvirt.la +libvirt_la_SOURCES = packet-libvirt.c plugin.c +libvirt_la_CPPFLAGS = $(WS_DISSECTOR_CPPFLAGS) +libvirt_la_LDFLAGS = -avoid-version + +packet-libvirt.c: packet-libvirt.h libvirt/protocol.h + +libvirt/protocol.h: $(srcdir)/../util/genxdrstub.pl $(WS_DISSECTOR_PROTO_FILES) + LIBVIRT_VERSION=$(LIBVIRT_VERSION) \ + $(PERL) $(srcdir)/../util/genxdrstub.pl $(WS_DISSECTOR_PROTO_FILES) + +clean-local: + -rm -rf libvirt/*.h diff --git a/devtools/wireshark-dissector/src/moduleinfo.h b/devtools/wireshark-dissector/src/moduleinfo.h new file mode 100644 index 0000000..11522e6 --- /dev/null +++ b/devtools/wireshark-dissector/src/moduleinfo.h @@ -0,0 +1,36 @@ +/* moduleinfo.h --- Define constants about wireshark plugin module + * + * Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * Author: Yuto KAWAMURA(kawamuray) <kawamuray.dadada gmail.com> + */ + +/* Included *after* config.h, in order to re-define these macros */ + +#ifdef PACKAGE +# undef PACKAGE +#endif + +/* Name of package */ +#define PACKAGE "libvirt" + + +#ifdef VERSION +# undef VERSION +#endif + +/* Version number of package */ +#define VERSION "0.0.1" diff --git a/devtools/wireshark-dissector/src/packet-libvirt.c b/devtools/wireshark-dissector/src/packet-libvirt.c new file mode 100644 index 0000000..1dd51a0 --- /dev/null +++ b/devtools/wireshark-dissector/src/packet-libvirt.c @@ -0,0 +1,512 @@ +/* packet-libvirt.c --- Libvirt packet dissector routines. + * + * Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * Authors: + * Michal Privoznik <mprivozn redhat com> + * Yuto KAWAMURA(kawamuray) <kawamuray.dadada gmail.com> + */ +#include <config.h> + +#include <wireshark/config.h> +#include <wireshark/epan/proto.h> +#include <wireshark/epan/packet.h> +#include <wireshark/epan/dissectors/packet-tcp.h> +#include <glib.h> +#include <glib/gprintf.h> +#ifdef HAVE_RPC_TYPES_H +# include <rpc/types.h> +#endif +#include <rpc/xdr.h> +#include "packet-libvirt.h" + +static int proto_libvirt = -1; +static int hf_libvirt_length = -1; +static int hf_libvirt_program = -1; +static int hf_libvirt_version = -1; +static int hf_libvirt_type = -1; +static int hf_libvirt_serial = -1; +static int hf_libvirt_status = -1; +static int hf_libvirt_stream = -1; +static int hf_libvirt_num_of_fds = -1; +static int hf_libvirt_unknown = -1; +static gint ett_libvirt = -1; + +#define XDR_PRIMITIVE_DISSECTOR(xtype, ctype, ftype) \ + static gboolean \ + dissect_xdr_##xtype(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) \ + { \ + goffset start; \ + ctype val; \ + start = xdr_getpos(xdrs); \ + if (xdr_##xtype(xdrs, &val)) { \ + proto_tree_add_##ftype(tree, hf, tvb, start, xdr_getpos(xdrs) - start, val); \ + return TRUE; \ + } else { \ + proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA); \ + return FALSE; \ + } \ + } + +XDR_PRIMITIVE_DISSECTOR(int, gint32, int) +XDR_PRIMITIVE_DISSECTOR(u_int, guint32, uint) +XDR_PRIMITIVE_DISSECTOR(short, gint16, int) +XDR_PRIMITIVE_DISSECTOR(u_short, guint16, uint) +XDR_PRIMITIVE_DISSECTOR(char, gchar, int) +XDR_PRIMITIVE_DISSECTOR(u_char, guchar, uint) +XDR_PRIMITIVE_DISSECTOR(hyper, gint64, int64) +XDR_PRIMITIVE_DISSECTOR(u_hyper, guint64, uint64) +XDR_PRIMITIVE_DISSECTOR(float, gfloat, float) +XDR_PRIMITIVE_DISSECTOR(double, gdouble, double) +XDR_PRIMITIVE_DISSECTOR(bool, bool_t, boolean) + +static gboolean +dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, + guint32 maxlen) +{ + goffset start; + gchar *val = NULL; + + start = xdr_getpos(xdrs); + if (xdr_string(xdrs, &val, maxlen)) { + proto_tree_add_string(tree, hf, tvb, start, xdr_getpos(xdrs) - start, val); + xdr_free((xdrproc_t)xdr_string, (char *)&val); + return TRUE; + } else { + proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA); + return FALSE; + } +} + +static gchar * +format_xdr_bytes(guint8 *bytes, guint32 length) +{ + gchar *buf; + guint32 i; + + if (length == 0) + return ""; + buf = ep_alloc(length*2 + 1); + for (i = 0; i < length; i++) { + /* We know that buf has enough size to contain + 2 * length + '\0' characters. */ + g_sprintf(buf, "%02x", bytes[i]); + buf += 2; + } + return buf - length*2; +} + +static gboolean +dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, + guint32 size) +{ + goffset start; + gboolean rc; + guint8 *val; + + val = g_malloc(size); + start = xdr_getpos(xdrs); + if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) { + proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start, + NULL, "%s", format_xdr_bytes(val, size)); + } else { + proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA); + } + + g_free(val); + return rc; +} + +static gboolean +dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, + guint32 maxlen) +{ + goffset start; + guint8 *val = NULL; + guint32 length; + + start = xdr_getpos(xdrs); + if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) { + proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start, + NULL, "%s", format_xdr_bytes(val, length)); + /* Seems I can't call xdr_free() for this case. + It will raises SEGV by referencing out of bounds argument stack */ + xdrs->x_op = XDR_FREE; + xdr_bytes(xdrs, (char **)&val, &length, maxlen); + xdrs->x_op = XDR_DECODE; + return TRUE; + } else { + proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA); + return FALSE; + } +} + +static gboolean +dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, + vir_xdr_dissector_t dissect) +{ + goffset start; + bool_t isnull; + + start = xdr_getpos(xdrs); + if (!xdr_bool(xdrs, &isnull)) { + proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA); + return FALSE; + } + if (isnull) { + proto_item *ti; + ti = proto_tree_add_item(tree, hf, tvb, start, xdr_getpos(xdrs) - start, ENC_NA); + proto_item_append_text(ti, ": (null)"); + return TRUE; + } else { + return dissect(tvb, tree, xdrs, hf); + } +} + +static gboolean +dissect_xdr_iterable(tvbuff_t *tvb, proto_item *ti, XDR *xdrs, gint ett, int rhf, + guint32 length, vir_xdr_dissector_t dissect, goffset start) +{ + proto_tree *tree; + guint32 i; + + tree = proto_item_add_subtree(ti, ett); + for (i = 0; i < length; i++) { + if (!dissect(tvb, tree, xdrs, rhf)) + return FALSE; + } + proto_item_set_len(ti, xdr_getpos(xdrs) - start); + return TRUE; +} + +static gboolean +dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett, + int rhf, gchar *rtype, guint32 size, vir_xdr_dissector_t dissect) +{ + goffset start; + proto_item *ti; + + start = xdr_getpos(xdrs); + ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA); + proto_item_append_text(ti, " :: %s[%u]", rtype, size); + return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, size, dissect, start); +} + +static gboolean +dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett, + int rhf, gchar *rtype, guint32 maxlen, vir_xdr_dissector_t dissect) +{ + goffset start; + proto_item *ti; + guint32 length; + + start = xdr_getpos(xdrs); + + if (!xdr_u_int(xdrs, &length)) + return FALSE; + if (length > maxlen) + return FALSE; + + ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA); + proto_item_append_text(ti, " :: %s<%u>", rtype, length); + return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, length, dissect, start); +} + +static vir_xdr_dissector_t +find_payload_dissector(guint32 proc, guint32 type, + const vir_dissector_index_t *pds, gsize length) +{ + const vir_dissector_index_t *pd; + guint32 first, last, direction; + + if (pds == NULL || length < 1) + return NULL; + + first = pds[0].proc; + last = pds[length-1].proc; + if (proc < first || proc > last) { + return NULL; + } + + pd = &pds[proc-first]; + /* There is no guarantee to proc numbers has no gap */ + if (pd->proc != proc) { + direction = (pd->proc < proc) ? 1 : -1; + while (pd->proc != proc) { + if (pd->proc == first || pd->proc == last) + return NULL; + pd += direction; + } + } + + switch (type) { + case VIR_NET_CALL: + case VIR_NET_CALL_WITH_FDS: + return pd->args; + case VIR_NET_REPLY: + case VIR_NET_REPLY_WITH_FDS: + return pd->ret; + case VIR_NET_MESSAGE: + return pd->msg; + } + return NULL; +} + +static void +dissect_libvirt_stream(tvbuff_t *tvb, proto_tree *tree, gint payload_length) +{ + proto_tree_add_item(tree, hf_libvirt_stream, tvb, VIR_HEADER_LEN, + payload_length - VIR_HEADER_LEN, ENC_NA); +} + +static gint32 +dissect_libvirt_num_of_fds(tvbuff_t *tvb, proto_tree *tree) +{ + gint32 nfds; + nfds = tvb_get_ntohl(tvb, VIR_HEADER_LEN); + proto_tree_add_int(tree, hf_libvirt_num_of_fds, tvb, VIR_HEADER_LEN, 4, nfds); + return nfds; +} + +static void +dissect_libvirt_fds(tvbuff_t *tvb, gint start, gint32 nfds) +{ + /* TODO: NOP for now */ +} + +static void +dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_length, + gint32 status, vir_xdr_dissector_t dissect) +{ + gint32 nfds = 0; + gint start = VIR_HEADER_LEN; + tvbuff_t *payload_tvb; + caddr_t payload_data; + XDR xdrs; + + if (status == VIR_NET_CALL_WITH_FDS || + status == VIR_NET_REPLY_WITH_FDS) { + nfds = dissect_libvirt_num_of_fds(tvb, tree); + start += 4; + payload_length -= 4; + } + + payload_tvb = tvb_new_subset(tvb, start, -1, payload_length); + payload_data = (caddr_t)tvb_memdup(payload_tvb, 0, payload_length); + xdrmem_create(&xdrs, payload_data, payload_length, XDR_DECODE); + + dissect(payload_tvb, tree, &xdrs, -1); + + xdr_destroy(&xdrs); + g_free(payload_data); + + if (nfds != 0) { + dissect_libvirt_fds(tvb, start + payload_length, nfds); + } +} + +static void +dissect_libvirt_payload(tvbuff_t *tvb, proto_tree *tree, + guint32 prog, guint32 proc, guint32 type, guint32 status) +{ + gssize payload_length; + + payload_length = tvb_length(tvb) - VIR_HEADER_LEN; + if (payload_length <= 0) + return; /* No payload */ + + if (status == VIR_NET_OK) { + vir_xdr_dissector_t xd = find_payload_dissector(proc, type, get_program_data(prog, VIR_PROGRAM_DISSECTORS), + *(gsize *)get_program_data(prog, VIR_PROGRAM_DISSECTORS_LEN)); + if (xd == NULL) + goto unknown; + dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, xd); + } else if (status == VIR_NET_ERROR) { + dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, VIR_ERROR_MESSAGE_DISSECTOR); + } else if (type == VIR_NET_STREAM) { /* implicitly, status == VIR_NET_CONTINUE */ + dissect_libvirt_stream(tvb, tree, payload_length); + } else { + goto unknown; + } + return; + +unknown: + dbg("Cannot determine payload: Prog=%u, Proc=%u, Type=%u, Status=%u", prog, proc, type, status); + proto_tree_add_item(tree, hf_libvirt_unknown, tvb, VIR_HEADER_LEN, -1, ENC_NA); +} + +static void +dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + goffset offset; + guint32 prog, proc, type, serial, status; + const value_string *vs; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt"); + col_clear(pinfo->cinfo, COL_INFO); + + offset = 4; /* End of length field */ + prog = tvb_get_ntohl(tvb, offset); offset += 4; + offset += 4; /* Ignore version header field */ + proc = tvb_get_ntohl(tvb, offset); offset += 4; + type = tvb_get_ntohl(tvb, offset); offset += 4; + serial = tvb_get_ntohl(tvb, offset); offset += 4; + status = tvb_get_ntohl(tvb, offset); offset += 4; + + col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s", + val_to_str(prog, program_strings, "%x")); + + vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS); + if (vs == NULL) { + col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%u", proc); + } else { + col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d")); + } + + col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s", + val_to_str(type, type_strings, "%d"), serial, + val_to_str(status, status_strings, "%d")); + + if (tree) { + gint hf_proc; + proto_item *ti; + proto_tree *libvirt_tree; + + ti = proto_tree_add_item(tree, proto_libvirt, tvb, 0, tvb_length(tvb), ENC_NA); + libvirt_tree = proto_item_add_subtree(ti, ett_libvirt); + + offset = 0; + proto_tree_add_item(libvirt_tree, hf_libvirt_length, tvb, offset, 4, ENC_NA); offset += 4; + proto_tree_add_item(libvirt_tree, hf_libvirt_program, tvb, offset, 4, ENC_NA); offset += 4; + proto_tree_add_item(libvirt_tree, hf_libvirt_version, tvb, offset, 4, ENC_NA); offset += 4; + + hf_proc = *(int *)get_program_data(prog, VIR_PROGRAM_PROCHFVAR); + if (hf_proc == -1) { + proto_tree_add_none_format(libvirt_tree, -1, tvb, offset, 4, "Unknown proc: %u", proc); + } else { + proto_tree_add_item(libvirt_tree, hf_proc, tvb, offset, 4, ENC_NA); + } + offset += 4; + + proto_tree_add_item(libvirt_tree, hf_libvirt_type, tvb, offset, 4, ENC_NA); offset += 4; + proto_tree_add_item(libvirt_tree, hf_libvirt_serial, tvb, offset, 4, ENC_NA); offset += 4; + proto_tree_add_item(libvirt_tree, hf_libvirt_status, tvb, offset, 4, ENC_NA); offset += 4; + + /* Dissect payload remaining */ + dissect_libvirt_payload(tvb, libvirt_tree, prog, proc, type, status); + } +} + +static guint32 +get_message_len(packet_info *pinfo __attribute__((unused)), tvbuff_t *tvb, int offset) +{ + return tvb_get_ntohl(tvb, offset); +} + +static void +dissect_libvirt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + /* Another magic const - 4; simply, how much bytes + * is needed to tell the length of libvirt packet. */ + tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_message_len, dissect_libvirt_message); +} + +void +proto_register_libvirt(void) +{ + static hf_register_info hf[] = { + { &hf_libvirt_length, + { "length", "libvirt.length", + FT_UINT32, BASE_DEC, + NULL, 0x0, + NULL, HFILL} + }, + { &hf_libvirt_program, + { "program", "libvirt.program", + FT_UINT32, BASE_HEX, + VALS(program_strings), 0x0, + NULL, HFILL} + }, + { &hf_libvirt_version, + { "version", "libvirt.version", + FT_UINT32, BASE_DEC, + NULL, 0x0, + NULL, HFILL} + }, + { &hf_libvirt_type, + { "type", "libvirt.type", + FT_INT32, BASE_DEC, + VALS(type_strings), 0x0, + NULL, HFILL} + }, + { &hf_libvirt_serial, + { "serial", "libvirt.serial", + FT_UINT32, BASE_DEC, + NULL, 0x0, + NULL, HFILL} + }, + { &hf_libvirt_status, + { "status", "libvirt.status", + FT_INT32, BASE_DEC, + VALS(status_strings), 0x0, + NULL, HFILL} + }, + + VIR_DYNAMIC_HFSET + + { &hf_libvirt_stream, + { "stream", "libvirt.stream", + FT_BYTES, BASE_NONE, + NULL, 0x0, + NULL, HFILL} + }, + { &hf_libvirt_num_of_fds, + { "num_of_fds", "libvirt.num_of_fds", + FT_INT32, BASE_DEC, + NULL, 0x0, + NULL, HFILL} + }, + { &hf_libvirt_unknown, + { "unknown", "libvirt.unknown", + FT_BYTES, BASE_NONE, + NULL, 0x0, + NULL, HFILL} + }, + }; + + static gint *ett[] = { + VIR_DYNAMIC_ETTSET + &ett_libvirt + }; + + proto_libvirt = proto_register_protocol( + "Libvirt", /* name */ + "libvirt", /* short name */ + "libvirt" /* abbrev */ + ); + + proto_register_field_array(proto_libvirt, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void +proto_reg_handoff_libvirt(void) +{ + static dissector_handle_t libvirt_handle; + + libvirt_handle = create_dissector_handle(dissect_libvirt, proto_libvirt); + dissector_add_uint("tcp.port", LIBVIRT_PORT, libvirt_handle); +} diff --git a/devtools/wireshark-dissector/src/packet-libvirt.h b/devtools/wireshark-dissector/src/packet-libvirt.h new file mode 100644 index 0000000..98e24a3 --- /dev/null +++ b/devtools/wireshark-dissector/src/packet-libvirt.h @@ -0,0 +1,127 @@ +/* packet-libvirt.h --- Libvirt packet dissector header file. + * + * Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * Author: Yuto KAWAMURA(kawamuray) + */ +#ifndef _PACKET_LIBVIRT_H_ +# define _PACKET_LIBVIRT_H_ + +# ifndef LIBVIRT_PORT +# define LIBVIRT_PORT 16509 +# endif + +# define VIR_HEADER_LEN 28 + +# ifdef DEBUG +# define dbg(fmt, ...) \ + g_print("[LIBVIRT] " fmt " at " __FILE__ " line %d\n", ##__VA_ARGS__, __LINE__) +# else +# define dbg(fmt, ...) +# endif + +typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); + +typedef struct vir_dissector_index vir_dissector_index_t; +struct vir_dissector_index { + guint32 proc; + vir_xdr_dissector_t args; + vir_xdr_dissector_t ret; + vir_xdr_dissector_t msg; +}; + +enum vir_net_message_type { + VIR_NET_CALL = 0, + VIR_NET_REPLY = 1, + VIR_NET_MESSAGE = 2, + VIR_NET_STREAM = 3, + VIR_NET_CALL_WITH_FDS = 4, + VIR_NET_REPLY_WITH_FDS = 5, +}; + +enum vir_net_message_status { + VIR_NET_OK = 0, + VIR_NET_ERROR = 1, + VIR_NET_CONTINUE = 2, +}; + +enum vir_program_data_index { + VIR_PROGRAM_PROCHFVAR, + VIR_PROGRAM_PROCSTRINGS, + VIR_PROGRAM_DISSECTORS, + VIR_PROGRAM_DISSECTORS_LEN, + VIR_PROGRAM_LAST, +}; + +static const value_string type_strings[] = { + { VIR_NET_CALL, "CALL" }, + { VIR_NET_REPLY, "REPLY" }, + { VIR_NET_MESSAGE, "MESSAGE" }, + { VIR_NET_STREAM, "STREAM" }, + { VIR_NET_CALL_WITH_FDS, "CALL_WITH_FDS" }, + { VIR_NET_REPLY_WITH_FDS, "REPLY_WITH_FDS" }, + { -1, NULL } +}; + +static const value_string status_strings[] = { + { VIR_NET_OK, "OK" }, + { VIR_NET_ERROR, "ERROR" }, + { VIR_NET_CONTINUE, "CONTINUE" }, + { -1, NULL } +}; + +/* TODO: These symbols will automatically included in generated headers in the feature */ +# define VIR_SECURITY_MODEL_BUFLEN (256 + 1) +# define VIR_SECURITY_LABEL_BUFLEN (4096 + 1) +# define VIR_SECURITY_DOI_BUFLEN (256 + 1) +# define VIR_UUID_BUFLEN (16) +enum { + VIR_TYPED_PARAM_INT = 1, /* integer case */ + VIR_TYPED_PARAM_UINT = 2, /* unsigned integer case */ + VIR_TYPED_PARAM_LLONG = 3, /* long long case */ + VIR_TYPED_PARAM_ULLONG = 4, /* unsigned long long case */ + VIR_TYPED_PARAM_DOUBLE = 5, /* double case */ + VIR_TYPED_PARAM_BOOLEAN = 6, /* boolean(character) case */ + VIR_TYPED_PARAM_STRING = 7, /* string case */ +}; +/* / */ + +# define VIR_ERROR_MESSAGE_DISSECTOR dissect_xdr_remote_error + +static gboolean dissect_xdr_int(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_u_int(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_short(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_u_short(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_char(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_u_char(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_hyper(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_u_hyper(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_float(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_double(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_bool(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf); +static gboolean dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, guint32 maxlen); +static gboolean dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, guint32 size); +static gboolean dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, guint32 maxlen); +static gboolean dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, + vir_xdr_dissector_t dp); +static gboolean dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett, + int rhf, gchar *rtype, guint32 size, vir_xdr_dissector_t dp); +static gboolean dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett, + int rhf, gchar *rtype, guint32 maxlen, vir_xdr_dissector_t dp); + +# include "libvirt/protocol.h" + +#endif /* _PACKET_LIBVIRT_H_ */ diff --git a/devtools/wireshark-dissector/src/plugin.c b/devtools/wireshark-dissector/src/plugin.c new file mode 100644 index 0000000..0128e37 --- /dev/null +++ b/devtools/wireshark-dissector/src/plugin.c @@ -0,0 +1,27 @@ +/* Do not modify this file. */ +/* It is created automatically by the Makefile. */ +#include "config.h" + +#include <gmodule.h> + +#include "moduleinfo.h" +/* plugins are DLLs */ +#define WS_BUILD_DLL +#include "ws_symbol_export.h" + +#ifndef ENABLE_STATIC +WS_DLL_PUBLIC_NOEXTERN const gchar version[] = VERSION; + +/* Start the functions we need for the plugin stuff */ + +WS_DLL_PUBLIC_NOEXTERN void +plugin_register (void) +{ + {extern void proto_register_libvirt (void); proto_register_libvirt ();} +} +WS_DLL_PUBLIC_NOEXTERN void +plugin_reg_handoff(void) +{ + {extern void proto_reg_handoff_libvirt (void); proto_reg_handoff_libvirt ();} +} +#endif diff --git a/devtools/wireshark-dissector/util/genxdrstub.pl b/devtools/wireshark-dissector/util/genxdrstub.pl new file mode 100755 index 0000000..e3448db --- /dev/null +++ b/devtools/wireshark-dissector/util/genxdrstub.pl @@ -0,0 +1,1009 @@ +#!/usr/bin/env perl +# genxdrstub.pl --- Generate C header file which used by packet-libvirt.[ch] +# +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Yuto KAWAMURA(kawamuray) +# +# For XDR syntax, see http://tools.ietf.org/html/rfc4506#section-6.3 +# This script does not strictly check syntax of xdr protocol specification. +# Make sure the specification files you have are correctly compilable with rpcgen(1). +# If something fails with this script in spite of you had confirmed that the `make' with libvirt was succeed, +# please report your error output to kawamuray<kawamuray.dadada@gmail.com>. +use strict; +use warnings; +use File::Spec; + +my $DEBUG = 0; # Enable if you want to see debug output +sub dbg { print STDERR @_ if $DEBUG } + +die "ERROR: No arguments" unless @ARGV; + +# Context object referenced from entire this script +my $c = Context->new; + +for my $proto (@ARGV) { + # We need to do this heuristic parsing to determine + # variable name of enum <protocol>_procedures. + my ($name) = $proto =~ m{(?:vir)?([^/]+?)_?protocol\.x$}; + unless ($name) { + warn "WARNING: Cannot extract protocol name from $proto, skipping."; + next; + } + $c->add_to_set(progs => $name); + + my $source; + { + open my $fh, '<', $proto + or die "Cannot open $proto: $!"; + local $/; + $source = <$fh>; + close $fh; + } + + $c->add_header_file($name, sub { + dbg "*** Start parsing $proto\n"; + my @lexs = Lexicalizer->parse($source); + for my $lex (@lexs) { + next if $lex->ident eq "enum $name\_procedure"; + + if ($lex->isa('Sym::Variable')) { + $c->print(sprintf "#define %s (%s)\n", $lex->ident, $lex->value); + } elsif ($lex->isa('Sym::Type')) { + # Top level of name path is type identification of itself + $lex->define_dissector($lex->idstrip); + } else { + die "Unkown lexical appeared: $lex"; + } + } + + my $procs = $c->symbol("enum $name\_procedure") + or die "Cannot find procedures enumeration: enum $name\_procedure"; + # Procedure numbers are expected to be containing gaps, but needed to be sorted in ascending order. + my @procedures = sort { $a->value <=> $b->value } @{ $procs->members }; + my @dissectors = map { + (my $ident = lc($_->ident)) =~ s/^$name\_proc/$name/; + +{ + value => $_->value, + map { $_ => $c->rinc($c->symbols->{"$ident\_$_"} ? "dissect_xdr_$ident\_$_" : 'NULL') } + qw{ args ret msg } + }; + } @procedures; + $c->print(PT->render('code.dissectorlist', { + name => $name, + dissectors => \@dissectors, + })); + $c->print(PT->render('code.procedure_strings', { + name => $name, + procedures => \@procedures, + })); + }); +} + +$c->add_header_file('protocol', sub { + for my $prog (@{ $c->get_set('progs') }) { + $c->print("#include \"libvirt/$prog.h\"\n"); + } + + # hf_ variables set + $c->print(PT->render('macro.hfvars', { + programs => $c->get_set('progs'), + hfvars => [ grep $_->{segment}{refcnt}, @{ $c->get_set('hfvars') } ], + })); + # ett_ variables set + $c->print(PT->render('macro.ettvars', { + ettvars => [ map $_->{sym}, grep $_->{refcnt}, @{ $c->get_set('ettvars') } ], + })); + # value_string program_strings + $c->print(PT->render('code.program_strings', { programs => $c->get_set('progs') })); + $c->print("static int hf_$_\_procedure = -1;\n") for @{ $c->get_set('progs') }; + $c->print(PT->render('code.program_data', { programs => $c->get_set('progs') })); +}); + +$c->finalize; exit 0; + +# Used for handy class building +sub register_profile { + my %prof = @_; + my $caller = caller; + no strict 'refs'; + if ($prof{isa}) { + push @{ "$caller\::ISA" }, $prof{isa}; + } + while (my ($name, $v) = each %{ $prof{consts} || {} }) { + *{ "$caller\::$name" } = sub { $v }; + } + for my $attr (@{ $prof{attrs} || [] }) { + *{ "$caller\::$attr" } = sub { + if (@_ > 1) { $_[0]->{$attr} = $_[1]; $_[0] } + else { $_[0]->{$attr} } + }; + } + while (my ($klass, $meths) = each %{ $prof{roles} || {} }) { + for my $meth (@$meths) { + # This assignment cannot be like: *{ "$caller\::$meth" } = \&{ "$klass\::$meth" }. + # "$klass\::$meth" maybe not defined yet(e.g. Methods defined by PT) + *{ "$caller\::$meth" } = sub { goto &{ "$klass\::$meth" } }; + } + } +} + +# Minimal template engine for code generating +package PT; # is PicoTemplate +use Carp; +our $Token; +our %Templates; +INIT { # Load templates from __END__ section + $Token = join '', map { chr(65 + rand(26)) } 1..64; + my $current; + while (my $l = <main::DATA>) { + if ($l =~ /^\@\@\s*(.+)/) { + $current = \($Templates{$1} = ''); + } else { + $$current .= $l if $current; + } + } + for my $name (keys %Templates) { + $Templates{$name} = __PACKAGE__->compile($Templates{$name}); + if ($name =~ /^([\w:]+)#([^#]+)$/) { + no strict 'refs'; + my $meth = "$1\::$2"; + unless (defined &$meth) { + *$meth = $Templates{$name}; + } + } + } +} +sub compile { + my ($class, $tmpl) = @_; + + $tmpl =~ s{<%(=)?(.*?)%>\n?|((?:(?!<%).)+)}{ + $2 ? $1 ? "\$$Token .= qq{\@{[do{ $2 }]}};" : $2 + : "\$$Token .= substr <<$Token, 0, -1;\n".quotemeta($3)."\n$Token\n"; + }gse; + eval "sub { my \$$Token = ''; $tmpl \$$Token }" + or croak "ERROR: Cannot compile template: $@"; +} +sub render { + my ($class, $name, $vars, @args) = @_; + local $_ = $vars || {}; + my $renderer = $Templates{$name} + or die "No such template: $name"; + $renderer->(@args); +} +# / package PT + +package Sym; +BEGIN{::register_profile( + attrs => [qw[ ident ]], +)} + +sub new { + my ($class, %args) = @_; + + CORE::bless \%args, $class; +} + +sub bless { + my ($self, $klass) = @_; + + CORE::bless $self, "Sym::$klass" + if ref($self) ne "Sym::$klass"; + $self; +} + +sub idstrip { + my $ident = shift()->ident; + $ident =~ s/^(?:struct|enum|union)\s+// if $ident; + $ident; +} +# / package Sym + +package Sym::Type; +BEGIN{::register_profile( + isa => 'Sym', + attrs => [qw[ alias ]], +)} + +sub is_primitive { !(shift)->alias } + +sub dealias { + my ($self) = @_; + + $self->is_primitive ? $self : $self->alias->dealias; +} + +sub xdr_type { + my ($self) = @_; + + if (!$self->is_primitive) { + return $self->dealias->xdr_type; + } + + my $type = ref $self; + if ($type eq __PACKAGE__) { + $type = $self->ident; + } else { + $type =~ s/^.*:://; + } + uc($type); +} + +sub render_caller { + my ($self, $hfid) = @_; + my $name = $c->rinc( 'dissect_xdr_'.($self->idstrip || lc($self->xdr_type)) ); + "$name(tvb, tree, xdrs, hf)"; +} + +sub ft_type { + my ($self) = @_; + return $self->dealias->ft_type unless $self->is_primitive; + my $xt = $self->xdr_type; + +{ + INT => 'INT32', + U_INT => 'UINT32', + SHORT => 'INT16', + U_SHORT => 'UINT16', + CHAR => 'INT8', + U_CHAR => 'UINT8', + HYPER => 'INT64', + U_HYPER => 'UINT64', + BOOL => 'BOOLEAN', + }->{$xt} || $xt; +} + +sub hf_base { + my ($self) = @_; + $self->is_primitive + ? $self->ft_type =~ /INT/ ? 'DEC' : 'NONE' + : $self->dealias->hf_base; +} + +sub define_dissector { + my ($self, @path) = @_; + $self->declare_hfvar(@path); + my $path = join '__', @path; + my $code = $self->render_dissector($path); + $c->print({ sym => "dissect_xdr_$path", body => $code }) + if $code; +} + +sub declare_hfvar { + my ($self, @path) = @_; + my $path = join '__', @path; + $c->add_to_set(hfvars => { + segment => $c->print({ + sym => "hf_$path", + body => "static int hf_$path = -1;\n" + }), + name => $path[-1], + abbrev => join('.', @path), + ft_type => $self->ft_type, + hf_base => $self->hf_base, + }); +} +# / package Sym + +package Sym::Type::HasAnonTypes; # Types which possibly have anonymous subtypes +BEGIN{::register_profile( + isa => 'Sym::Type', +)} + +sub declare_anontypes { + my ($self, @path) = @_; + + for my $m (@{ $self->members }) { + unless (defined $m->type->ident) { + $m->type->ident(join '__', @path, $m->ident); + } + $m->type->define_dissector(@path, $m->ident); + } +} + +sub define_dissector { + my ($self, @path) = @_; + + $self->declare_anontypes(@path); + $self->SUPER::define_dissector(@path); +} + +package Sym::Type::HasSubtree; # Types which should be declare ett variables + +sub declare_ettvar { + my ($self) = @_; + my $ettvar = 'ett_'.$self->idstrip; + $c->add_to_set(ettvars => $c->print({ + sym => $ettvar, + body => "static gint $ettvar = -1;\n", + })); +} + +package Sym::Type::HasReference; # Types which references subtype +BEGIN{::register_profile( + attrs => [qw[ reftype ]], + consts => { ft_type => 'NONE' }, +)} + +sub render_caller { + my ($self) = @_; + my ($klass) = ref($self) =~ /([^:]+)$/; + sprintf '%s(tvb, tree, xdrs, hf, %s)', + $c->rinc('dissect_xdr_'.lc($klass)), + $c->rinc('dissect_xdr_'.$self->reftype->idstrip); +} + +package Sym::Type::HasLength; # Types which has length attribute +BEGIN{::register_profile( + attrs => [qw[ length ]], + consts => { ft_type => 'NONE' }, +)} + +sub render_caller { + my ($self, $hfid) = @_; + my ($klass) = ref($self) =~ /([^:]+)$/; + sprintf '%s(tvb, tree, xdrs, hf, %s)', + $c->rinc('dissect_xdr_'.lc($klass)), $self->length || '~0'; +} + +package Sym::Type::Struct; +BEGIN{::register_profile( + isa => 'Sym::Type', + attrs => [qw[ members ]], + consts => { ft_type => 'NONE' }, + roles => { + 'Sym::Type::HasAnonTypes' => [qw[ declare_anontypes ]], + 'Sym::Type::HasSubtree' => [qw[ declare_ettvar ]], + }, +)} + +sub define_dissector { + my ($self, @path) = @_; + $self->declare_anontypes(@path); + $self->declare_ettvar; + $self->SUPER::define_dissector(@path); +} + +package Sym::Type::Enum; +BEGIN{::register_profile( + isa => 'Sym::Type', + attrs => [qw[ members ]], + consts => { ft_type => 'UINT32' }, +)} +package Sym::Type::Union; +BEGIN{::register_profile( + isa => 'Sym::Type', + attrs => [qw[ decl case_specs ]], + consts => { ft_type => 'NONE' }, + roles => { + 'Sym::Type::HasAnonTypes' => [qw[ declare_anontypes define_dissector ]], + }, +)} +sub members { + my ($self) = @_; + [ map { $_->[1] } @{ $self->case_specs } ]; +} + +package Sym::Type::String; +BEGIN{::register_profile( + isa => 'Sym::Type', + consts => { ft_type => 'STRING' }, + roles => { + 'Sym::Type::HasLength' => [qw[ length render_caller ]], + }, +)} +package Sym::Type::Opaque; +BEGIN{::register_profile( + isa => 'Sym::Type', + consts => { ft_type => 'BYTES' }, + roles => { + 'Sym::Type::HasLength' => [qw[ length render_caller ]], + }, +)} +package Sym::Type::Bytes; +BEGIN{::register_profile( + isa => 'Sym::Type', + consts => { ft_type => 'BYTES' }, + roles => { + 'Sym::Type::HasLength' => [qw[ length render_caller ]], + }, +)} +package Sym::Type::Pointer; +BEGIN{::register_profile( + isa => 'Sym::Type', + roles => { + 'Sym::Type::HasReference' => [qw[ reftype ft_type render_caller ]], + }, +)} +package Sym::Type::Array; # a.k.a Variable-Length Array +BEGIN{::register_profile( + isa => 'Sym::Type', + roles => { + 'Sym::Type::HasLength' => [qw[ length ft_type ]], + 'Sym::Type::HasReference' => [qw[ reftype ]], + 'Sym::Type::HasSubtree' => [qw[ declare_ettvar ]], + }, +)} + +sub render_caller { + my ($self, $hfid) = @_; + my ($pname) = reverse split /__/, $hfid; + sprintf 'dissect_xdr_array(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)', + $c->rinc('ett_'.$self->idstrip), + $c->rinc("hf_$hfid\__$pname"), + $self->reftype->idstrip, + $self->length || '~0', + $c->rinc('dissect_xdr_'.$self->reftype->idstrip); +} + +sub define_dissector { + my ($self, @path) = @_; + $self->reftype->declare_hfvar(@path, $path[-1]); + $self->declare_ettvar; + $self->SUPER::define_dissector(@path); +} + +package Sym::Type::Vector; # a.k.a Fixed-Length Array +BEGIN{::register_profile( + isa => 'Sym::Type', + roles => { + 'Sym::Type::HasLength' => [qw[ length ft_type ]], + 'Sym::Type::HasReference' => [qw[ reftype ]], + 'Sym::Type::Array' => [qw[ define_dissector ]], + 'Sym::Type::HasSubtree' => [qw[ declare_ettvar ]], + }, +)} + +sub render_caller { + my ($self, $hfid) = @_; + my ($pname) = reverse split /__/, $hfid; + sprintf 'dissect_xdr_vector(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)', + $c->rinc('ett_'.$self->idstrip), + $c->rinc("hf_$hfid\__$pname"), + $self->reftype->idstrip, + $self->length || '~0', + $c->rinc('dissect_xdr_'.$self->reftype->idstrip); +} + +package Sym::Variable; +BEGIN{::register_profile( + isa => 'Sym', + attrs => [qw[ type value ]], +)} + +package Context; +BEGIN{::register_profile( + attrs => [qw[ symbols ]], +)} + +sub new { + my ($class) = @_; + + bless { + symbols => {}, + segments => {}, + }, $class; +} + +sub symbol { + my ($self, $ident) = @_; + my $sym = $self->symbols->{$ident} ||= Sym->new; + $sym->ident($ident); + # In XDR syntax specification, defining struct/enum/union will automatically + # create alias having symbol which excludes its prefix type specifier. + # e.g: + # struct foo { int bar; }; will convert to: + # struct foo { int bar; }; typedef struct foo foo; + if ($ident =~ s/^(?:struct|enum|union)\s+//) { + $self->symbol($ident)->bless('Type')->alias($sym); + } + $sym; +} + +sub add_to_set { + my ($self, $set, @elems) = @_; + $self->{sets} ||= {}; + $self->{sets}{$set} ||= []; + push @{ $self->{sets}{$set} }, @elems; +} + +sub get_set { + my ($self, $set) = @_; + $self->{sets}{$set} || []; +} + +# $c->print(...string...); # Does work as regular 'print' +# $c->print({ sym => symbol, body => ...string... }); +# Does treat segment as code block should be referenced. +# It will not printed unless it is referenced from other code by $c->rinc(); +sub print { + my $self = shift; + my $content; + if (ref $_[0]) { + $content = $self->{segments}{ $_[0]{sym} } ||= $_[0]; + $content->{refcnt} //= 0; + $content->{body} = $_[0]{body}; + } else { + $content = join '', @_; + } + push @{ $self->{header_contents} }, $content; + $content; +} + +sub rinc { + my ($self, $sym) = @_; + ($self->{segments}{$sym} ||= { sym => $sym, refcnt => 0 })->{refcnt}++; + $sym; +} + +sub add_header_file { + my ($self, $name, $block) = @_; + + $self->{headers} ||= []; + + local $self->{header_contents} = []; + $self->print("/* *DO NOT MODIFY* this file directly. \n"); + $self->print(" * This file was generated by $0 from libvirt version $ENV{LIBVIRT_VERSION} */\n"); + my $ucname = uc $name; + $self->print("#ifndef _$ucname\_H_\n"); + $self->print("#define _$ucname\_H_\n"); + $block->(); + $self->print("#endif /* _$ucname\_H_ */"); + push @{ $self->{headers} }, [ $name, delete $self->{header_contents} ]; +} + +sub finalize { + my ($self) = @_; + + # Referenced from macro defined in packet-libvirt.h + $self->rinc('dissect_xdr_remote_error'); + + for my $header (@{ $self->{headers} || [] }) { + my ($name, $contents) = @$header; + my $file = File::Spec->catfile($ENV{PWD}, 'libvirt', "$name.h"); + open my $fh, '>', $file + or die "Cannot open file $file: $!"; + CORE::print $fh map { ref($_) ? ($_->{refcnt} ? $_->{body} : ()) : $_ } @$contents; + CORE::print $fh "\n"; + close $fh; + } +} +# / package Context + +package Lexicalizer; +our $Depth; + +INIT { # Wrap all lexicalizer subroutine by debugger function + $Depth = 0; + no strict 'refs'; + no warnings 'redefine'; + for my $name (keys %{ __PACKAGE__.'::' }) { + next if $name =~ /^(?:parse|adv)$/; + my $fullname = __PACKAGE__."::$name"; + next unless defined &$fullname; + my $sub = \&$fullname; + *$fullname = sub { + my (undef, undef, $line) = caller; + ::dbg ' 'x($Depth*2), "$name L$line", "\n"; + local $Depth = $Depth + 1; + $sub->(@_); + }; + } +} + +# Check if passed regexp does match to next token and advance position. +# Return matched string if matched. Die else. +sub adv { + my ($rx) = @_; + ::dbg ' 'x($Depth*2+1), "- adv( $rx ) = "; + # Remove Comments Comments C++ style, PP directives + s{\A(?:\s*(?:/\*.*?\*/|(?://|%).*?(?:\n+|\z)))*\s*}{}s; + if (s/^(?:$rx)//s) { + ::dbg "'$&'\n"; + return $&; + } + ::dbg "UNMATCH\n"; + die; +} + +sub lexor { + my $snapshot = $_; + while (my $handler = shift) { + my $ret = eval { $handler->() }; + if (defined $ret) { + return $ret; + } + $_ = $snapshot; + } + die; +} + +sub decimal_constant { + adv '\-?[0-9]+'; +} + +sub hexadecimal_constant { + adv '\-?0x[0-9A-Fa-f]+'; +} + +sub octal_constant { + adv '\-?0[0-9]+'; +} + +sub constant { + lexor \&hexadecimal_constant, \&octal_constant, \&decimal_constant; +} + +sub identifier { + adv '[_a-zA-Z][_a-zA-Z0-9]*'; +} + +sub value { + lexor \&constant, \&identifier; +} + +sub enum_type_spec { + adv 'enum'; + my $body = lexor \&enum_body, \&identifier; + if (ref $body eq 'ARRAY') { + Sym::Type::Enum->new(members => $body); + } else { + $c->symbol("enum $body")->bless('Type::Enum'); + } +} + +sub enum_body { + adv '{'; + my @members; + do { + my $ident = identifier(); + adv '='; + my $value = value(); + push @members, $c->symbol($ident)->bless('Variable')->value($value); + } while adv('[},]') eq ','; + \@members; +} + +sub struct_type_spec { + adv 'struct'; + my $body = lexor \&struct_body, \&identifier; + if (ref $body eq 'ARRAY') { + Sym::Type::Struct->new(members => $body); + } else { + $c->symbol("struct $body")->bless('Type::Struct'); + } +} + +sub struct_body { + adv '{'; + local $c->{symbols} = { %{ $c->{symbols} } }; + my @members; + while (my $decl = lexor \&declaration, sub { adv('}') }) { + last if $decl eq '}'; + adv ';'; + push @members, $decl; + } + \@members; +} + +sub case_spec { + my @cases; + while (my $case = eval { adv 'case' }) { + push @cases, value(); + adv ':'; + } + my $decl = declaration(); + adv ';'; + [ \@cases, $decl ]; +} + +sub union_type_spec { + adv 'union'; + local $c->{symbols} = { %{ $c->{symbols} } }; + my $body = lexor \&union_body, \&identifier; + if (ref $body eq 'ARRAY') { + Sym::Type::Union->new(decl => $body->[0], case_specs => $body->[1]); + } else { + $c->symbol("union $body")->bless('Type::Union'); + } +} + +sub union_body { + adv 'switch'; adv '\('; + my $decl = declaration(); + adv '\)'; adv '{'; + my @case_specs; + while (my $spec = eval { case_spec() }) { + push @case_specs, $spec; + } + # TODO: parse default + adv '}'; + [ $decl, \@case_specs ]; +} + +sub constant_def { + adv 'const'; + my $ident = identifier(); + adv '='; + my $value = lexor \&constant, \&identifier; + adv ';'; + + $c->symbol($ident)->bless('Variable')->value($value); +} + +sub type_def { + my $ret = lexor sub { + adv 'typedef'; + my $var = declaration(); + my $type = $var->type; + $var->bless('Type')->alias($type); + }, sub { + adv 'enum'; + my $ident = identifier(); + my $body = enum_body(); + $c->symbol("enum $ident")->bless('Type::Enum')->members($body); + }, sub { + adv 'struct'; + my $ident = identifier(); + my $body = struct_body(); + $c->symbol("struct $ident")->bless('Type::Struct')->members($body); + }, sub { + adv 'union'; + my $ident = identifier(); + my $body = union_body(); + $c->symbol("union $ident")->bless('Type::Union') + ->decl($body->[0])->case_specs($body->[1]); + }; + adv ';'; + $ret; +} + +sub type_specifier { + lexor sub { + my $ts = adv '(?:unsigned\s+)?(?:int|hyper|char|short)|float|double|quadruple|bool'; + $ts =~ s/^unsigned\s+/u_/; + $c->symbol($ts)->bless('Type'); + }, \&enum_type_spec, \&struct_type_spec, \&union_type_spec, sub { + my $ident = identifier(); + $c->symbol($ident)->bless('Type'); + }; +} + +sub declaration { + lexor sub { + my $type = lexor sub { + my $type = adv 'opaque|string'; + my $klass = ucfirst $type; + "Sym::Type::$klass"->new; + }, \&type_specifier; + my $ident = identifier(); + # I know that type 'string' does not accept '[]'(fixed length), but I don't care about that + if (my $ex = eval { adv '[<\[]' }) { + my $value = eval { value() }; + die if !$value && $ex ne '<'; # Length could be null if it is variable length + + adv($ex eq '<' ? '>' : '\]'); + if (ref($type) eq 'Sym::Type') { # Expect Array or Vector + my $vtype = ($ex eq '<') ? 'Array' : 'Vector'; + $type = "Sym::Type::$vtype"->new(length => $value, reftype => $type); + } else { + $type->length($value); + $type->bless('Type::Bytes') if $type->isa('Sym::Type::Opaque') && $ex eq '<'; + } + } elsif ($type->can('length')) { # Found String or Opaque but not followed by length specifier + die; + } + + $c->symbol($ident)->bless('Variable')->type($type); + }, sub { + my $type = type_specifier(); + adv '\*'; + my $ident = identifier(); + + $c->symbol($ident)->bless('Variable')->type( + Sym::Type::Pointer->new(reftype => $type)); + }, sub { + adv 'void'; + $c->symbol('void')->bless('Type'); + }; +} + +sub definition { + lexor \&type_def, \&constant_def; +} + +sub parse { + my ($class, $source) = @_; + + my $nlines = @{[$source =~ /\n/g]}; + my @lexs; + while ($source =~ /\S/s) { + (local $_ = $source) =~ s/\A\s*//s; + my $lex = eval { definition() }; + if (!$lex) { + my $line = $nlines - @{[/\n/g]} + 1; + my ($near) = /\A((?:.+?\n){0,5})/s; + die "ERROR: Unexpected character near line $line.\n", + "Please check debug output by enabling \$DEBUG flag at top of script.\n", + join("\n", map { ">> $_" } split /\n/, $near); + } + ::dbg ' 'x($Depth*2), sprintf "*** Found %s<%s>\n", ref($lex), $lex->ident; + push @lexs, $lex; + $source = $_; + } + @lexs; +} + +# Followings are code templates handled by PT +__END__<<DUMMY # Dummy heredoc to disable perl syntax highlighting +@@ Sym::Type#render_dissector +<% +my ($self, $ident) = @_; +return if $self->is_primitive; +%> +static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) +{ + return <%= $self->dealias->render_caller($self->ident eq $ident ? undef : $ident) %>; +} +@@ Sym::Type::Struct#render_dissector +<% my ($self, $ident) = @_; + my $hfvar = $c->rinc('hf_'.$self->idstrip); +%> +static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) +{ + goffset start; + proto_item *ti; + + start = xdr_getpos(xdrs); + if (hf == -1) { + ti = proto_tree_add_item(tree, <%= $hfvar %>, tvb, start, -1, ENC_NA); + } else { + header_field_info *hfinfo; + hfinfo = proto_registrar_get_nth(<%= $hfvar %>); + ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA); + proto_item_append_text(ti, " :: %s", hfinfo->name); + } + tree = proto_item_add_subtree(ti, <%= $c->rinc('ett_'.$self->idstrip) %>); +<% for my $m (@{ $self->members }) { %> + + hf = <%= $c->rinc('hf_'.$ident.'__'.$m->ident) %>; + if (!<%= $m->type->render_caller($ident.'__'.$m->ident) %>) return FALSE; +<% } %> + proto_item_set_len(ti, xdr_getpos(xdrs) - start); + return TRUE; +} +@@ Sym::Type::Enum#render_dissector +<% my ($self, $ident) = @_; %> +static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) +{ + goffset start; + enum { DUMMY } es; + + start = xdr_getpos(xdrs); + if (xdr_enum(xdrs, (enum_t *)&es)) { + switch ((guint)es) { +<% for my $m (@{ $self->members }) { %> + case <%= $m->value %>: + proto_tree_add_uint_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start, (guint)es, "<%= $m->idstrip %>(<%= $m->value %>)"); + return TRUE; +<% } %> + } + } else { + proto_tree_add_text(tree, tvb, start, -1, "(unknown)"); + } + return FALSE; +} +@@ Sym::Type::Union#render_dissector +<% +my ($self, $ident) = @_; +my $decl_type = $self->decl->type->idstrip; +%> +static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) +{ + gboolean rc = TRUE; + goffset start; + <%= $decl_type %> type = 0; + + start = xdr_getpos(xdrs); + if (!xdr_<%= $decl_type %>(xdrs, &type)) + return FALSE; + switch (type) { +<% for my $cs (@{ $self->case_specs }) { + my ($vals, $decl) = @$cs; +%> +<% for my $v (@$vals) { %> + case <%= $v %>: +<% } %> + hf = <%= $c->rinc('hf_'.$ident.'__'.$decl->ident) %>; + rc = <%= $decl->type->render_caller($ident.'__'.$decl->ident) %>; break; +<% } %> + } + if (!rc) { + proto_tree_add_text(tree, tvb, start, -1, "(unknown)"); + } + return rc; +} +@@ macro.hfvars +#define VIR_DYNAMIC_HFSET \ +<% for my $prog (@{ $_->{programs} }) { %> + { &hf_<%= $prog %>_procedure,\ + { "procedure", "libvirt.procedure",\ + FT_INT32, BASE_DEC,\ + VALS(<%= $prog %>_procedure_strings), 0x0,\ + NULL, HFILL}\ + },\ +<% } %> +<% for my $hf (@{ $_->{hfvars} }) { %> + { &<%= $hf->{segment}{sym} %>,\ + { "<%= $hf->{name} %>", "libvirt.<%= $hf->{abbrev} %>",\ + FT_<%= $hf->{ft_type} %>, BASE_<%= $hf->{hf_base} %>,\ + NULL, 0x0,\ + NULL, HFILL}\ + },\ +<% } %> +/* End of #define VIR_DYNAMIC_HFSET */ + +@@ macro.ettvars +#define VIR_DYNAMIC_ETTSET \ +<% for my $ett (@{ $_->{ettvars} }) { %> +&<%= $ett %>,\ +<% } %> +/* End of #define VIR_DYNAMIC_ETTSET */ + +@@ code.dissectorlist +static const vir_dissector_index_t <%= $_->{name} %>_dissectors[] = { +<% for my $d (@{ $_->{dissectors} }) { %> + { <%= $d->{value} %>, <%= $d->{args} %>, <%= $d->{ret} %>, <%= $d->{msg} %> }, +<% } %> +}; +static const gsize <%= $_->{name} %>_dissectors_len = array_length(<%= $_->{name} %>_dissectors); +@@ code.procedure_strings +static const value_string <%= $_->{name} %>_procedure_strings[] = { +<% for my $proc (@{ $_->{procedures} }) { + my $ident = $proc->ident; + $ident =~ s/^$_->{name}_proc_//i; +%> + { <%= $proc->value %>, "<%= $ident %>" }, +<% } %> + { 0, NULL } +}; +@@ code.program_strings +static const value_string program_strings[] = { +<% for my $prog (map uc, @{ $_->{programs} }) { %> + { <%= $c->symbol("$prog\_PROGRAM")->value %>, "<%= $prog %>" }, +<% } %> + { 0, NULL } +}; +@@ code.program_data +static const void *program_data[][VIR_PROGRAM_LAST] = { +<% for my $p (@{ $_->{programs} }) { %> + { &hf_<%= $p %>_procedure, <%= $p %>_procedure_strings, <%= $p %>_dissectors, &<%= $p %>_dissectors_len }, +<% } %> +}; + +static const void * +get_program_data(guint32 prog, enum vir_program_data_index index) +{ + if (index < VIR_PROGRAM_LAST) { + switch (prog) { +<% my $i = 0; %> +<% for my $prog (@{ $_->{programs} }) { %> + case <%= uc($prog) %>_PROGRAM: + return program_data[<%= $i++ %>][index]; +<% } %> + } + } + return NULL; +} -- 1.8.1.5
On Wed, Sep 18, 2013 at 01:18:52PM +0900, Yuto KAWAMURA(kawamuray) wrote:
+++ b/devtools/wireshark-dissector/Makefile.am @@ -0,0 +1,28 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>.
Libvirt is distributed under the LGPLv2+, not GPLv3+. Please relicense all the files to LGPLv2+ Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
2013/9/18 Daniel P. Berrange <berrange@redhat.com>:
On Wed, Sep 18, 2013 at 01:18:52PM +0900, Yuto KAWAMURA(kawamuray) wrote:
+++ b/devtools/wireshark-dissector/Makefile.am @@ -0,0 +1,28 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>.
Libvirt is distributed under the LGPLv2+, not GPLv3+. Please relicense all the files to LGPLv2+
Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
I'll relicense files to LGPLv2+ in next patch.
On 18.09.2013 06:18, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol. Added following files to build Wireshark dissector from libvirt source tree. * devtools/: New directory which tools for libvirt developers should be placed. * devtools/wireshark-dissector/*: Source tree of Wireshark dissector plugin.
Added followings to configure.ac or Makefile.am. configure.ac * --with-wireshark-dissector: Enable support for building Wireshark dissector. * --with-ws-plugindir: Specify wireshark plugin directory that dissector will installed. * Added devtools/wireshark-dissector/{Makefile,src/Makefile} to AC_CONFIG_FILES. Makefile.am * Added devtools/wireshark-dissector/ to SUBDIR. --- Makefile.am | 3 +- cfg.mk | 8 +- configure.ac | 69 +- devtools/wireshark-dissector/Makefile.am | 28 + devtools/wireshark-dissector/README.md | 25 + devtools/wireshark-dissector/src/.gitignore | 2 + devtools/wireshark-dissector/src/Makefile.am | 31 + devtools/wireshark-dissector/src/moduleinfo.h | 36 + devtools/wireshark-dissector/src/packet-libvirt.c | 512 +++++++++++ devtools/wireshark-dissector/src/packet-libvirt.h | 127 +++ devtools/wireshark-dissector/src/plugin.c | 27 + devtools/wireshark-dissector/util/genxdrstub.pl | 1009 +++++++++++++++++++++ 12 files changed, 1871 insertions(+), 6 deletions(-) create mode 100644 devtools/wireshark-dissector/Makefile.am create mode 100644 devtools/wireshark-dissector/README.md create mode 100644 devtools/wireshark-dissector/src/.gitignore create mode 100644 devtools/wireshark-dissector/src/Makefile.am create mode 100644 devtools/wireshark-dissector/src/moduleinfo.h create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.c create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.h create mode 100644 devtools/wireshark-dissector/src/plugin.c create mode 100755 devtools/wireshark-dissector/util/genxdrstub.pl
diff --git a/Makefile.am b/Makefile.am index 4e24ecf..2385b0c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -22,7 +22,8 @@ GENHTML = genhtml SUBDIRS = gnulib/lib include src daemon tools docs gnulib/tests \ python tests po examples/domain-events/events-c examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/python examples/apparmor \ - examples/xml/nwfilter examples/openauth examples/systemtap + examples/xml/nwfilter examples/openauth examples/systemtap \ + devtools/wireshark-dissector
ACLOCAL_AMFLAGS = -I m4 -I gnulib/m4
diff --git a/cfg.mk b/cfg.mk index 3a31815..d169c51 100644 --- a/cfg.mk +++ b/cfg.mk @@ -90,7 +90,7 @@ endif
# Files that should never cause syntax check failures. VC_LIST_ALWAYS_EXCLUDE_REGEX = \ - (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$ + (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po|devtools/wireshark-dissector/src/plugin.c)$$
# Functions like free() that are no-ops on NULL arguments. useless_free_options = \ @@ -969,7 +969,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \ ^src/rpc/gendispatch\.pl$$
exclude_file_name_regexp--sc_prohibit_nonreentrant = \ - ^((po|tests)/|docs/.*(py|html\.in)|run.in$$) + ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|devtools/wireshark-dissector/util/genxdrstub\.pl$$)
exclude_file_name_regexp--sc_prohibit_raw_allocation = \ ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c)$$ @@ -980,7 +980,7 @@ exclude_file_name_regexp--sc_prohibit_readlink = \ exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$
exclude_file_name_regexp--sc_prohibit_sprintf = \ - ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$ + ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)|(devtools/wireshark-dissector/util/genxdrstub\.pl)$$
exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$
@@ -1013,7 +1013,7 @@ exclude_file_name_regexp--sc_correct_id_types = \ exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4
exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \ - ^src/internal\.h$$ + ^(src/internal\.h$$|devtools/wireshark-dissector/src/packet-libvirt.h$$)
exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \ ^(python/|tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$) diff --git a/configure.ac b/configure.ac index 69a01ae..83c7de4 100644 --- a/configure.ac +++ b/configure.ac @@ -2561,6 +2561,67 @@ AM_CONDITIONAL([HAVE_LIBNL], [test "$have_libnl" = "yes"]) AC_SUBST([LIBNL_CFLAGS]) AC_SUBST([LIBNL_LIBS])
+dnl wireshark dissector + +AC_ARG_WITH([wireshark-dissector], [ + AS_HELP_STRING([--with-wireshark-dissector], [ + enable wireshark dissector plugin support @<:@default=no@:>@ + ])], + [ with_wireshark_dissector=$withval ], + [ with_wireshark_dissector=no ])
I think we want with_wireshark_dissector=check here, so the dissector is enabled if a devel has wireshark and disabled if he hasn't. This however require the following to be rewritten slightly.
+ +if test "$with_wireshark_dissector" != "no"; then + dnl Check for XDR headers existence + AC_CHECK_HEADERS([rpc/types.h]) + + dnl Check for glib-2.0 existence + PKG_CHECK_MODULES([GLIB], [glib-2.0]) + WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS `$PKG_CONFIG --cflags glib-2.0`" + + dnl Search for wireshark(or tshark) command + AC_PATH_PROG([WIRESHARK], [wireshark]) + AC_PATH_PROG([WIRESHARK], [tshark]) + if test -z "$WIRESHARK"; then + AC_MSG_ERROR([command not found wireshark or tshark]) + fi + + dnl Check for wireshark headers + save_CPPFLAGS="$CPPFLAGS" + WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS -I`dirname $WIRESHARK`/../include/wireshark" + CPPFLAGS="$CPPFLAGS $WS_DISSECTOR_CPPFLAGS" + AC_CHECK_HEADERS([wireshark/config.h],, [ + AC_MSG_ERROR([wireshark/config.h is required for wireshark-dissector support]) + ]) + AC_CHECK_HEADERS([wireshark/epan/packet.h wireshark/epan/dissectors/packet-tcp.h],, [ + AC_MSG_ERROR([wireshark/epan/{packet,packet-tcp}.h are required for wireshark-dissector support]) + ], [ + #include <wireshark/config.h> + ]) + CPPFLAGS="$save_CPPFLAGS" + + WS_DISSECTOR_PROTO_FILES='\ + $(top_srcdir)/src/remote/remote_protocol.x \ + $(top_srcdir)/src/remote/qemu_protocol.x \ + $(top_srcdir)/src/remote/lxc_protocol.x \ + $(top_srcdir)/src/rpc/virkeepaliveprotocol.x \ + '
This variable can be hardcoded in devtools/wireshark-dissector/src/Makefile.in.
+ AC_SUBST([WS_DISSECTOR_PROTO_FILES]) + AC_SUBST([WS_DISSECTOR_CPPFLAGS]) +fi +AM_CONDITIONAL([WITH_WIRESHARK_DISSECTOR], [test "$with_wireshark_dissector" = "yes"]) + +AC_ARG_WITH([ws-plugindir], [ + AC_HELP_STRING([--with-ws-plugindir], [ + wireshark plugins directory that plugin will installed + ])], + [ ws_plugindir=$withval ]) + +if test "$with_wireshark_dissector" != "no" && test -z "$ws_plugindir"; then + ws_version=`$WIRESHARK -v | head -1 | cut -f 2 -d' '` + ws_plugindir=`dirname $WIRESHARK`/../lib/wireshark/plugins/$ws_version +fi +AC_SUBST([ws_plugindir]) + # Check for Linux vs. BSD ifreq members AC_CHECK_MEMBERS([struct ifreq.ifr_newname, struct ifreq.ifr_ifindex, @@ -2646,7 +2707,9 @@ AC_CONFIG_FILES([\ examples/python/Makefile \ examples/hellolibvirt/Makefile \ examples/systemtap/Makefile \ - examples/xml/nwfilter/Makefile]) + examples/xml/nwfilter/Makefile \ + devtools/wireshark-dissector/Makefile \ + devtools/wireshark-dissector/src/Makefile]) AC_OUTPUT
AC_MSG_NOTICE([]) @@ -2806,6 +2869,10 @@ AC_MSG_NOTICE([ XML Catalog: $XML_CATALOG_FILE]) AC_MSG_NOTICE([ Init script: $with_init_script]) AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files]) AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Developer Tools]) +AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Wireshark dissector: $with_wireshark_dissector]) +AC_MSG_NOTICE([]) AC_MSG_NOTICE([Privileges]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([ QEMU: $QEMU_USER:$QEMU_GROUP]) diff --git a/devtools/wireshark-dissector/Makefile.am b/devtools/wireshark-dissector/Makefile.am new file mode 100644 index 0000000..6c535b5 --- /dev/null +++ b/devtools/wireshark-dissector/Makefile.am @@ -0,0 +1,28 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Yuto KAWAMURA(kawamuray) +if WITH_WIRESHARK_DISSECTOR +SUBDIRS = src + +# I think wireshark plugin is special case that doesn't need to install +# *.la(libtool archive) files. +# Maybe each plugin functionality should correspond to single file in +# plugins directory. So this hook keeps plugins directory clean. +install-exec-hook: + rm -f $(ws_plugindir)/libvirt.la +endif WITH_WIRESHARK_DISSECTOR diff --git a/devtools/wireshark-dissector/README.md b/devtools/wireshark-dissector/README.md new file mode 100644 index 0000000..e0ea522 --- /dev/null +++ b/devtools/wireshark-dissector/README.md @@ -0,0 +1,25 @@ +About +===== +This is the project of Google Summer of Code 2013 accepted by QEMU.org and libvirt community. +The goal of this project is, provide Wireshark dissector for Libvirt RPC protocol. It will provide Libvirt packet overview/detail analysing in Wireshark. Furthermore, it will be able to build(generated) from RPC protocol definition placed in Libvirt source tree to support latest protocol specification.
Very long line, we use to wrap lines at 80 characters.
+ +See also: +- http://www.google-melange.com/gsoc/project/google/gsoc2013/kawamuray/7001 +- http://wiki.qemu.org/Features/LibvirtWiresharkDissector + +Installation +============= +Run ./configure with --with-wireshark-dissector option enabled. +Then dissector will compiled with libvirt itself. + +Add/Remove protocol from dissector's support +-------------------------------------------- +Modify xdr\_proto\_files in this directory. + +Changing installation directory +------------------------------- +You can change installation directory of pluggable shared object(libvirt.so) by specifying --with-ws-plugindir=<path>. + +You can install libvirt.so into your local wireshark plugin directory: + + ./configure --with-wireshark-dissector --with-ws-plugindir=$HOME/.wireshark/plugins diff --git a/devtools/wireshark-dissector/src/.gitignore b/devtools/wireshark-dissector/src/.gitignore new file mode 100644 index 0000000..cc78368 --- /dev/null +++ b/devtools/wireshark-dissector/src/.gitignore @@ -0,0 +1,2 @@ +*.so +*.o diff --git a/devtools/wireshark-dissector/src/Makefile.am b/devtools/wireshark-dissector/src/Makefile.am new file mode 100644 index 0000000..f409b2b --- /dev/null +++ b/devtools/wireshark-dissector/src/Makefile.am @@ -0,0 +1,31 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Yuto KAWAMURA(kawamuray) +ws_plugin_LTLIBRARIES = libvirt.la +libvirt_la_SOURCES = packet-libvirt.c plugin.c +libvirt_la_CPPFLAGS = $(WS_DISSECTOR_CPPFLAGS) +libvirt_la_LDFLAGS = -avoid-version + +packet-libvirt.c: packet-libvirt.h libvirt/protocol.h
I think this is the right place to fill WS_DISSECTOR_PROTO_FILES in.
+ +libvirt/protocol.h: $(srcdir)/../util/genxdrstub.pl $(WS_DISSECTOR_PROTO_FILES) + LIBVIRT_VERSION=$(LIBVIRT_VERSION) \ + $(PERL) $(srcdir)/../util/genxdrstub.pl $(WS_DISSECTOR_PROTO_FILES) + +clean-local: + -rm -rf libvirt/*.h
Michal
2013/9/18 Michal Privoznik <mprivozn@redhat.com>:
On 18.09.2013 06:18, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol. Added following files to build Wireshark dissector from libvirt source tree. * devtools/: New directory which tools for libvirt developers should be placed. * devtools/wireshark-dissector/*: Source tree of Wireshark dissector plugin.
Added followings to configure.ac or Makefile.am. configure.ac * --with-wireshark-dissector: Enable support for building Wireshark dissector. * --with-ws-plugindir: Specify wireshark plugin directory that dissector will installed. * Added devtools/wireshark-dissector/{Makefile,src/Makefile} to AC_CONFIG_FILES. Makefile.am * Added devtools/wireshark-dissector/ to SUBDIR. --- Makefile.am | 3 +- cfg.mk | 8 +- configure.ac | 69 +- devtools/wireshark-dissector/Makefile.am | 28 + devtools/wireshark-dissector/README.md | 25 + devtools/wireshark-dissector/src/.gitignore | 2 + devtools/wireshark-dissector/src/Makefile.am | 31 + devtools/wireshark-dissector/src/moduleinfo.h | 36 + devtools/wireshark-dissector/src/packet-libvirt.c | 512 +++++++++++ devtools/wireshark-dissector/src/packet-libvirt.h | 127 +++ devtools/wireshark-dissector/src/plugin.c | 27 + devtools/wireshark-dissector/util/genxdrstub.pl | 1009 +++++++++++++++++++++ 12 files changed, 1871 insertions(+), 6 deletions(-) create mode 100644 devtools/wireshark-dissector/Makefile.am create mode 100644 devtools/wireshark-dissector/README.md create mode 100644 devtools/wireshark-dissector/src/.gitignore create mode 100644 devtools/wireshark-dissector/src/Makefile.am create mode 100644 devtools/wireshark-dissector/src/moduleinfo.h create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.c create mode 100644 devtools/wireshark-dissector/src/packet-libvirt.h create mode 100644 devtools/wireshark-dissector/src/plugin.c create mode 100755 devtools/wireshark-dissector/util/genxdrstub.pl
diff --git a/Makefile.am b/Makefile.am index 4e24ecf..2385b0c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -22,7 +22,8 @@ GENHTML = genhtml SUBDIRS = gnulib/lib include src daemon tools docs gnulib/tests \ python tests po examples/domain-events/events-c examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/python examples/apparmor \ - examples/xml/nwfilter examples/openauth examples/systemtap + examples/xml/nwfilter examples/openauth examples/systemtap \ + devtools/wireshark-dissector
ACLOCAL_AMFLAGS = -I m4 -I gnulib/m4
diff --git a/cfg.mk b/cfg.mk index 3a31815..d169c51 100644 --- a/cfg.mk +++ b/cfg.mk @@ -90,7 +90,7 @@ endif
# Files that should never cause syntax check failures. VC_LIST_ALWAYS_EXCLUDE_REGEX = \ - (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$ + (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po|devtools/wireshark-dissector/src/plugin.c)$$
# Functions like free() that are no-ops on NULL arguments. useless_free_options = \ @@ -969,7 +969,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \ ^src/rpc/gendispatch\.pl$$
exclude_file_name_regexp--sc_prohibit_nonreentrant = \ - ^((po|tests)/|docs/.*(py|html\.in)|run.in$$) + ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|devtools/wireshark-dissector/util/genxdrstub\.pl$$)
exclude_file_name_regexp--sc_prohibit_raw_allocation = \ ^(docs/hacking\.html\.in)|(src/util/viralloc\.[ch]|examples/.*|tests/securityselinuxhelper\.c|tests/vircgroupmock\.c)$$ @@ -980,7 +980,7 @@ exclude_file_name_regexp--sc_prohibit_readlink = \ exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$
exclude_file_name_regexp--sc_prohibit_sprintf = \ - ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$ + ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)|(devtools/wireshark-dissector/util/genxdrstub\.pl)$$
exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$
@@ -1013,7 +1013,7 @@ exclude_file_name_regexp--sc_correct_id_types = \ exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4
exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \ - ^src/internal\.h$$ + ^(src/internal\.h$$|devtools/wireshark-dissector/src/packet-libvirt.h$$)
exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \ ^(python/|tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$) diff --git a/configure.ac b/configure.ac index 69a01ae..83c7de4 100644 --- a/configure.ac +++ b/configure.ac @@ -2561,6 +2561,67 @@ AM_CONDITIONAL([HAVE_LIBNL], [test "$have_libnl" = "yes"]) AC_SUBST([LIBNL_CFLAGS]) AC_SUBST([LIBNL_LIBS])
+dnl wireshark dissector + +AC_ARG_WITH([wireshark-dissector], [ + AS_HELP_STRING([--with-wireshark-dissector], [ + enable wireshark dissector plugin support @<:@default=no@:>@ + ])], + [ with_wireshark_dissector=$withval ], + [ with_wireshark_dissector=no ])
I think we want with_wireshark_dissector=check here, so the dissector is enabled if a devel has wireshark and disabled if he hasn't. This however require the following to be rewritten slightly.
Agreed. I'll do it.
+ +if test "$with_wireshark_dissector" != "no"; then + dnl Check for XDR headers existence + AC_CHECK_HEADERS([rpc/types.h]) + + dnl Check for glib-2.0 existence + PKG_CHECK_MODULES([GLIB], [glib-2.0]) + WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS `$PKG_CONFIG --cflags glib-2.0`" + + dnl Search for wireshark(or tshark) command + AC_PATH_PROG([WIRESHARK], [wireshark]) + AC_PATH_PROG([WIRESHARK], [tshark]) + if test -z "$WIRESHARK"; then + AC_MSG_ERROR([command not found wireshark or tshark]) + fi + + dnl Check for wireshark headers + save_CPPFLAGS="$CPPFLAGS" + WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS -I`dirname $WIRESHARK`/../include/wireshark" + CPPFLAGS="$CPPFLAGS $WS_DISSECTOR_CPPFLAGS" + AC_CHECK_HEADERS([wireshark/config.h],, [ + AC_MSG_ERROR([wireshark/config.h is required for wireshark-dissector support]) + ]) + AC_CHECK_HEADERS([wireshark/epan/packet.h wireshark/epan/dissectors/packet-tcp.h],, [ + AC_MSG_ERROR([wireshark/epan/{packet,packet-tcp}.h are required for wireshark-dissector support]) + ], [ + #include <wireshark/config.h> + ]) + CPPFLAGS="$save_CPPFLAGS" + + WS_DISSECTOR_PROTO_FILES='\ + $(top_srcdir)/src/remote/remote_protocol.x \ + $(top_srcdir)/src/remote/qemu_protocol.x \ + $(top_srcdir)/src/remote/lxc_protocol.x \ + $(top_srcdir)/src/rpc/virkeepaliveprotocol.x \ + '
This variable can be hardcoded in devtools/wireshark-dissector/src/Makefile.in.
You mean Makefile.am? If yes, then I agree.
+ AC_SUBST([WS_DISSECTOR_PROTO_FILES]) + AC_SUBST([WS_DISSECTOR_CPPFLAGS]) +fi +AM_CONDITIONAL([WITH_WIRESHARK_DISSECTOR], [test "$with_wireshark_dissector" = "yes"]) + +AC_ARG_WITH([ws-plugindir], [ + AC_HELP_STRING([--with-ws-plugindir], [ + wireshark plugins directory that plugin will installed + ])], + [ ws_plugindir=$withval ]) + +if test "$with_wireshark_dissector" != "no" && test -z "$ws_plugindir"; then + ws_version=`$WIRESHARK -v | head -1 | cut -f 2 -d' '` + ws_plugindir=`dirname $WIRESHARK`/../lib/wireshark/plugins/$ws_version +fi +AC_SUBST([ws_plugindir]) + # Check for Linux vs. BSD ifreq members AC_CHECK_MEMBERS([struct ifreq.ifr_newname, struct ifreq.ifr_ifindex, @@ -2646,7 +2707,9 @@ AC_CONFIG_FILES([\ examples/python/Makefile \ examples/hellolibvirt/Makefile \ examples/systemtap/Makefile \ - examples/xml/nwfilter/Makefile]) + examples/xml/nwfilter/Makefile \ + devtools/wireshark-dissector/Makefile \ + devtools/wireshark-dissector/src/Makefile]) AC_OUTPUT
AC_MSG_NOTICE([]) @@ -2806,6 +2869,10 @@ AC_MSG_NOTICE([ XML Catalog: $XML_CATALOG_FILE]) AC_MSG_NOTICE([ Init script: $with_init_script]) AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files]) AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Developer Tools]) +AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Wireshark dissector: $with_wireshark_dissector]) +AC_MSG_NOTICE([]) AC_MSG_NOTICE([Privileges]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([ QEMU: $QEMU_USER:$QEMU_GROUP]) diff --git a/devtools/wireshark-dissector/Makefile.am b/devtools/wireshark-dissector/Makefile.am new file mode 100644 index 0000000..6c535b5 --- /dev/null +++ b/devtools/wireshark-dissector/Makefile.am @@ -0,0 +1,28 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Yuto KAWAMURA(kawamuray) +if WITH_WIRESHARK_DISSECTOR +SUBDIRS = src + +# I think wireshark plugin is special case that doesn't need to install +# *.la(libtool archive) files. +# Maybe each plugin functionality should correspond to single file in +# plugins directory. So this hook keeps plugins directory clean. +install-exec-hook: + rm -f $(ws_plugindir)/libvirt.la +endif WITH_WIRESHARK_DISSECTOR diff --git a/devtools/wireshark-dissector/README.md b/devtools/wireshark-dissector/README.md new file mode 100644 index 0000000..e0ea522 --- /dev/null +++ b/devtools/wireshark-dissector/README.md @@ -0,0 +1,25 @@ +About +===== +This is the project of Google Summer of Code 2013 accepted by QEMU.org and libvirt community. +The goal of this project is, provide Wireshark dissector for Libvirt RPC protocol. It will provide Libvirt packet overview/detail analysing in Wireshark. Furthermore, it will be able to build(generated) from RPC protocol definition placed in Libvirt source tree to support latest protocol specification.
Very long line, we use to wrap lines at 80 characters.
Okey, I'll wrap long lines.
+ +See also: +- http://www.google-melange.com/gsoc/project/google/gsoc2013/kawamuray/7001 +- http://wiki.qemu.org/Features/LibvirtWiresharkDissector + +Installation +============= +Run ./configure with --with-wireshark-dissector option enabled. +Then dissector will compiled with libvirt itself. + +Add/Remove protocol from dissector's support +-------------------------------------------- +Modify xdr\_proto\_files in this directory. + +Changing installation directory +------------------------------- +You can change installation directory of pluggable shared object(libvirt.so) by specifying --with-ws-plugindir=<path>. + +You can install libvirt.so into your local wireshark plugin directory: + + ./configure --with-wireshark-dissector --with-ws-plugindir=$HOME/.wireshark/plugins diff --git a/devtools/wireshark-dissector/src/.gitignore b/devtools/wireshark-dissector/src/.gitignore new file mode 100644 index 0000000..cc78368 --- /dev/null +++ b/devtools/wireshark-dissector/src/.gitignore @@ -0,0 +1,2 @@ +*.so +*.o diff --git a/devtools/wireshark-dissector/src/Makefile.am b/devtools/wireshark-dissector/src/Makefile.am new file mode 100644 index 0000000..f409b2b --- /dev/null +++ b/devtools/wireshark-dissector/src/Makefile.am @@ -0,0 +1,31 @@ +## Process this file with automake to produce Makefile.in + +# Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 3 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Yuto KAWAMURA(kawamuray) +ws_plugin_LTLIBRARIES = libvirt.la +libvirt_la_SOURCES = packet-libvirt.c plugin.c +libvirt_la_CPPFLAGS = $(WS_DISSECTOR_CPPFLAGS) +libvirt_la_LDFLAGS = -avoid-version + +packet-libvirt.c: packet-libvirt.h libvirt/protocol.h
I think this is the right place to fill WS_DISSECTOR_PROTO_FILES in.
+ +libvirt/protocol.h: $(srcdir)/../util/genxdrstub.pl $(WS_DISSECTOR_PROTO_FILES) + LIBVIRT_VERSION=$(LIBVIRT_VERSION) \ + $(PERL) $(srcdir)/../util/genxdrstub.pl $(WS_DISSECTOR_PROTO_FILES) + +clean-local: + -rm -rf libvirt/*.h
Michal
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com> Add directory devtools/wireshark-dissector/samples/ and libvirt-sample.pdml which is sample output of dissector. --- .../samples/libvirt-sample.pdml | 7970 ++++++++++++++++++++ 1 file changed, 7970 insertions(+) create mode 100644 devtools/wireshark-dissector/samples/libvirt-sample.pdml diff --git a/devtools/wireshark-dissector/samples/libvirt-sample.pdml b/devtools/wireshark-dissector/samples/libvirt-sample.pdml new file mode 100644 index 0000000..bb6f0e8 --- /dev/null +++ b/devtools/wireshark-dissector/samples/libvirt-sample.pdml @@ -0,0 +1,7970 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="pdml2html.xsl"?> +<!-- You can find pdml2html.xsl in /usr/share/wireshark or at http://anonsvn.wireshark.org/trunk/wireshark/pdml2html.xsl. --> +<pdml version="0" creator="wireshark/1.10.2" time="Wed Sep 18 13:06:59 2013" capture_file=""> +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="4" showname="Number" value="4" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.311108000 JST" showname="Captured Time" value="1379477225.311108000" size="94"/> + </proto> + <proto name="frame" showname="Frame 4: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.311108000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.311108000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.311108000 seconds" size="0" pos="0" show="1379477225.311108000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000364000 seconds" size="0" pos="0" show="0.000364000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.000386000 seconds" size="0" pos="0" show="0.000386000"/> + <field name="frame.number" showname="Frame Number: 4" size="0" pos="0" show="4"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0x4cf4 (19700)" size="2" pos="18" show="0x4cf4" value="4cf4"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0xefb1 [correct]" size="2" pos="24" show="0xefb1" value="efb1"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="efb1"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="efb1"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55128 (55128), Dst Port: 16509 (16509), Seq: 1, Ack: 1, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55128 (55128)" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="d4f33c85"/> + <field name="tcp.nxtseq" showname="Next sequence number: 29 (relative sequence number)" size="0" pos="34" show="29"/> + <field name="tcp.ack" showname="Acknowledgment number: 1 (relative ack number)" size="4" pos="42" show="1" value="04f9c1ac"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:77:5a:bb:70:76" value="0101080a5abb70775abb7076"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233463, TSecr 1522233462" size="10" pos="56" value="080a5abb70775abb7076"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233463" size="4" pos="58" show="1522233463" value="5abb7077"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233462" size="4" pos="62" show="1522233462" value="5abb7076"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000042000000000000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="102"> + <field name="num" pos="0" show="6" showname="Number" value="6" size="102"/> + <field name="len" pos="0" show="102" showname="Frame Length" value="66" size="102"/> + <field name="caplen" pos="0" show="102" showname="Captured Length" value="66" size="102"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.314424000 JST" showname="Captured Time" value="1379477225.314424000" size="102"/> + </proto> + <proto name="frame" showname="Frame 6: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0" size="102" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.314424000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.314424000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.314424000 seconds" size="0" pos="0" show="1379477225.314424000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.003309000 seconds" size="0" pos="0" show="0.003309000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.003316000 seconds" size="0" pos="0" show="0.003316000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.003702000 seconds" size="0" pos="0" show="0.003702000"/> + <field name="frame.number" showname="Frame Number: 6" size="0" pos="0" show="6"/> + <field name="frame.len" showname="Frame Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.cap_len" showname="Capture Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 88" size="2" pos="16" show="88" value="0058"/> + <field name="ip.id" showname="Identification: 0xb1db (45531)" size="2" pos="18" show="0xb1db" value="b1db"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x8ac2 [correct]" size="2" pos="24" show="0x8ac2" value="8ac2"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="8ac2"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="8ac2"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55128 (55128), Seq: 1, Ack: 29, Len: 36" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55128 (55128)" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 36" hide="yes" size="1" pos="46" show="36" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="04f9c1ac"/> + <field name="tcp.nxtseq" showname="Next sequence number: 37 (relative sequence number)" size="0" pos="34" show="37"/> + <field name="tcp.ack" showname="Acknowledgment number: 29 (relative ack number)" size="4" pos="42" show="29" value="d4f33ca1"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe4c [validation disabled]" size="2" pos="50" show="0xfe4c" value="fe4c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:7a:5a:bb:70:77" value="0101080a5abb707a5abb7077"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233466, TSecr 1522233463" size="10" pos="56" value="080a5abb707a5abb7077"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233466" size="4" pos="58" show="1522233466" value="5abb707a"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233463" size="4" pos="62" show="1522233463" value="5abb7077"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 36" size="0" pos="34" show="36"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 36" size="36" pos="66" show="36" value="000000242000808600000001000000420000000100000000000000000000000100000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="36" pos="66"> + <field name="libvirt.length" showname="length: 36" size="4" pos="66" show="36" value="00000024"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_auth_list_ret" showname="remote_auth_list_ret" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types" showname="types :: remote_auth_type<1>" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types.types" showname="types: REMOTE_AUTH_NONE(0)" size="4" pos="98" show="0" value="00000000"/> + </field> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="8" showname="Number" value="8" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.314770000 JST" showname="Captured Time" value="1379477225.314770000" size="98"/> + </proto> + <proto name="frame" showname="Frame 8: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.314770000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.314770000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.314770000 seconds" size="0" pos="0" show="1379477225.314770000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000295000 seconds" size="0" pos="0" show="0.000295000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000346000 seconds" size="0" pos="0" show="0.000346000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.004048000 seconds" size="0" pos="0" show="0.004048000"/> + <field name="frame.number" showname="Frame Number: 8" size="0" pos="0" show="8"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0x4cf6 (19702)" size="2" pos="18" show="0x4cf6" value="4cf6"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0xefab [correct]" size="2" pos="24" show="0xefab" value="efab"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="efab"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="efab"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55128 (55128), Dst Port: 16509 (16509), Seq: 29, Ack: 37, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55128 (55128)" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 29 (relative sequence number)" size="4" pos="38" show="29" value="d4f33ca1"/> + <field name="tcp.nxtseq" showname="Next sequence number: 61 (relative sequence number)" size="0" pos="34" show="61"/> + <field name="tcp.ack" showname="Acknowledgment number: 37 (relative ack number)" size="4" pos="42" show="37" value="04f9c1d0"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:7a:5a:bb:70:7a" value="0101080a5abb707a5abb707a"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233466, TSecr 1522233466" size="10" pos="56" value="080a5abb707a5abb707a"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233466" size="4" pos="58" show="1522233466" value="5abb707a"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233466" size="4" pos="62" show="1522233466" value="5abb707a"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c0000000000000001000000000000000a"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_args" showname="remote_connect_supports_feature_args" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_args.feature" showname="feature: 10" size="4" pos="94" show="10" value="0000000a"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="9" showname="Number" value="9" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.320969000 JST" showname="Captured Time" value="1379477225.320969000" size="98"/> + </proto> + <proto name="frame" showname="Frame 9: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.320969000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.320969000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.320969000 seconds" size="0" pos="0" show="1379477225.320969000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.006199000 seconds" size="0" pos="0" show="0.006199000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.006199000 seconds" size="0" pos="0" show="0.006199000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.010247000 seconds" size="0" pos="0" show="0.010247000"/> + <field name="frame.number" showname="Frame Number: 9" size="0" pos="0" show="9"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xb1dc (45532)" size="2" pos="18" show="0xb1dc" value="b1dc"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x8ac5 [correct]" size="2" pos="24" show="0x8ac5" value="8ac5"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="8ac5"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="8ac5"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55128 (55128), Seq: 37, Ack: 61, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55128 (55128)" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 37 (relative sequence number)" size="4" pos="38" show="37" value="04f9c1d0"/> + <field name="tcp.nxtseq" showname="Next sequence number: 69 (relative sequence number)" size="0" pos="34" show="69"/> + <field name="tcp.ack" showname="Acknowledgment number: 61 (relative ack number)" size="4" pos="42" show="61" value="d4f33cc1"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:80:5a:bb:70:7a" value="0101080a5abb70805abb707a"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233472, TSecr 1522233466" size="10" pos="56" value="080a5abb70805abb707a"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233472" size="4" pos="58" show="1522233472" value="5abb7080"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233466" size="4" pos="62" show="1522233466" value="5abb707a"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 8" size="0" pos="34" show="8"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.006199000 seconds" size="0" pos="34" show="0.006199000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000001000000010000000000000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_ret" showname="remote_connect_supports_feature_ret" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_ret.supported" showname="supported: 1" size="4" pos="94" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="122"> + <field name="num" pos="0" show="10" showname="Number" value="a" size="122"/> + <field name="len" pos="0" show="122" showname="Frame Length" value="7a" size="122"/> + <field name="caplen" pos="0" show="122" showname="Captured Length" value="7a" size="122"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.321200000 JST" showname="Captured Time" value="1379477225.321200000" size="122"/> + </proto> + <proto name="frame" showname="Frame 10: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) on interface 0" size="122" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.321200000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.321200000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.321200000 seconds" size="0" pos="0" show="1379477225.321200000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000231000 seconds" size="0" pos="0" show="0.000231000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000231000 seconds" size="0" pos="0" show="0.000231000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.010478000 seconds" size="0" pos="0" show="0.010478000"/> + <field name="frame.number" showname="Frame Number: 10" size="0" pos="0" show="10"/> + <field name="frame.len" showname="Frame Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.cap_len" showname="Capture Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 108" size="2" pos="16" show="108" value="006c"/> + <field name="ip.id" showname="Identification: 0x4cf7 (19703)" size="2" pos="18" show="0x4cf7" value="4cf7"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0xef92 [correct]" size="2" pos="24" show="0xef92" value="ef92"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="ef92"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="ef92"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55128 (55128), Dst Port: 16509 (16509), Seq: 61, Ack: 69, Len: 56" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55128 (55128)" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 56" hide="yes" size="1" pos="46" show="56" value="80"/> + <field name="tcp.seq" showname="Sequence number: 61 (relative sequence number)" size="4" pos="38" show="61" value="d4f33cc1"/> + <field name="tcp.nxtseq" showname="Next sequence number: 117 (relative sequence number)" size="0" pos="34" show="117"/> + <field name="tcp.ack" showname="Acknowledgment number: 69 (relative ack number)" size="4" pos="42" show="69" value="04f9c1f0"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe60 [validation disabled]" size="2" pos="50" show="0xfe60" value="fe60"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe60"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe60"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:81:5a:bb:70:80" value="0101080a5abb70815abb7080"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233473, TSecr 1522233472" size="10" pos="56" value="080a5abb70815abb7080"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233473" size="4" pos="58" show="1522233473" value="5abb7081"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233472" size="4" pos="62" show="1522233472" value="5abb7080"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 9" size="0" pos="34" show="9"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000231000 seconds" size="0" pos="34" show="0.000231000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 56" size="0" pos="34" show="56"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 56" size="56" pos="66" show="56" value="00000038200080860000000100000001000000000000000200000000000000010000000f71656d753a2f2f2f73657373696f6e0000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="56" pos="66"> + <field name="libvirt.length" showname="length: 56" size="4" pos="66" show="56" value="00000038"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_open_args" showname="remote_connect_open_args" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_connect_open_args.name" showname="name: (null)" size="4" pos="94" show="" value=""/> + <field name="libvirt.remote_connect_open_args.flags" showname="flags: 15" size="4" pos="98" show="15" value="0000000f"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="11" showname="Number" value="b" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.327357000 JST" showname="Captured Time" value="1379477225.327357000" size="94"/> + </proto> + <proto name="frame" showname="Frame 11: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.327357000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.327357000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.327357000 seconds" size="0" pos="0" show="1379477225.327357000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.006157000 seconds" size="0" pos="0" show="0.006157000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.006157000 seconds" size="0" pos="0" show="0.006157000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.016635000 seconds" size="0" pos="0" show="0.016635000"/> + <field name="frame.number" showname="Frame Number: 11" size="0" pos="0" show="11"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xb1dd (45533)" size="2" pos="18" show="0xb1dd" value="b1dd"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x8ac8 [correct]" size="2" pos="24" show="0x8ac8" value="8ac8"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="8ac8"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="8ac8"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55128 (55128), Seq: 69, Ack: 117, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55128 (55128)" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 69 (relative sequence number)" size="4" pos="38" show="69" value="04f9c1f0"/> + <field name="tcp.nxtseq" showname="Next sequence number: 97 (relative sequence number)" size="0" pos="34" show="97"/> + <field name="tcp.ack" showname="Acknowledgment number: 117 (relative ack number)" size="4" pos="42" show="117" value="d4f33cf9"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:87:5a:bb:70:81" value="0101080a5abb70875abb7081"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233479, TSecr 1522233473" size="10" pos="56" value="080a5abb70875abb7081"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233479" size="4" pos="58" show="1522233479" value="5abb7087"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233473" size="4" pos="62" show="1522233473" value="5abb7081"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 10" size="0" pos="34" show="10"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.006157000 seconds" size="0" pos="34" show="0.006157000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000001000000010000000200000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="102"> + <field name="num" pos="0" show="12" showname="Number" value="c" size="102"/> + <field name="len" pos="0" show="102" showname="Frame Length" value="66" size="102"/> + <field name="caplen" pos="0" show="102" showname="Captured Length" value="66" size="102"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.348433000 JST" showname="Captured Time" value="1379477225.348433000" size="102"/> + </proto> + <proto name="frame" showname="Frame 12: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0" size="102" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.348433000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.348433000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.348433000 seconds" size="0" pos="0" show="1379477225.348433000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.021076000 seconds" size="0" pos="0" show="0.021076000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.021076000 seconds" size="0" pos="0" show="0.021076000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.037711000 seconds" size="0" pos="0" show="0.037711000"/> + <field name="frame.number" showname="Frame Number: 12" size="0" pos="0" show="12"/> + <field name="frame.len" showname="Frame Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.cap_len" showname="Capture Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 88" size="2" pos="16" show="88" value="0058"/> + <field name="ip.id" showname="Identification: 0x4cf8 (19704)" size="2" pos="18" show="0x4cf8" value="4cf8"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0xefa5 [correct]" size="2" pos="24" show="0xefa5" value="efa5"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="efa5"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="efa5"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55128 (55128), Dst Port: 16509 (16509), Seq: 117, Ack: 97, Len: 36" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55128 (55128)" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 36" hide="yes" size="1" pos="46" show="36" value="80"/> + <field name="tcp.seq" showname="Sequence number: 117 (relative sequence number)" size="4" pos="38" show="117" value="d4f33cf9"/> + <field name="tcp.nxtseq" showname="Next sequence number: 153 (relative sequence number)" size="0" pos="34" show="153"/> + <field name="tcp.ack" showname="Acknowledgment number: 97 (relative ack number)" size="4" pos="42" show="97" value="04f9c20c"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe4c [validation disabled]" size="2" pos="50" show="0xfe4c" value="fe4c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:9c:5a:bb:70:87" value="0101080a5abb709c5abb7087"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233500, TSecr 1522233479" size="10" pos="56" value="080a5abb709c5abb7087"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233500" size="4" pos="58" show="1522233500" value="5abb709c"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233479" size="4" pos="62" show="1522233479" value="5abb7087"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 11" size="0" pos="34" show="11"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.021076000 seconds" size="0" pos="34" show="0.021076000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 36" size="0" pos="34" show="36"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 36" size="36" pos="66" show="36" value="000000242000808600000001000001110000000000000003000000000000000100000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="36" pos="66"> + <field name="libvirt.length" showname="length: 36" size="4" pos="66" show="36" value="00000024"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_LIST_ALL_DOMAINS (273)" size="4" pos="78" show="273" value="00000111"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_list_all_domains_args" showname="remote_connect_list_all_domains_args" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_connect_list_all_domains_args.need_results" showname="need_results: 1" size="4" pos="94" show="1" value="00000001"/> + <field name="libvirt.remote_connect_list_all_domains_args.flags" showname="flags: 1" size="4" pos="98" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="102"> + <field name="num" pos="0" show="13" showname="Number" value="d" size="102"/> + <field name="len" pos="0" show="102" showname="Frame Length" value="66" size="102"/> + <field name="caplen" pos="0" show="102" showname="Captured Length" value="66" size="102"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.353343000 JST" showname="Captured Time" value="1379477225.353343000" size="102"/> + </proto> + <proto name="frame" showname="Frame 13: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0" size="102" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.353343000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.353343000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.353343000 seconds" size="0" pos="0" show="1379477225.353343000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004910000 seconds" size="0" pos="0" show="0.004910000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004910000 seconds" size="0" pos="0" show="0.004910000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.042621000 seconds" size="0" pos="0" show="0.042621000"/> + <field name="frame.number" showname="Frame Number: 13" size="0" pos="0" show="13"/> + <field name="frame.len" showname="Frame Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.cap_len" showname="Capture Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 88" size="2" pos="16" show="88" value="0058"/> + <field name="ip.id" showname="Identification: 0xb1de (45534)" size="2" pos="18" show="0xb1de" value="b1de"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x8abf [correct]" size="2" pos="24" show="0x8abf" value="8abf"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="8abf"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="8abf"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55128 (55128), Seq: 97, Ack: 153, Len: 36" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55128 (55128)" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 36" hide="yes" size="1" pos="46" show="36" value="80"/> + <field name="tcp.seq" showname="Sequence number: 97 (relative sequence number)" size="4" pos="38" show="97" value="04f9c20c"/> + <field name="tcp.nxtseq" showname="Next sequence number: 133 (relative sequence number)" size="0" pos="34" show="133"/> + <field name="tcp.ack" showname="Acknowledgment number: 153 (relative ack number)" size="4" pos="42" show="153" value="d4f33d1d"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe4c [validation disabled]" size="2" pos="50" show="0xfe4c" value="fe4c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:a1:5a:bb:70:9c" value="0101080a5abb70a15abb709c"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233505, TSecr 1522233500" size="10" pos="56" value="080a5abb70a15abb709c"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233505" size="4" pos="58" show="1522233505" value="5abb70a1"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233500" size="4" pos="62" show="1522233500" value="5abb709c"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 12" size="0" pos="34" show="12"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004910000 seconds" size="0" pos="34" show="0.004910000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 36" size="0" pos="34" show="36"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 36" size="36" pos="66" show="36" value="000000242000808600000001000001110000000100000003000000000000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="36" pos="66"> + <field name="libvirt.length" showname="length: 36" size="4" pos="66" show="36" value="00000024"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_LIST_ALL_DOMAINS (273)" size="4" pos="78" show="273" value="00000111"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_list_all_domains_ret" showname="remote_connect_list_all_domains_ret" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_connect_list_all_domains_ret.domains" showname="domains :: remote_nonnull_domain<0>" size="4" pos="94" show="" value=""/> + <field name="libvirt.remote_connect_list_all_domains_ret.ret" showname="ret: 0" size="4" pos="98" show="0" value="00000000"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="14" showname="Number" value="e" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.380854000 JST" showname="Captured Time" value="1379477225.380854000" size="94"/> + </proto> + <proto name="frame" showname="Frame 14: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.380854000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.380854000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.380854000 seconds" size="0" pos="0" show="1379477225.380854000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.027511000 seconds" size="0" pos="0" show="0.027511000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.027511000 seconds" size="0" pos="0" show="0.027511000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.070132000 seconds" size="0" pos="0" show="0.070132000"/> + <field name="frame.number" showname="Frame Number: 14" size="0" pos="0" show="14"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0x4cf9 (19705)" size="2" pos="18" show="0x4cf9" value="4cf9"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0xefac [correct]" size="2" pos="24" show="0xefac" value="efac"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="efac"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="efac"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55128 (55128), Dst Port: 16509 (16509), Seq: 153, Ack: 133, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55128 (55128)" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="34" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 153 (relative sequence number)" size="4" pos="38" show="153" value="d4f33d1d"/> + <field name="tcp.nxtseq" showname="Next sequence number: 181 (relative sequence number)" size="0" pos="34" show="181"/> + <field name="tcp.ack" showname="Acknowledgment number: 133 (relative ack number)" size="4" pos="42" show="133" value="04f9c230"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:bc:5a:bb:70:a1" value="0101080a5abb70bc5abb70a1"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233532, TSecr 1522233505" size="10" pos="56" value="080a5abb70bc5abb70a1"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233532" size="4" pos="58" show="1522233532" value="5abb70bc"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233505" size="4" pos="62" show="1522233505" value="5abb70a1"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 13" size="0" pos="34" show="13"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.027511000 seconds" size="0" pos="34" show="0.027511000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000000000000400000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="15" showname="Number" value="f" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.382384000 JST" showname="Captured Time" value="1379477225.382384000" size="94"/> + </proto> + <proto name="frame" showname="Frame 15: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.382384000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.382384000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.382384000 seconds" size="0" pos="0" show="1379477225.382384000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.001530000 seconds" size="0" pos="0" show="0.001530000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.001530000 seconds" size="0" pos="0" show="0.001530000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.071662000 seconds" size="0" pos="0" show="0.071662000"/> + <field name="frame.number" showname="Frame Number: 15" size="0" pos="0" show="15"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xb1df (45535)" size="2" pos="18" show="0xb1df" value="b1df"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x8ac6 [correct]" size="2" pos="24" show="0x8ac6" value="8ac6"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="8ac6"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="8ac6"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55128 (55128), Seq: 133, Ack: 181, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55128 (55128)" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55128" hide="yes" size="2" pos="36" show="55128" value="d758"/> + <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 133 (relative sequence number)" size="4" pos="38" show="133" value="04f9c230"/> + <field name="tcp.nxtseq" showname="Next sequence number: 161 (relative sequence number)" size="0" pos="34" show="161"/> + <field name="tcp.ack" showname="Acknowledgment number: 181 (relative ack number)" size="4" pos="42" show="181" value="d4f33d39"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:be:5a:bb:70:bc" value="0101080a5abb70be5abb70bc"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233534, TSecr 1522233532" size="10" pos="56" value="080a5abb70be5abb70bc"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233534" size="4" pos="58" show="1522233534" value="5abb70be"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233532" size="4" pos="62" show="1522233532" value="5abb70bc"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 14" size="0" pos="34" show="14"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.001530000 seconds" size="0" pos="34" show="0.001530000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000010000000400000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="22" showname="Number" value="16" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.395339000 JST" showname="Captured Time" value="1379477225.395339000" size="94"/> + </proto> + <proto name="frame" showname="Frame 22: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.395339000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.395339000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.395339000 seconds" size="0" pos="0" show="1379477225.395339000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000330000 seconds" size="0" pos="0" show="0.000330000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.012955000 seconds" size="0" pos="0" show="0.012955000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.084617000 seconds" size="0" pos="0" show="0.084617000"/> + <field name="frame.number" showname="Frame Number: 22" size="0" pos="0" show="22"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xb5e8 (46568)" size="2" pos="18" show="0xb5e8" value="b5e8"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x86bd [correct]" size="2" pos="24" show="0x86bd" value="86bd"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="86bd"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="86bd"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55129 (55129), Dst Port: 16509 (16509), Seq: 1, Ack: 1, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55129 (55129)" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="903bc52d"/> + <field name="tcp.nxtseq" showname="Next sequence number: 29 (relative sequence number)" size="0" pos="34" show="29"/> + <field name="tcp.ack" showname="Acknowledgment number: 1 (relative ack number)" size="4" pos="42" show="1" value="4e0a7b43"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:cb:5a:bb:70:ca" value="0101080a5abb70cb5abb70ca"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233547, TSecr 1522233546" size="10" pos="56" value="080a5abb70cb5abb70ca"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233547" size="4" pos="58" show="1522233547" value="5abb70cb"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233546" size="4" pos="62" show="1522233546" value="5abb70ca"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000042000000000000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="102"> + <field name="num" pos="0" show="24" showname="Number" value="18" size="102"/> + <field name="len" pos="0" show="102" showname="Frame Length" value="66" size="102"/> + <field name="caplen" pos="0" show="102" showname="Captured Length" value="66" size="102"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.400143000 JST" showname="Captured Time" value="1379477225.400143000" size="102"/> + </proto> + <proto name="frame" showname="Frame 24: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0" size="102" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.400143000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.400143000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.400143000 seconds" size="0" pos="0" show="1379477225.400143000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004796000 seconds" size="0" pos="0" show="0.004796000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004804000 seconds" size="0" pos="0" show="0.004804000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.089421000 seconds" size="0" pos="0" show="0.089421000"/> + <field name="frame.number" showname="Frame Number: 24" size="0" pos="0" show="24"/> + <field name="frame.len" showname="Frame Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.cap_len" showname="Capture Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 88" size="2" pos="16" show="88" value="0058"/> + <field name="ip.id" showname="Identification: 0x0b89 (2953)" size="2" pos="18" show="0x0b89" value="0b89"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x3115 [correct]" size="2" pos="24" show="0x3115" value="3115"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="3115"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="3115"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55129 (55129), Seq: 1, Ack: 29, Len: 36" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55129 (55129)" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 36" hide="yes" size="1" pos="46" show="36" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="4e0a7b43"/> + <field name="tcp.nxtseq" showname="Next sequence number: 37 (relative sequence number)" size="0" pos="34" show="37"/> + <field name="tcp.ack" showname="Acknowledgment number: 29 (relative ack number)" size="4" pos="42" show="29" value="903bc549"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe4c [validation disabled]" size="2" pos="50" show="0xfe4c" value="fe4c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:d0:5a:bb:70:cb" value="0101080a5abb70d05abb70cb"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233552, TSecr 1522233547" size="10" pos="56" value="080a5abb70d05abb70cb"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233552" size="4" pos="58" show="1522233552" value="5abb70d0"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233547" size="4" pos="62" show="1522233547" value="5abb70cb"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 36" size="0" pos="34" show="36"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 36" size="36" pos="66" show="36" value="000000242000808600000001000000420000000100000000000000000000000100000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="36" pos="66"> + <field name="libvirt.length" showname="length: 36" size="4" pos="66" show="36" value="00000024"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_auth_list_ret" showname="remote_auth_list_ret" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types" showname="types :: remote_auth_type<1>" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types.types" showname="types: REMOTE_AUTH_NONE(0)" size="4" pos="98" show="0" value="00000000"/> + </field> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="26" showname="Number" value="1a" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.400365000 JST" showname="Captured Time" value="1379477225.400365000" size="98"/> + </proto> + <proto name="frame" showname="Frame 26: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.400365000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.400365000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.400365000 seconds" size="0" pos="0" show="1379477225.400365000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000214000 seconds" size="0" pos="0" show="0.000214000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000222000 seconds" size="0" pos="0" show="0.000222000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.089643000 seconds" size="0" pos="0" show="0.089643000"/> + <field name="frame.number" showname="Frame Number: 26" size="0" pos="0" show="26"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xb5ea (46570)" size="2" pos="18" show="0xb5ea" value="b5ea"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x86b7 [correct]" size="2" pos="24" show="0x86b7" value="86b7"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="86b7"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="86b7"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55129 (55129), Dst Port: 16509 (16509), Seq: 29, Ack: 37, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55129 (55129)" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 29 (relative sequence number)" size="4" pos="38" show="29" value="903bc549"/> + <field name="tcp.nxtseq" showname="Next sequence number: 61 (relative sequence number)" size="0" pos="34" show="61"/> + <field name="tcp.ack" showname="Acknowledgment number: 37 (relative ack number)" size="4" pos="42" show="37" value="4e0a7b67"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:d0:5a:bb:70:d0" value="0101080a5abb70d05abb70d0"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233552, TSecr 1522233552" size="10" pos="56" value="080a5abb70d05abb70d0"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233552" size="4" pos="58" show="1522233552" value="5abb70d0"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233552" size="4" pos="62" show="1522233552" value="5abb70d0"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c0000000000000001000000000000000a"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_args" showname="remote_connect_supports_feature_args" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_args.feature" showname="feature: 10" size="4" pos="94" show="10" value="0000000a"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="27" showname="Number" value="1b" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.404752000 JST" showname="Captured Time" value="1379477225.404752000" size="98"/> + </proto> + <proto name="frame" showname="Frame 27: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.404752000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.404752000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.404752000 seconds" size="0" pos="0" show="1379477225.404752000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004387000 seconds" size="0" pos="0" show="0.004387000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004387000 seconds" size="0" pos="0" show="0.004387000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.094030000 seconds" size="0" pos="0" show="0.094030000"/> + <field name="frame.number" showname="Frame Number: 27" size="0" pos="0" show="27"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0x0b8a (2954)" size="2" pos="18" show="0x0b8a" value="0b8a"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x3118 [correct]" size="2" pos="24" show="0x3118" value="3118"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="3118"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="3118"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55129 (55129), Seq: 37, Ack: 61, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55129 (55129)" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 37 (relative sequence number)" size="4" pos="38" show="37" value="4e0a7b67"/> + <field name="tcp.nxtseq" showname="Next sequence number: 69 (relative sequence number)" size="0" pos="34" show="69"/> + <field name="tcp.ack" showname="Acknowledgment number: 61 (relative ack number)" size="4" pos="42" show="61" value="903bc569"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:d4:5a:bb:70:d0" value="0101080a5abb70d45abb70d0"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233556, TSecr 1522233552" size="10" pos="56" value="080a5abb70d45abb70d0"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233556" size="4" pos="58" show="1522233556" value="5abb70d4"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233552" size="4" pos="62" show="1522233552" value="5abb70d0"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 26" size="0" pos="34" show="26"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004387000 seconds" size="0" pos="34" show="0.004387000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000001000000010000000000000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_ret" showname="remote_connect_supports_feature_ret" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_ret.supported" showname="supported: 1" size="4" pos="94" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="122"> + <field name="num" pos="0" show="28" showname="Number" value="1c" size="122"/> + <field name="len" pos="0" show="122" showname="Frame Length" value="7a" size="122"/> + <field name="caplen" pos="0" show="122" showname="Captured Length" value="7a" size="122"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.405058000 JST" showname="Captured Time" value="1379477225.405058000" size="122"/> + </proto> + <proto name="frame" showname="Frame 28: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) on interface 0" size="122" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.405058000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.405058000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.405058000 seconds" size="0" pos="0" show="1379477225.405058000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000306000 seconds" size="0" pos="0" show="0.000306000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000306000 seconds" size="0" pos="0" show="0.000306000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.094336000 seconds" size="0" pos="0" show="0.094336000"/> + <field name="frame.number" showname="Frame Number: 28" size="0" pos="0" show="28"/> + <field name="frame.len" showname="Frame Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.cap_len" showname="Capture Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 108" size="2" pos="16" show="108" value="006c"/> + <field name="ip.id" showname="Identification: 0xb5eb (46571)" size="2" pos="18" show="0xb5eb" value="b5eb"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x869e [correct]" size="2" pos="24" show="0x869e" value="869e"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="869e"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="869e"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55129 (55129), Dst Port: 16509 (16509), Seq: 61, Ack: 69, Len: 56" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55129 (55129)" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 56" hide="yes" size="1" pos="46" show="56" value="80"/> + <field name="tcp.seq" showname="Sequence number: 61 (relative sequence number)" size="4" pos="38" show="61" value="903bc569"/> + <field name="tcp.nxtseq" showname="Next sequence number: 117 (relative sequence number)" size="0" pos="34" show="117"/> + <field name="tcp.ack" showname="Acknowledgment number: 69 (relative ack number)" size="4" pos="42" show="69" value="4e0a7b87"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe60 [validation disabled]" size="2" pos="50" show="0xfe60" value="fe60"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe60"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe60"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:d5:5a:bb:70:d4" value="0101080a5abb70d55abb70d4"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233557, TSecr 1522233556" size="10" pos="56" value="080a5abb70d55abb70d4"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233557" size="4" pos="58" show="1522233557" value="5abb70d5"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233556" size="4" pos="62" show="1522233556" value="5abb70d4"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 27" size="0" pos="34" show="27"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000306000 seconds" size="0" pos="34" show="0.000306000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 56" size="0" pos="34" show="56"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 56" size="56" pos="66" show="56" value="00000038200080860000000100000001000000000000000200000000000000010000000f71656d753a2f2f2f73657373696f6e0000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="56" pos="66"> + <field name="libvirt.length" showname="length: 56" size="4" pos="66" show="56" value="00000038"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_open_args" showname="remote_connect_open_args" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_connect_open_args.name" showname="name: (null)" size="4" pos="94" show="" value=""/> + <field name="libvirt.remote_connect_open_args.flags" showname="flags: 15" size="4" pos="98" show="15" value="0000000f"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="29" showname="Number" value="1d" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.409810000 JST" showname="Captured Time" value="1379477225.409810000" size="94"/> + </proto> + <proto name="frame" showname="Frame 29: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.409810000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.409810000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.409810000 seconds" size="0" pos="0" show="1379477225.409810000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004752000 seconds" size="0" pos="0" show="0.004752000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004752000 seconds" size="0" pos="0" show="0.004752000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.099088000 seconds" size="0" pos="0" show="0.099088000"/> + <field name="frame.number" showname="Frame Number: 29" size="0" pos="0" show="29"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0x0b8b (2955)" size="2" pos="18" show="0x0b8b" value="0b8b"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x311b [correct]" size="2" pos="24" show="0x311b" value="311b"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="311b"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="311b"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55129 (55129), Seq: 69, Ack: 117, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55129 (55129)" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 69 (relative sequence number)" size="4" pos="38" show="69" value="4e0a7b87"/> + <field name="tcp.nxtseq" showname="Next sequence number: 97 (relative sequence number)" size="0" pos="34" show="97"/> + <field name="tcp.ack" showname="Acknowledgment number: 117 (relative ack number)" size="4" pos="42" show="117" value="903bc5a1"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:d9:5a:bb:70:d5" value="0101080a5abb70d95abb70d5"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233561, TSecr 1522233557" size="10" pos="56" value="080a5abb70d95abb70d5"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233561" size="4" pos="58" show="1522233561" value="5abb70d9"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233557" size="4" pos="62" show="1522233557" value="5abb70d5"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 28" size="0" pos="34" show="28"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004752000 seconds" size="0" pos="34" show="0.004752000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000001000000010000000200000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="106"> + <field name="num" pos="0" show="30" showname="Number" value="1e" size="106"/> + <field name="len" pos="0" show="106" showname="Frame Length" value="6a" size="106"/> + <field name="caplen" pos="0" show="106" showname="Captured Length" value="6a" size="106"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.410298000 JST" showname="Captured Time" value="1379477225.410298000" size="106"/> + </proto> + <proto name="frame" showname="Frame 30: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0" size="106" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.410298000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.410298000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.410298000 seconds" size="0" pos="0" show="1379477225.410298000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000488000 seconds" size="0" pos="0" show="0.000488000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000488000 seconds" size="0" pos="0" show="0.000488000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.099576000 seconds" size="0" pos="0" show="0.099576000"/> + <field name="frame.number" showname="Frame Number: 30" size="0" pos="0" show="30"/> + <field name="frame.len" showname="Frame Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.cap_len" showname="Capture Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 92" size="2" pos="16" show="92" value="005c"/> + <field name="ip.id" showname="Identification: 0xb5ec (46572)" size="2" pos="18" show="0xb5ec" value="b5ec"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x86ad [correct]" size="2" pos="24" show="0x86ad" value="86ad"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="86ad"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="86ad"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55129 (55129), Dst Port: 16509 (16509), Seq: 117, Ack: 97, Len: 40" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55129 (55129)" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 40" hide="yes" size="1" pos="46" show="40" value="80"/> + <field name="tcp.seq" showname="Sequence number: 117 (relative sequence number)" size="4" pos="38" show="117" value="903bc5a1"/> + <field name="tcp.nxtseq" showname="Next sequence number: 157 (relative sequence number)" size="0" pos="34" show="157"/> + <field name="tcp.ack" showname="Acknowledgment number: 97 (relative ack number)" size="4" pos="42" show="97" value="4e0a7ba3"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe50 [validation disabled]" size="2" pos="50" show="0xfe50" value="fe50"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe50"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe50"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:da:5a:bb:70:d9" value="0101080a5abb70da5abb70d9"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233562, TSecr 1522233561" size="10" pos="56" value="080a5abb70da5abb70d9"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233562" size="4" pos="58" show="1522233562" value="5abb70da"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233561" size="4" pos="62" show="1522233561" value="5abb70d9"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 29" size="0" pos="34" show="29"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000488000 seconds" size="0" pos="34" show="0.000488000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 40" size="0" pos="34" show="40"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 40" size="40" pos="66" show="40" value="00000028200080860000000100000125000000000000000300000000000000010000000100000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="40" pos="66"> + <field name="libvirt.length" showname="length: 40" size="4" pos="66" show="40" value="00000028"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: NODE_GET_CPU_MAP (293)" size="4" pos="78" show="293" value="00000125"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_args" showname="remote_node_get_cpu_map_args" size="12" pos="94" show="" value=""> + <field name="libvirt.remote_node_get_cpu_map_args.need_map" showname="need_map: 1" size="4" pos="94" show="1" value="00000001"/> + <field name="libvirt.remote_node_get_cpu_map_args.need_online" showname="need_online: 1" size="4" pos="98" show="1" value="00000001"/> + <field name="libvirt.remote_node_get_cpu_map_args.flags" showname="flags: 0" size="4" pos="102" show="0" value="00000000"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="110"> + <field name="num" pos="0" show="31" showname="Number" value="1f" size="110"/> + <field name="len" pos="0" show="110" showname="Frame Length" value="6e" size="110"/> + <field name="caplen" pos="0" show="110" showname="Captured Length" value="6e" size="110"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.414526000 JST" showname="Captured Time" value="1379477225.414526000" size="110"/> + </proto> + <proto name="frame" showname="Frame 31: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0" size="110" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.414526000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.414526000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.414526000 seconds" size="0" pos="0" show="1379477225.414526000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004228000 seconds" size="0" pos="0" show="0.004228000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004228000 seconds" size="0" pos="0" show="0.004228000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.103804000 seconds" size="0" pos="0" show="0.103804000"/> + <field name="frame.number" showname="Frame Number: 31" size="0" pos="0" show="31"/> + <field name="frame.len" showname="Frame Length: 110 bytes (880 bits)" size="0" pos="0" show="110"/> + <field name="frame.cap_len" showname="Capture Length: 110 bytes (880 bits)" size="0" pos="0" show="110"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 96" size="2" pos="16" show="96" value="0060"/> + <field name="ip.id" showname="Identification: 0x0b8c (2956)" size="2" pos="18" show="0x0b8c" value="0b8c"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x310a [correct]" size="2" pos="24" show="0x310a" value="310a"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="310a"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="310a"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55129 (55129), Seq: 97, Ack: 157, Len: 44" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55129 (55129)" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 44" hide="yes" size="1" pos="46" show="44" value="80"/> + <field name="tcp.seq" showname="Sequence number: 97 (relative sequence number)" size="4" pos="38" show="97" value="4e0a7ba3"/> + <field name="tcp.nxtseq" showname="Next sequence number: 141 (relative sequence number)" size="0" pos="34" show="141"/> + <field name="tcp.ack" showname="Acknowledgment number: 157 (relative ack number)" size="4" pos="42" show="157" value="903bc5c9"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe54 [validation disabled]" size="2" pos="50" show="0xfe54" value="fe54"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe54"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe54"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:de:5a:bb:70:da" value="0101080a5abb70de5abb70da"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233566, TSecr 1522233562" size="10" pos="56" value="080a5abb70de5abb70da"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233566" size="4" pos="58" show="1522233566" value="5abb70de"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233562" size="4" pos="62" show="1522233562" value="5abb70da"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 30" size="0" pos="34" show="30"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004228000 seconds" size="0" pos="34" show="0.004228000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 44" size="0" pos="34" show="44"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 44" size="44" pos="66" show="44" value="0000002c20008086000000010000012500000001000000030000000000000001ff0000000000000800000008"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="44" pos="66"> + <field name="libvirt.length" showname="length: 44" size="4" pos="66" show="44" value="0000002c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: NODE_GET_CPU_MAP (293)" size="4" pos="78" show="293" value="00000125"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_ret" showname="remote_node_get_cpu_map_ret" size="16" pos="94" show="" value=""> + <field name="libvirt.remote_node_get_cpu_map_ret.cpumap" showname="cpumap: ff" size="8" pos="94" show="00:00:00:01:ff:00:00:00" value="00000001ff000000"/> + <field name="libvirt.remote_node_get_cpu_map_ret.online" showname="online: 8" size="4" pos="102" show="8" value="00000008"/> + <field name="libvirt.remote_node_get_cpu_map_ret.ret" showname="ret: 8" size="4" pos="106" show="8" value="00000008"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="32" showname="Number" value="20" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.414966000 JST" showname="Captured Time" value="1379477225.414966000" size="94"/> + </proto> + <proto name="frame" showname="Frame 32: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.414966000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.414966000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.414966000 seconds" size="0" pos="0" show="1379477225.414966000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000440000 seconds" size="0" pos="0" show="0.000440000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000440000 seconds" size="0" pos="0" show="0.000440000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.104244000 seconds" size="0" pos="0" show="0.104244000"/> + <field name="frame.number" showname="Frame Number: 32" size="0" pos="0" show="32"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xb5ed (46573)" size="2" pos="18" show="0xb5ed" value="b5ed"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x86b8 [correct]" size="2" pos="24" show="0x86b8" value="86b8"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="86b8"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="86b8"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55129 (55129), Dst Port: 16509 (16509), Seq: 157, Ack: 141, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55129 (55129)" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="34" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 157 (relative sequence number)" size="4" pos="38" show="157" value="903bc5c9"/> + <field name="tcp.nxtseq" showname="Next sequence number: 185 (relative sequence number)" size="0" pos="34" show="185"/> + <field name="tcp.ack" showname="Acknowledgment number: 141 (relative ack number)" size="4" pos="42" show="141" value="4e0a7bcf"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:de:5a:bb:70:de" value="0101080a5abb70de5abb70de"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233566, TSecr 1522233566" size="10" pos="56" value="080a5abb70de5abb70de"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233566" size="4" pos="58" show="1522233566" value="5abb70de"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233566" size="4" pos="62" show="1522233566" value="5abb70de"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 31" size="0" pos="34" show="31"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000440000 seconds" size="0" pos="34" show="0.000440000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000000000000400000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="33" showname="Number" value="21" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.419210000 JST" showname="Captured Time" value="1379477225.419210000" size="94"/> + </proto> + <proto name="frame" showname="Frame 33: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.419210000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.419210000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.419210000 seconds" size="0" pos="0" show="1379477225.419210000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004244000 seconds" size="0" pos="0" show="0.004244000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004244000 seconds" size="0" pos="0" show="0.004244000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.108488000 seconds" size="0" pos="0" show="0.108488000"/> + <field name="frame.number" showname="Frame Number: 33" size="0" pos="0" show="33"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0x0b8d (2957)" size="2" pos="18" show="0x0b8d" value="0b8d"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x3119 [correct]" size="2" pos="24" show="0x3119" value="3119"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="3119"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="3119"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55129 (55129), Seq: 141, Ack: 185, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55129 (55129)" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55129" hide="yes" size="2" pos="36" show="55129" value="d759"/> + <field name="tcp.stream" showname="Stream index: 1" size="0" pos="34" show="1"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 141 (relative sequence number)" size="4" pos="38" show="141" value="4e0a7bcf"/> + <field name="tcp.nxtseq" showname="Next sequence number: 169 (relative sequence number)" size="0" pos="34" show="169"/> + <field name="tcp.ack" showname="Acknowledgment number: 185 (relative ack number)" size="4" pos="42" show="185" value="903bc5e5"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:e3:5a:bb:70:de" value="0101080a5abb70e35abb70de"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233571, TSecr 1522233566" size="10" pos="56" value="080a5abb70e35abb70de"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233571" size="4" pos="58" show="1522233571" value="5abb70e3"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233566" size="4" pos="62" show="1522233566" value="5abb70de"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 32" size="0" pos="34" show="32"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004244000 seconds" size="0" pos="34" show="0.004244000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000010000000400000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="40" showname="Number" value="28" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.431889000 JST" showname="Captured Time" value="1379477225.431889000" size="94"/> + </proto> + <proto name="frame" showname="Frame 40: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.431889000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.431889000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.431889000 seconds" size="0" pos="0" show="1379477225.431889000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000298000 seconds" size="0" pos="0" show="0.000298000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.012679000 seconds" size="0" pos="0" show="0.012679000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.121167000 seconds" size="0" pos="0" show="0.121167000"/> + <field name="frame.number" showname="Frame Number: 40" size="0" pos="0" show="40"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xe824 (59428)" size="2" pos="18" show="0xe824" value="e824"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x5481 [correct]" size="2" pos="24" show="0x5481" value="5481"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="5481"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="5481"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 1, Ack: 1, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="0cb698ce"/> + <field name="tcp.nxtseq" showname="Next sequence number: 29 (relative sequence number)" size="0" pos="34" show="29"/> + <field name="tcp.ack" showname="Acknowledgment number: 1 (relative ack number)" size="4" pos="42" show="1" value="ff63beb8"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:ef:5a:bb:70:ef" value="0101080a5abb70ef5abb70ef"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233583, TSecr 1522233583" size="10" pos="56" value="080a5abb70ef5abb70ef"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233583" size="4" pos="58" show="1522233583" value="5abb70ef"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233583" size="4" pos="62" show="1522233583" value="5abb70ef"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000042000000000000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="102"> + <field name="num" pos="0" show="42" showname="Number" value="2a" size="102"/> + <field name="len" pos="0" show="102" showname="Frame Length" value="66" size="102"/> + <field name="caplen" pos="0" show="102" showname="Captured Length" value="66" size="102"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.434102000 JST" showname="Captured Time" value="1379477225.434102000" size="102"/> + </proto> + <proto name="frame" showname="Frame 42: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0" size="102" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.434102000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.434102000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.434102000 seconds" size="0" pos="0" show="1379477225.434102000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.002206000 seconds" size="0" pos="0" show="0.002206000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.002213000 seconds" size="0" pos="0" show="0.002213000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.123380000 seconds" size="0" pos="0" show="0.123380000"/> + <field name="frame.number" showname="Frame Number: 42" size="0" pos="0" show="42"/> + <field name="frame.len" showname="Frame Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.cap_len" showname="Capture Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 88" size="2" pos="16" show="88" value="0058"/> + <field name="ip.id" showname="Identification: 0xce58 (52824)" size="2" pos="18" show="0xce58" value="ce58"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e45 [correct]" size="2" pos="24" show="0x6e45" value="6e45"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e45"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e45"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 1, Ack: 29, Len: 36" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 36" hide="yes" size="1" pos="46" show="36" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="ff63beb8"/> + <field name="tcp.nxtseq" showname="Next sequence number: 37 (relative sequence number)" size="0" pos="34" show="37"/> + <field name="tcp.ack" showname="Acknowledgment number: 29 (relative ack number)" size="4" pos="42" show="29" value="0cb698ea"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe4c [validation disabled]" size="2" pos="50" show="0xfe4c" value="fe4c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:f2:5a:bb:70:ef" value="0101080a5abb70f25abb70ef"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233586, TSecr 1522233583" size="10" pos="56" value="080a5abb70f25abb70ef"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233586" size="4" pos="58" show="1522233586" value="5abb70f2"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233583" size="4" pos="62" show="1522233583" value="5abb70ef"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 36" size="0" pos="34" show="36"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 36" size="36" pos="66" show="36" value="000000242000808600000001000000420000000100000000000000000000000100000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="36" pos="66"> + <field name="libvirt.length" showname="length: 36" size="4" pos="66" show="36" value="00000024"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_auth_list_ret" showname="remote_auth_list_ret" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types" showname="types :: remote_auth_type<1>" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types.types" showname="types: REMOTE_AUTH_NONE(0)" size="4" pos="98" show="0" value="00000000"/> + </field> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="44" showname="Number" value="2c" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.434243000 JST" showname="Captured Time" value="1379477225.434243000" size="98"/> + </proto> + <proto name="frame" showname="Frame 44: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.434243000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.434243000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.434243000 seconds" size="0" pos="0" show="1379477225.434243000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000133000 seconds" size="0" pos="0" show="0.000133000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000141000 seconds" size="0" pos="0" show="0.000141000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.123521000 seconds" size="0" pos="0" show="0.123521000"/> + <field name="frame.number" showname="Frame Number: 44" size="0" pos="0" show="44"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xe826 (59430)" size="2" pos="18" show="0xe826" value="e826"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x547b [correct]" size="2" pos="24" show="0x547b" value="547b"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="547b"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="547b"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 29, Ack: 37, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 29 (relative sequence number)" size="4" pos="38" show="29" value="0cb698ea"/> + <field name="tcp.nxtseq" showname="Next sequence number: 61 (relative sequence number)" size="0" pos="34" show="61"/> + <field name="tcp.ack" showname="Acknowledgment number: 37 (relative ack number)" size="4" pos="42" show="37" value="ff63bedc"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:f2:5a:bb:70:f2" value="0101080a5abb70f25abb70f2"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233586, TSecr 1522233586" size="10" pos="56" value="080a5abb70f25abb70f2"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233586" size="4" pos="58" show="1522233586" value="5abb70f2"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233586" size="4" pos="62" show="1522233586" value="5abb70f2"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c0000000000000001000000000000000a"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_args" showname="remote_connect_supports_feature_args" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_args.feature" showname="feature: 10" size="4" pos="94" show="10" value="0000000a"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="45" showname="Number" value="2d" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.438638000 JST" showname="Captured Time" value="1379477225.438638000" size="98"/> + </proto> + <proto name="frame" showname="Frame 45: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.438638000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.438638000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.438638000 seconds" size="0" pos="0" show="1379477225.438638000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004395000 seconds" size="0" pos="0" show="0.004395000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004395000 seconds" size="0" pos="0" show="0.004395000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.127916000 seconds" size="0" pos="0" show="0.127916000"/> + <field name="frame.number" showname="Frame Number: 45" size="0" pos="0" show="45"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xce59 (52825)" size="2" pos="18" show="0xce59" value="ce59"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e48 [correct]" size="2" pos="24" show="0x6e48" value="6e48"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e48"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e48"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 37, Ack: 61, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 37 (relative sequence number)" size="4" pos="38" show="37" value="ff63bedc"/> + <field name="tcp.nxtseq" showname="Next sequence number: 69 (relative sequence number)" size="0" pos="34" show="69"/> + <field name="tcp.ack" showname="Acknowledgment number: 61 (relative ack number)" size="4" pos="42" show="61" value="0cb6990a"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:f6:5a:bb:70:f2" value="0101080a5abb70f65abb70f2"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233590, TSecr 1522233586" size="10" pos="56" value="080a5abb70f65abb70f2"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233590" size="4" pos="58" show="1522233590" value="5abb70f6"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233586" size="4" pos="62" show="1522233586" value="5abb70f2"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 44" size="0" pos="34" show="44"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004395000 seconds" size="0" pos="34" show="0.004395000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000001000000010000000000000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_ret" showname="remote_connect_supports_feature_ret" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_ret.supported" showname="supported: 1" size="4" pos="94" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="122"> + <field name="num" pos="0" show="46" showname="Number" value="2e" size="122"/> + <field name="len" pos="0" show="122" showname="Frame Length" value="7a" size="122"/> + <field name="caplen" pos="0" show="122" showname="Captured Length" value="7a" size="122"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.438946000 JST" showname="Captured Time" value="1379477225.438946000" size="122"/> + </proto> + <proto name="frame" showname="Frame 46: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) on interface 0" size="122" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.438946000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.438946000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.438946000 seconds" size="0" pos="0" show="1379477225.438946000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000308000 seconds" size="0" pos="0" show="0.000308000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000308000 seconds" size="0" pos="0" show="0.000308000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.128224000 seconds" size="0" pos="0" show="0.128224000"/> + <field name="frame.number" showname="Frame Number: 46" size="0" pos="0" show="46"/> + <field name="frame.len" showname="Frame Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.cap_len" showname="Capture Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 108" size="2" pos="16" show="108" value="006c"/> + <field name="ip.id" showname="Identification: 0xe827 (59431)" size="2" pos="18" show="0xe827" value="e827"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x5462 [correct]" size="2" pos="24" show="0x5462" value="5462"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="5462"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="5462"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 61, Ack: 69, Len: 56" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 56" hide="yes" size="1" pos="46" show="56" value="80"/> + <field name="tcp.seq" showname="Sequence number: 61 (relative sequence number)" size="4" pos="38" show="61" value="0cb6990a"/> + <field name="tcp.nxtseq" showname="Next sequence number: 117 (relative sequence number)" size="0" pos="34" show="117"/> + <field name="tcp.ack" showname="Acknowledgment number: 69 (relative ack number)" size="4" pos="42" show="69" value="ff63befc"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe60 [validation disabled]" size="2" pos="50" show="0xfe60" value="fe60"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe60"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe60"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:f6:5a:bb:70:f6" value="0101080a5abb70f65abb70f6"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233590, TSecr 1522233590" size="10" pos="56" value="080a5abb70f65abb70f6"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233590" size="4" pos="58" show="1522233590" value="5abb70f6"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233590" size="4" pos="62" show="1522233590" value="5abb70f6"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 45" size="0" pos="34" show="45"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000308000 seconds" size="0" pos="34" show="0.000308000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 56" size="0" pos="34" show="56"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 56" size="56" pos="66" show="56" value="00000038200080860000000100000001000000000000000200000000000000010000000f71656d753a2f2f2f73657373696f6e0000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="56" pos="66"> + <field name="libvirt.length" showname="length: 56" size="4" pos="66" show="56" value="00000038"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_open_args" showname="remote_connect_open_args" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_connect_open_args.name" showname="name: (null)" size="4" pos="94" show="" value=""/> + <field name="libvirt.remote_connect_open_args.flags" showname="flags: 15" size="4" pos="98" show="15" value="0000000f"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="47" showname="Number" value="2f" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.444153000 JST" showname="Captured Time" value="1379477225.444153000" size="94"/> + </proto> + <proto name="frame" showname="Frame 47: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.444153000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.444153000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.444153000 seconds" size="0" pos="0" show="1379477225.444153000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.005207000 seconds" size="0" pos="0" show="0.005207000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.005207000 seconds" size="0" pos="0" show="0.005207000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.133431000 seconds" size="0" pos="0" show="0.133431000"/> + <field name="frame.number" showname="Frame Number: 47" size="0" pos="0" show="47"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xce5a (52826)" size="2" pos="18" show="0xce5a" value="ce5a"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e4b [correct]" size="2" pos="24" show="0x6e4b" value="6e4b"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e4b"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e4b"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 69, Ack: 117, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 69 (relative sequence number)" size="4" pos="38" show="69" value="ff63befc"/> + <field name="tcp.nxtseq" showname="Next sequence number: 97 (relative sequence number)" size="0" pos="34" show="97"/> + <field name="tcp.ack" showname="Acknowledgment number: 117 (relative ack number)" size="4" pos="42" show="117" value="0cb69942"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:70:fc:5a:bb:70:f6" value="0101080a5abb70fc5abb70f6"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233596, TSecr 1522233590" size="10" pos="56" value="080a5abb70fc5abb70f6"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233596" size="4" pos="58" show="1522233596" value="5abb70fc"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233590" size="4" pos="62" show="1522233590" value="5abb70f6"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 46" size="0" pos="34" show="46"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.005207000 seconds" size="0" pos="34" show="0.005207000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000001000000010000000200000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="106"> + <field name="num" pos="0" show="48" showname="Number" value="30" size="106"/> + <field name="len" pos="0" show="106" showname="Frame Length" value="6a" size="106"/> + <field name="caplen" pos="0" show="106" showname="Captured Length" value="6a" size="106"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.457730000 JST" showname="Captured Time" value="1379477225.457730000" size="106"/> + </proto> + <proto name="frame" showname="Frame 48: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0" size="106" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.457730000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.457730000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.457730000 seconds" size="0" pos="0" show="1379477225.457730000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.013577000 seconds" size="0" pos="0" show="0.013577000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.013577000 seconds" size="0" pos="0" show="0.013577000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.147008000 seconds" size="0" pos="0" show="0.147008000"/> + <field name="frame.number" showname="Frame Number: 48" size="0" pos="0" show="48"/> + <field name="frame.len" showname="Frame Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.cap_len" showname="Capture Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 92" size="2" pos="16" show="92" value="005c"/> + <field name="ip.id" showname="Identification: 0xe828 (59432)" size="2" pos="18" show="0xe828" value="e828"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x5471 [correct]" size="2" pos="24" show="0x5471" value="5471"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="5471"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="5471"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 117, Ack: 97, Len: 40" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 40" hide="yes" size="1" pos="46" show="40" value="80"/> + <field name="tcp.seq" showname="Sequence number: 117 (relative sequence number)" size="4" pos="38" show="117" value="0cb69942"/> + <field name="tcp.nxtseq" showname="Next sequence number: 157 (relative sequence number)" size="0" pos="34" show="157"/> + <field name="tcp.ack" showname="Acknowledgment number: 97 (relative ack number)" size="4" pos="42" show="97" value="ff63bf18"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe50 [validation disabled]" size="2" pos="50" show="0xfe50" value="fe50"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe50"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe50"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:09:5a:bb:70:fc" value="0101080a5abb71095abb70fc"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233609, TSecr 1522233596" size="10" pos="56" value="080a5abb71095abb70fc"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233609" size="4" pos="58" show="1522233609" value="5abb7109"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233596" size="4" pos="62" show="1522233596" value="5abb70fc"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 47" size="0" pos="34" show="47"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.013577000 seconds" size="0" pos="34" show="0.013577000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 40" size="0" pos="34" show="40"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 40" size="40" pos="66" show="40" value="0000002820008086000000010000001700000000000000030000000000000007646f6d61696e3100"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="40" pos="66"> + <field name="libvirt.length" showname="length: 40" size="4" pos="66" show="40" value="00000028"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_LOOKUP_BY_NAME (23)" size="4" pos="78" show="23" value="00000017"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_lookup_by_name_args" showname="remote_domain_lookup_by_name_args" size="12" pos="94" show="" value=""> + <field name="libvirt.remote_domain_lookup_by_name_args.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="126"> + <field name="num" pos="0" show="49" showname="Number" value="31" size="126"/> + <field name="len" pos="0" show="126" showname="Frame Length" value="7e" size="126"/> + <field name="caplen" pos="0" show="126" showname="Captured Length" value="7e" size="126"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.459820000 JST" showname="Captured Time" value="1379477225.459820000" size="126"/> + </proto> + <proto name="frame" showname="Frame 49: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0" size="126" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.459820000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.459820000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.459820000 seconds" size="0" pos="0" show="1379477225.459820000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.002090000 seconds" size="0" pos="0" show="0.002090000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.002090000 seconds" size="0" pos="0" show="0.002090000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.149098000 seconds" size="0" pos="0" show="0.149098000"/> + <field name="frame.number" showname="Frame Number: 49" size="0" pos="0" show="49"/> + <field name="frame.len" showname="Frame Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.cap_len" showname="Capture Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 112" size="2" pos="16" show="112" value="0070"/> + <field name="ip.id" showname="Identification: 0xce5b (52827)" size="2" pos="18" show="0xce5b" value="ce5b"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e2a [correct]" size="2" pos="24" show="0x6e2a" value="6e2a"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e2a"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e2a"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 97, Ack: 157, Len: 60" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 60" hide="yes" size="1" pos="46" show="60" value="80"/> + <field name="tcp.seq" showname="Sequence number: 97 (relative sequence number)" size="4" pos="38" show="97" value="ff63bf18"/> + <field name="tcp.nxtseq" showname="Next sequence number: 157 (relative sequence number)" size="0" pos="34" show="157"/> + <field name="tcp.ack" showname="Acknowledgment number: 157 (relative ack number)" size="4" pos="42" show="157" value="0cb6996a"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe64 [validation disabled]" size="2" pos="50" show="0xfe64" value="fe64"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe64"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe64"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:0b:5a:bb:71:09" value="0101080a5abb710b5abb7109"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233611, TSecr 1522233609" size="10" pos="56" value="080a5abb710b5abb7109"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233611" size="4" pos="58" show="1522233611" value="5abb710b"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233609" size="4" pos="62" show="1522233609" value="5abb7109"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 48" size="0" pos="34" show="48"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.002090000 seconds" size="0" pos="34" show="0.002090000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 60" size="0" pos="34" show="60"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 60" size="60" pos="66" show="60" value="0000003c20008086000000010000001700000001000000030000000000000007646f6d61696e31004c8b6b6d0a2907334b8398a02c3a4710ffffffff"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="60" pos="66"> + <field name="libvirt.length" showname="length: 60" size="4" pos="66" show="60" value="0000003c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_LOOKUP_BY_NAME (23)" size="4" pos="78" show="23" value="00000017"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_lookup_by_name_ret" showname="remote_domain_lookup_by_name_ret" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_domain_lookup_by_name_ret.dom" showname="dom :: remote_nonnull_domain" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_nonnull_domain.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + <field name="libvirt.remote_nonnull_domain.uuid" showname="uuid: 4c8b6b6d0a2907334b8398a02c3a4710" size="16" pos="106" show="4c:8b:6b:6d:0a:29:07:33:4b:83:98:a0:2c:3a:47:10" value="4c8b6b6d0a2907334b8398a02c3a4710"/> + <field name="libvirt.remote_nonnull_domain.id" showname="id: -1" size="4" pos="122" show="-1" value="ffffffff"/> + </field> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="106"> + <field name="num" pos="0" show="50" showname="Number" value="32" size="106"/> + <field name="len" pos="0" show="106" showname="Frame Length" value="6a" size="106"/> + <field name="caplen" pos="0" show="106" showname="Captured Length" value="6a" size="106"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.460059000 JST" showname="Captured Time" value="1379477225.460059000" size="106"/> + </proto> + <proto name="frame" showname="Frame 50: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0" size="106" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.460059000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.460059000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.460059000 seconds" size="0" pos="0" show="1379477225.460059000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000239000 seconds" size="0" pos="0" show="0.000239000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000239000 seconds" size="0" pos="0" show="0.000239000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.149337000 seconds" size="0" pos="0" show="0.149337000"/> + <field name="frame.number" showname="Frame Number: 50" size="0" pos="0" show="50"/> + <field name="frame.len" showname="Frame Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.cap_len" showname="Capture Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 92" size="2" pos="16" show="92" value="005c"/> + <field name="ip.id" showname="Identification: 0xe829 (59433)" size="2" pos="18" show="0xe829" value="e829"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x5470 [correct]" size="2" pos="24" show="0x5470" value="5470"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="5470"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="5470"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 157, Ack: 157, Len: 40" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 40" hide="yes" size="1" pos="46" show="40" value="80"/> + <field name="tcp.seq" showname="Sequence number: 157 (relative sequence number)" size="4" pos="38" show="157" value="0cb6996a"/> + <field name="tcp.nxtseq" showname="Next sequence number: 197 (relative sequence number)" size="0" pos="34" show="197"/> + <field name="tcp.ack" showname="Acknowledgment number: 157 (relative ack number)" size="4" pos="42" show="157" value="ff63bf54"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe50 [validation disabled]" size="2" pos="50" show="0xfe50" value="fe50"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe50"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe50"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:0c:5a:bb:71:0b" value="0101080a5abb710c5abb710b"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233612, TSecr 1522233611" size="10" pos="56" value="080a5abb710c5abb710b"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233612" size="4" pos="58" show="1522233612" value="5abb710c"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233611" size="4" pos="62" show="1522233611" value="5abb710b"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 49" size="0" pos="34" show="49"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000239000 seconds" size="0" pos="34" show="0.000239000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 40" size="0" pos="34" show="40"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 40" size="40" pos="66" show="40" value="00000028200080860000000100000125000000000000000400000000000000000000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="40" pos="66"> + <field name="libvirt.length" showname="length: 40" size="4" pos="66" show="40" value="00000028"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: NODE_GET_CPU_MAP (293)" size="4" pos="78" show="293" value="00000125"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_args" showname="remote_node_get_cpu_map_args" size="12" pos="94" show="" value=""> + <field name="libvirt.remote_node_get_cpu_map_args.need_map" showname="need_map: 0" size="4" pos="94" show="0" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_args.need_online" showname="need_online: 0" size="4" pos="98" show="0" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_args.flags" showname="flags: 0" size="4" pos="102" show="0" value="00000000"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="106"> + <field name="num" pos="0" show="51" showname="Number" value="33" size="106"/> + <field name="len" pos="0" show="106" showname="Frame Length" value="6a" size="106"/> + <field name="caplen" pos="0" show="106" showname="Captured Length" value="6a" size="106"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.464280000 JST" showname="Captured Time" value="1379477225.464280000" size="106"/> + </proto> + <proto name="frame" showname="Frame 51: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0" size="106" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.464280000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.464280000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.464280000 seconds" size="0" pos="0" show="1379477225.464280000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004221000 seconds" size="0" pos="0" show="0.004221000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004221000 seconds" size="0" pos="0" show="0.004221000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.153558000 seconds" size="0" pos="0" show="0.153558000"/> + <field name="frame.number" showname="Frame Number: 51" size="0" pos="0" show="51"/> + <field name="frame.len" showname="Frame Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.cap_len" showname="Capture Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 92" size="2" pos="16" show="92" value="005c"/> + <field name="ip.id" showname="Identification: 0xce5c (52828)" size="2" pos="18" show="0xce5c" value="ce5c"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e3d [correct]" size="2" pos="24" show="0x6e3d" value="6e3d"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e3d"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e3d"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 157, Ack: 197, Len: 40" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 40" hide="yes" size="1" pos="46" show="40" value="80"/> + <field name="tcp.seq" showname="Sequence number: 157 (relative sequence number)" size="4" pos="38" show="157" value="ff63bf54"/> + <field name="tcp.nxtseq" showname="Next sequence number: 197 (relative sequence number)" size="0" pos="34" show="197"/> + <field name="tcp.ack" showname="Acknowledgment number: 197 (relative ack number)" size="4" pos="42" show="197" value="0cb69992"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe50 [validation disabled]" size="2" pos="50" show="0xfe50" value="fe50"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe50"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe50"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:10:5a:bb:71:0c" value="0101080a5abb71105abb710c"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233616, TSecr 1522233612" size="10" pos="56" value="080a5abb71105abb710c"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233616" size="4" pos="58" show="1522233616" value="5abb7110"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233612" size="4" pos="62" show="1522233612" value="5abb710c"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 50" size="0" pos="34" show="50"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004221000 seconds" size="0" pos="34" show="0.004221000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 40" size="0" pos="34" show="40"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 40" size="40" pos="66" show="40" value="00000028200080860000000100000125000000010000000400000000000000000000000000000008"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="40" pos="66"> + <field name="libvirt.length" showname="length: 40" size="4" pos="66" show="40" value="00000028"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: NODE_GET_CPU_MAP (293)" size="4" pos="78" show="293" value="00000125"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_ret" showname="remote_node_get_cpu_map_ret" size="12" pos="94" show="" value=""> + <field name="libvirt.remote_node_get_cpu_map_ret.cpumap" showname="cpumap: " size="4" pos="94" show="00:00:00:00" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_ret.online" showname="online: 0" size="4" pos="98" show="0" value="00000000"/> + <field name="libvirt.remote_node_get_cpu_map_ret.ret" showname="ret: 8" size="4" pos="102" show="8" value="00000008"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="126"> + <field name="num" pos="0" show="52" showname="Number" value="34" size="126"/> + <field name="len" pos="0" show="126" showname="Frame Length" value="7e" size="126"/> + <field name="caplen" pos="0" show="126" showname="Captured Length" value="7e" size="126"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.473575000 JST" showname="Captured Time" value="1379477225.473575000" size="126"/> + </proto> + <proto name="frame" showname="Frame 52: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0" size="126" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.473575000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.473575000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.473575000 seconds" size="0" pos="0" show="1379477225.473575000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.009295000 seconds" size="0" pos="0" show="0.009295000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.009295000 seconds" size="0" pos="0" show="0.009295000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.162853000 seconds" size="0" pos="0" show="0.162853000"/> + <field name="frame.number" showname="Frame Number: 52" size="0" pos="0" show="52"/> + <field name="frame.len" showname="Frame Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.cap_len" showname="Capture Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 112" size="2" pos="16" show="112" value="0070"/> + <field name="ip.id" showname="Identification: 0xe82a (59434)" size="2" pos="18" show="0xe82a" value="e82a"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x545b [correct]" size="2" pos="24" show="0x545b" value="545b"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="545b"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="545b"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 197, Ack: 197, Len: 60" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 60" hide="yes" size="1" pos="46" show="60" value="80"/> + <field name="tcp.seq" showname="Sequence number: 197 (relative sequence number)" size="4" pos="38" show="197" value="0cb69992"/> + <field name="tcp.nxtseq" showname="Next sequence number: 257 (relative sequence number)" size="0" pos="34" show="257"/> + <field name="tcp.ack" showname="Acknowledgment number: 197 (relative ack number)" size="4" pos="42" show="197" value="ff63bf7c"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe64 [validation disabled]" size="2" pos="50" show="0xfe64" value="fe64"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe64"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe64"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:19:5a:bb:71:10" value="0101080a5abb71195abb7110"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233625, TSecr 1522233616" size="10" pos="56" value="080a5abb71195abb7110"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233625" size="4" pos="58" show="1522233625" value="5abb7119"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233616" size="4" pos="62" show="1522233616" value="5abb7110"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 51" size="0" pos="34" show="51"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.009295000 seconds" size="0" pos="34" show="0.009295000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 60" size="0" pos="34" show="60"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 60" size="60" pos="66" show="60" value="0000003c20008086000000010000001000000000000000050000000000000007646f6d61696e31004c8b6b6d0a2907334b8398a02c3a4710ffffffff"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="60" pos="66"> + <field name="libvirt.length" showname="length: 60" size="4" pos="66" show="60" value="0000003c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_INFO (16)" size="4" pos="78" show="16" value="00000010"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 5" size="4" pos="86" show="5" value="00000005"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_info_args" showname="remote_domain_get_info_args" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_info_args.dom" showname="dom :: remote_nonnull_domain" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_nonnull_domain.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + <field name="libvirt.remote_nonnull_domain.uuid" showname="uuid: 4c8b6b6d0a2907334b8398a02c3a4710" size="16" pos="106" show="4c:8b:6b:6d:0a:29:07:33:4b:83:98:a0:2c:3a:47:10" value="4c8b6b6d0a2907334b8398a02c3a4710"/> + <field name="libvirt.remote_nonnull_domain.id" showname="id: -1" size="4" pos="122" show="-1" value="ffffffff"/> + </field> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="126"> + <field name="num" pos="0" show="53" showname="Number" value="35" size="126"/> + <field name="len" pos="0" show="126" showname="Frame Length" value="7e" size="126"/> + <field name="caplen" pos="0" show="126" showname="Captured Length" value="7e" size="126"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.475229000 JST" showname="Captured Time" value="1379477225.475229000" size="126"/> + </proto> + <proto name="frame" showname="Frame 53: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0" size="126" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.475229000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.475229000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.475229000 seconds" size="0" pos="0" show="1379477225.475229000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.001654000 seconds" size="0" pos="0" show="0.001654000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.001654000 seconds" size="0" pos="0" show="0.001654000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.164507000 seconds" size="0" pos="0" show="0.164507000"/> + <field name="frame.number" showname="Frame Number: 53" size="0" pos="0" show="53"/> + <field name="frame.len" showname="Frame Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.cap_len" showname="Capture Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 112" size="2" pos="16" show="112" value="0070"/> + <field name="ip.id" showname="Identification: 0xce5d (52829)" size="2" pos="18" show="0xce5d" value="ce5d"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e28 [correct]" size="2" pos="24" show="0x6e28" value="6e28"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e28"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e28"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 197, Ack: 257, Len: 60" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 60" hide="yes" size="1" pos="46" show="60" value="80"/> + <field name="tcp.seq" showname="Sequence number: 197 (relative sequence number)" size="4" pos="38" show="197" value="ff63bf7c"/> + <field name="tcp.nxtseq" showname="Next sequence number: 257 (relative sequence number)" size="0" pos="34" show="257"/> + <field name="tcp.ack" showname="Acknowledgment number: 257 (relative ack number)" size="4" pos="42" show="257" value="0cb699ce"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe64 [validation disabled]" size="2" pos="50" show="0xfe64" value="fe64"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe64"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe64"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:1b:5a:bb:71:19" value="0101080a5abb711b5abb7119"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233627, TSecr 1522233625" size="10" pos="56" value="080a5abb711b5abb7119"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233627" size="4" pos="58" show="1522233627" value="5abb711b"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233625" size="4" pos="62" show="1522233625" value="5abb7119"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 52" size="0" pos="34" show="52"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.001654000 seconds" size="0" pos="34" show="0.001654000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 60" size="0" pos="34" show="60"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 60" size="60" pos="66" show="60" value="0000003c2000808600000001000000100000000100000005000000000000000500000000000800000000000000080000000000010000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="60" pos="66"> + <field name="libvirt.length" showname="length: 60" size="4" pos="66" show="60" value="0000003c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_INFO (16)" size="4" pos="78" show="16" value="00000010"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 5" size="4" pos="86" show="5" value="00000005"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_info_ret" showname="remote_domain_get_info_ret" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_info_ret.state" showname="state: 5" size="4" pos="94" show="5" value="00000005"/> + <field name="libvirt.remote_domain_get_info_ret.maxMem" showname="maxMem: 524288" size="8" pos="98" show="524288" value="0000000000080000"/> + <field name="libvirt.remote_domain_get_info_ret.memory" showname="memory: 524288" size="8" pos="106" show="524288" value="0000000000080000"/> + <field name="libvirt.remote_domain_get_info_ret.nrVirtCpu" showname="nrVirtCpu: 1" size="4" pos="114" show="1" value="00000001"/> + <field name="libvirt.remote_domain_get_info_ret.cpuTime" showname="cpuTime: 0" size="8" pos="118" show="0" value="0000000000000000"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="134"> + <field name="num" pos="0" show="54" showname="Number" value="36" size="134"/> + <field name="len" pos="0" show="134" showname="Frame Length" value="86" size="134"/> + <field name="caplen" pos="0" show="134" showname="Captured Length" value="86" size="134"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.475853000 JST" showname="Captured Time" value="1379477225.475853000" size="134"/> + </proto> + <proto name="frame" showname="Frame 54: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) on interface 0" size="134" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.475853000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.475853000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.475853000 seconds" size="0" pos="0" show="1379477225.475853000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000624000 seconds" size="0" pos="0" show="0.000624000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000624000 seconds" size="0" pos="0" show="0.000624000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.165131000 seconds" size="0" pos="0" show="0.165131000"/> + <field name="frame.number" showname="Frame Number: 54" size="0" pos="0" show="54"/> + <field name="frame.len" showname="Frame Length: 134 bytes (1072 bits)" size="0" pos="0" show="134"/> + <field name="frame.cap_len" showname="Capture Length: 134 bytes (1072 bits)" size="0" pos="0" show="134"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 120" size="2" pos="16" show="120" value="0078"/> + <field name="ip.id" showname="Identification: 0xe82b (59435)" size="2" pos="18" show="0xe82b" value="e82b"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x5452 [correct]" size="2" pos="24" show="0x5452" value="5452"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="5452"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="5452"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 257, Ack: 257, Len: 68" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 68" hide="yes" size="1" pos="46" show="68" value="80"/> + <field name="tcp.seq" showname="Sequence number: 257 (relative sequence number)" size="4" pos="38" show="257" value="0cb699ce"/> + <field name="tcp.nxtseq" showname="Next sequence number: 325 (relative sequence number)" size="0" pos="34" show="325"/> + <field name="tcp.ack" showname="Acknowledgment number: 257 (relative ack number)" size="4" pos="42" show="257" value="ff63bfb8"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe6c [validation disabled]" size="2" pos="50" show="0xfe6c" value="fe6c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe6c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe6c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:1b:5a:bb:71:1b" value="0101080a5abb711b5abb711b"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233627, TSecr 1522233627" size="10" pos="56" value="080a5abb711b5abb711b"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233627" size="4" pos="58" show="1522233627" value="5abb711b"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233627" size="4" pos="62" show="1522233627" value="5abb711b"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 53" size="0" pos="34" show="53"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000624000 seconds" size="0" pos="34" show="0.000624000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 68" size="0" pos="34" show="68"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 68" size="68" pos="66" show="68" value="0000004420008086000000010000001400000000000000060000000000000007646f6d61696e31004c8b6b6d0a2907334b8398a02c3a4710ffffffff0000000100000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="68" pos="66"> + <field name="libvirt.length" showname="length: 68" size="4" pos="66" show="68" value="00000044"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_VCPUS (20)" size="4" pos="78" show="20" value="00000014"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 6" size="4" pos="86" show="6" value="00000006"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_vcpus_args" showname="remote_domain_get_vcpus_args" size="40" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_vcpus_args.dom" showname="dom :: remote_nonnull_domain" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_nonnull_domain.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + <field name="libvirt.remote_nonnull_domain.uuid" showname="uuid: 4c8b6b6d0a2907334b8398a02c3a4710" size="16" pos="106" show="4c:8b:6b:6d:0a:29:07:33:4b:83:98:a0:2c:3a:47:10" value="4c8b6b6d0a2907334b8398a02c3a4710"/> + <field name="libvirt.remote_nonnull_domain.id" showname="id: -1" size="4" pos="122" show="-1" value="ffffffff"/> + </field> + <field name="libvirt.remote_domain_get_vcpus_args.maxinfo" showname="maxinfo: 1" size="4" pos="126" show="1" value="00000001"/> + <field name="libvirt.remote_domain_get_vcpus_args.maplen" showname="maplen: 1" size="4" pos="130" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="426"> + <field name="num" pos="0" show="55" showname="Number" value="37" size="426"/> + <field name="len" pos="0" show="426" showname="Frame Length" value="1aa" size="426"/> + <field name="caplen" pos="0" show="426" showname="Captured Length" value="1aa" size="426"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.480977000 JST" showname="Captured Time" value="1379477225.480977000" size="426"/> + </proto> + <proto name="frame" showname="Frame 55: 426 bytes on wire (3408 bits), 426 bytes captured (3408 bits) on interface 0" size="426" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.480977000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.480977000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.480977000 seconds" size="0" pos="0" show="1379477225.480977000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.005124000 seconds" size="0" pos="0" show="0.005124000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.005124000 seconds" size="0" pos="0" show="0.005124000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.170255000 seconds" size="0" pos="0" show="0.170255000"/> + <field name="frame.number" showname="Frame Number: 55" size="0" pos="0" show="55"/> + <field name="frame.len" showname="Frame Length: 426 bytes (3408 bits)" size="0" pos="0" show="426"/> + <field name="frame.cap_len" showname="Capture Length: 426 bytes (3408 bits)" size="0" pos="0" show="426"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 412" size="2" pos="16" show="412" value="019c"/> + <field name="ip.id" showname="Identification: 0xce5e (52830)" size="2" pos="18" show="0xce5e" value="ce5e"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6cfb [correct]" size="2" pos="24" show="0x6cfb" value="6cfb"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6cfb"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6cfb"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 257, Ack: 325, Len: 360" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 360" hide="yes" size="1" pos="46" show="360" value="80"/> + <field name="tcp.seq" showname="Sequence number: 257 (relative sequence number)" size="4" pos="38" show="257" value="ff63bfb8"/> + <field name="tcp.nxtseq" showname="Next sequence number: 617 (relative sequence number)" size="0" pos="34" show="617"/> + <field name="tcp.ack" showname="Acknowledgment number: 325 (relative ack number)" size="4" pos="42" show="325" value="0cb69a12"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xff90 [validation disabled]" size="2" pos="50" show="0xff90" value="ff90"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="ff90"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="ff90"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:20:5a:bb:71:1b" value="0101080a5abb71205abb711b"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233632, TSecr 1522233627" size="10" pos="56" value="080a5abb71205abb711b"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233632" size="4" pos="58" show="1522233632" value="5abb7120"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233627" size="4" pos="62" show="1522233627" value="5abb711b"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 54" size="0" pos="34" show="54"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.005124000 seconds" size="0" pos="34" show="0.005124000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 360" size="0" pos="34" show="360"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 360" size="360" pos="66" show="360" value="00000168200080860000000100000014000000010000000600000001000000370000000a0000000100000088e8a681e6b182e38195e3828ce3819fe6938de4bd9ce381afe69c89e58ab9e381a7e381afe38182e3828ae381bee3819be382933a20e4bc91e6ada2e78ab6e6858be381aee38389e383a1e382a4e383b3e381aee4bbaee683b32043505520e38394e3838be383b3e382b0e38292e4b880e8a6a7e8a1a8e7a4bae381a7e3818de381bee3819be3829300000002000000000000000100000037e8a681e6b182e38195e3828ce3819fe6938de4bd9ce381afe69c89e58ab9e381a7e381afe38182e3828ae381bee3819be382933a202573000000000100000053e4bc91e6ada2e78ab6e6858be381aee38389e383a1e382a4e383b3e381aee4bbaee683b32043505520e38394e3838be383b3e382b0e38292e4b880e8a6a7e8a1a8e7a4bae381a7e3818de381bee3819be382930000000000ffffffffffffffff00000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="360" pos="66"> + <field name="libvirt.length" showname="length: 360" size="4" pos="66" show="360" value="00000168"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_VCPUS (20)" size="4" pos="78" show="20" value="00000014"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 6" size="4" pos="86" show="6" value="00000006"/> + <field name="libvirt.status" showname="status: ERROR (1)" size="4" pos="90" show="1" value="00000001"/> + <field name="libvirt.remote_error" showname="remote_error" size="44" pos="94" show="" value=""> + <field name="libvirt.remote_error.code" showname="code: 55" size="4" pos="94" show="55" value="00000037"/> + <field name="libvirt.remote_error.domain" showname="domain: 10" size="4" pos="98" show="10" value="0000000a"/> + <field name="libvirt.remote_error.message" showname="message: (null)" size="4" pos="102" show="" value=""/> + <field name="libvirt.remote_error.level" showname="level: 136" size="4" pos="106" show="136" value="00000088"/> + <field name="libvirt.remote_error.dom" showname="dom: (null)" size="4" pos="110" show="" value=""/> + <field name="libvirt.remote_error.str1" showname="str1: (null)" size="4" pos="114" show="" value=""/> + <field name="libvirt.remote_error.str2" showname="str2: (null)" size="4" pos="118" show="" value=""/> + <field name="libvirt.remote_error.str3" showname="str3: (null)" size="4" pos="122" show="" value=""/> + <field name="libvirt.remote_error.int1" showname="int1: -1819417411" size="4" pos="126" show="-1819417411" value="938de4bd"/> + <field name="libvirt.remote_error.int2" showname="int2: -1662811729" size="4" pos="130" show="-1662811729" value="9ce381af"/> + <field name="libvirt.remote_error.net" showname="net: (null)" size="4" pos="134" show="" value=""/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="138"> + <field name="num" pos="0" show="56" showname="Number" value="38" size="138"/> + <field name="len" pos="0" show="138" showname="Frame Length" value="8a" size="138"/> + <field name="caplen" pos="0" show="138" showname="Captured Length" value="8a" size="138"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.481283000 JST" showname="Captured Time" value="1379477225.481283000" size="138"/> + </proto> + <proto name="frame" showname="Frame 56: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits) on interface 0" size="138" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.481283000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.481283000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.481283000 seconds" size="0" pos="0" show="1379477225.481283000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000306000 seconds" size="0" pos="0" show="0.000306000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000306000 seconds" size="0" pos="0" show="0.000306000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.170561000 seconds" size="0" pos="0" show="0.170561000"/> + <field name="frame.number" showname="Frame Number: 56" size="0" pos="0" show="56"/> + <field name="frame.len" showname="Frame Length: 138 bytes (1104 bits)" size="0" pos="0" show="138"/> + <field name="frame.cap_len" showname="Capture Length: 138 bytes (1104 bits)" size="0" pos="0" show="138"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 124" size="2" pos="16" show="124" value="007c"/> + <field name="ip.id" showname="Identification: 0xe82c (59436)" size="2" pos="18" show="0xe82c" value="e82c"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x544d [correct]" size="2" pos="24" show="0x544d" value="544d"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="544d"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="544d"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 325, Ack: 617, Len: 72" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 72" hide="yes" size="1" pos="46" show="72" value="80"/> + <field name="tcp.seq" showname="Sequence number: 325 (relative sequence number)" size="4" pos="38" show="325" value="0cb69a12"/> + <field name="tcp.nxtseq" showname="Next sequence number: 397 (relative sequence number)" size="0" pos="34" show="397"/> + <field name="tcp.ack" showname="Acknowledgment number: 617 (relative ack number)" size="4" pos="42" show="617" value="ff63c120"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 350" size="2" pos="48" show="350" value="015e"/> + <field name="tcp.window_size" showname="Calculated window size: 44800" size="2" pos="48" show="44800" value="015e"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="015e"/> + <field name="tcp.checksum" showname="Checksum: 0xfe70 [validation disabled]" size="2" pos="50" show="0xfe70" value="fe70"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe70"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe70"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:21:5a:bb:71:20" value="0101080a5abb71215abb7120"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233633, TSecr 1522233632" size="10" pos="56" value="080a5abb71215abb7120"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233633" size="4" pos="58" show="1522233633" value="5abb7121"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233632" size="4" pos="62" show="1522233632" value="5abb7120"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 55" size="0" pos="34" show="55"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000306000 seconds" size="0" pos="34" show="0.000306000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 72" size="0" pos="34" show="72"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 72" size="72" pos="66" show="72" value="000000482000808600000001000000e600000000000000070000000000000007646f6d61696e31004c8b6b6d0a2907334b8398a02c3a4710ffffffff000000010000000100000002"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="72" pos="66"> + <field name="libvirt.length" showname="length: 72" size="4" pos="66" show="72" value="00000048"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_VCPU_PIN_INFO (230)" size="4" pos="78" show="230" value="000000e6"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 7" size="4" pos="86" show="7" value="00000007"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_vcpu_pin_info_args" showname="remote_domain_get_vcpu_pin_info_args" size="44" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_vcpu_pin_info_args.dom" showname="dom :: remote_nonnull_domain" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_nonnull_domain.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + <field name="libvirt.remote_nonnull_domain.uuid" showname="uuid: 4c8b6b6d0a2907334b8398a02c3a4710" size="16" pos="106" show="4c:8b:6b:6d:0a:29:07:33:4b:83:98:a0:2c:3a:47:10" value="4c8b6b6d0a2907334b8398a02c3a4710"/> + <field name="libvirt.remote_nonnull_domain.id" showname="id: -1" size="4" pos="122" show="-1" value="ffffffff"/> + </field> + <field name="libvirt.remote_domain_get_vcpu_pin_info_args.ncpumaps" showname="ncpumaps: 1" size="4" pos="126" show="1" value="00000001"/> + <field name="libvirt.remote_domain_get_vcpu_pin_info_args.maplen" showname="maplen: 1" size="4" pos="130" show="1" value="00000001"/> + <field name="libvirt.remote_domain_get_vcpu_pin_info_args.flags" showname="flags: 2" size="4" pos="134" show="2" value="00000002"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="106"> + <field name="num" pos="0" show="57" showname="Number" value="39" size="106"/> + <field name="len" pos="0" show="106" showname="Frame Length" value="6a" size="106"/> + <field name="caplen" pos="0" show="106" showname="Captured Length" value="6a" size="106"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.484963000 JST" showname="Captured Time" value="1379477225.484963000" size="106"/> + </proto> + <proto name="frame" showname="Frame 57: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0" size="106" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.484963000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.484963000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.484963000 seconds" size="0" pos="0" show="1379477225.484963000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.003680000 seconds" size="0" pos="0" show="0.003680000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.003680000 seconds" size="0" pos="0" show="0.003680000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.174241000 seconds" size="0" pos="0" show="0.174241000"/> + <field name="frame.number" showname="Frame Number: 57" size="0" pos="0" show="57"/> + <field name="frame.len" showname="Frame Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.cap_len" showname="Capture Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 92" size="2" pos="16" show="92" value="005c"/> + <field name="ip.id" showname="Identification: 0xce5f (52831)" size="2" pos="18" show="0xce5f" value="ce5f"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e3a [correct]" size="2" pos="24" show="0x6e3a" value="6e3a"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e3a"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e3a"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 617, Ack: 397, Len: 40" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 40" hide="yes" size="1" pos="46" show="40" value="80"/> + <field name="tcp.seq" showname="Sequence number: 617 (relative sequence number)" size="4" pos="38" show="617" value="ff63c120"/> + <field name="tcp.nxtseq" showname="Next sequence number: 657 (relative sequence number)" size="0" pos="34" show="657"/> + <field name="tcp.ack" showname="Acknowledgment number: 397 (relative ack number)" size="4" pos="42" show="397" value="0cb69a5a"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe50 [validation disabled]" size="2" pos="50" show="0xfe50" value="fe50"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe50"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe50"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:24:5a:bb:71:21" value="0101080a5abb71245abb7121"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233636, TSecr 1522233633" size="10" pos="56" value="080a5abb71245abb7121"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233636" size="4" pos="58" show="1522233636" value="5abb7124"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233633" size="4" pos="62" show="1522233633" value="5abb7121"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 56" size="0" pos="34" show="56"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.003680000 seconds" size="0" pos="34" show="0.003680000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 40" size="0" pos="34" show="40"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 40" size="40" pos="66" show="40" value="000000282000808600000001000000e600000001000000070000000000000001ff00000000000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="40" pos="66"> + <field name="libvirt.length" showname="length: 40" size="4" pos="66" show="40" value="00000028"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_VCPU_PIN_INFO (230)" size="4" pos="78" show="230" value="000000e6"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 7" size="4" pos="86" show="7" value="00000007"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_vcpu_pin_info_ret" showname="remote_domain_get_vcpu_pin_info_ret" size="12" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_vcpu_pin_info_ret.cpumaps" showname="cpumaps: ff" size="8" pos="94" show="00:00:00:01:ff:00:00:00" value="00000001ff000000"/> + <field name="libvirt.remote_domain_get_vcpu_pin_info_ret.num" showname="num: 1" size="4" pos="102" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="58" showname="Number" value="3a" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.501386000 JST" showname="Captured Time" value="1379477225.501386000" size="94"/> + </proto> + <proto name="frame" showname="Frame 58: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.501386000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.501386000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.501386000 seconds" size="0" pos="0" show="1379477225.501386000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.016423000 seconds" size="0" pos="0" show="0.016423000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.016423000 seconds" size="0" pos="0" show="0.016423000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.190664000 seconds" size="0" pos="0" show="0.190664000"/> + <field name="frame.number" showname="Frame Number: 58" size="0" pos="0" show="58"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xe82d (59437)" size="2" pos="18" show="0xe82d" value="e82d"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x5478 [correct]" size="2" pos="24" show="0x5478" value="5478"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="5478"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="5478"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55130 (55130), Dst Port: 16509 (16509), Seq: 397, Ack: 657, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55130 (55130)" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="34" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 397 (relative sequence number)" size="4" pos="38" show="397" value="0cb69a5a"/> + <field name="tcp.nxtseq" showname="Next sequence number: 425 (relative sequence number)" size="0" pos="34" show="425"/> + <field name="tcp.ack" showname="Acknowledgment number: 657 (relative ack number)" size="4" pos="42" show="657" value="ff63c148"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 350" size="2" pos="48" show="350" value="015e"/> + <field name="tcp.window_size" showname="Calculated window size: 44800" size="2" pos="48" show="44800" value="015e"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="015e"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:35:5a:bb:71:24" value="0101080a5abb71355abb7124"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233653, TSecr 1522233636" size="10" pos="56" value="080a5abb71355abb7124"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233653" size="4" pos="58" show="1522233653" value="5abb7135"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233636" size="4" pos="62" show="1522233636" value="5abb7124"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 57" size="0" pos="34" show="57"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.016423000 seconds" size="0" pos="34" show="0.016423000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000000000000800000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 8" size="4" pos="86" show="8" value="00000008"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="59" showname="Number" value="3b" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.503201000 JST" showname="Captured Time" value="1379477225.503201000" size="94"/> + </proto> + <proto name="frame" showname="Frame 59: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.503201000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.503201000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.503201000 seconds" size="0" pos="0" show="1379477225.503201000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.001815000 seconds" size="0" pos="0" show="0.001815000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.001815000 seconds" size="0" pos="0" show="0.001815000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.192479000 seconds" size="0" pos="0" show="0.192479000"/> + <field name="frame.number" showname="Frame Number: 59" size="0" pos="0" show="59"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xce60 (52832)" size="2" pos="18" show="0xce60" value="ce60"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x6e45 [correct]" size="2" pos="24" show="0x6e45" value="6e45"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="6e45"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="6e45"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55130 (55130), Seq: 657, Ack: 425, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55130 (55130)" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55130" hide="yes" size="2" pos="36" show="55130" value="d75a"/> + <field name="tcp.stream" showname="Stream index: 2" size="0" pos="34" show="2"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 657 (relative sequence number)" size="4" pos="38" show="657" value="ff63c148"/> + <field name="tcp.nxtseq" showname="Next sequence number: 685 (relative sequence number)" size="0" pos="34" show="685"/> + <field name="tcp.ack" showname="Acknowledgment number: 425 (relative ack number)" size="4" pos="42" show="425" value="0cb69a76"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:37:5a:bb:71:35" value="0101080a5abb71375abb7135"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233655, TSecr 1522233653" size="10" pos="56" value="080a5abb71375abb7135"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233655" size="4" pos="58" show="1522233655" value="5abb7137"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233653" size="4" pos="62" show="1522233653" value="5abb7135"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 58" size="0" pos="34" show="58"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.001815000 seconds" size="0" pos="34" show="0.001815000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000010000000800000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 8" size="4" pos="86" show="8" value="00000008"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="66" showname="Number" value="42" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.515204000 JST" showname="Captured Time" value="1379477225.515204000" size="94"/> + </proto> + <proto name="frame" showname="Frame 66: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.515204000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.515204000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.515204000 seconds" size="0" pos="0" show="1379477225.515204000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000309000 seconds" size="0" pos="0" show="0.000309000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.012003000 seconds" size="0" pos="0" show="0.012003000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.204482000 seconds" size="0" pos="0" show="0.204482000"/> + <field name="frame.number" showname="Frame Number: 66" size="0" pos="0" show="66"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xe8a8 (59560)" size="2" pos="18" show="0xe8a8" value="e8a8"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53fd [correct]" size="2" pos="24" show="0x53fd" value="53fd"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53fd"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53fd"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 1, Ack: 1, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="069b99e5"/> + <field name="tcp.nxtseq" showname="Next sequence number: 29 (relative sequence number)" size="0" pos="34" show="29"/> + <field name="tcp.ack" showname="Acknowledgment number: 1 (relative ack number)" size="4" pos="42" show="1" value="1869d70f"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:43:5a:bb:71:42" value="0101080a5abb71435abb7142"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233667, TSecr 1522233666" size="10" pos="56" value="080a5abb71435abb7142"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233667" size="4" pos="58" show="1522233667" value="5abb7143"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233666" size="4" pos="62" show="1522233666" value="5abb7142"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000042000000000000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="102"> + <field name="num" pos="0" show="68" showname="Number" value="44" size="102"/> + <field name="len" pos="0" show="102" showname="Frame Length" value="66" size="102"/> + <field name="caplen" pos="0" show="102" showname="Captured Length" value="66" size="102"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.517697000 JST" showname="Captured Time" value="1379477225.517697000" size="102"/> + </proto> + <proto name="frame" showname="Frame 68: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0" size="102" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.517697000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.517697000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.517697000 seconds" size="0" pos="0" show="1379477225.517697000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.002481000 seconds" size="0" pos="0" show="0.002481000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.002493000 seconds" size="0" pos="0" show="0.002493000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.206975000 seconds" size="0" pos="0" show="0.206975000"/> + <field name="frame.number" showname="Frame Number: 68" size="0" pos="0" show="68"/> + <field name="frame.len" showname="Frame Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.cap_len" showname="Capture Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 88" size="2" pos="16" show="88" value="0058"/> + <field name="ip.id" showname="Identification: 0xa64e (42574)" size="2" pos="18" show="0xa64e" value="a64e"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x964f [correct]" size="2" pos="24" show="0x964f" value="964f"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="964f"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="964f"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 1, Ack: 29, Len: 36" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 36" hide="yes" size="1" pos="46" show="36" value="80"/> + <field name="tcp.seq" showname="Sequence number: 1 (relative sequence number)" size="4" pos="38" show="1" value="1869d70f"/> + <field name="tcp.nxtseq" showname="Next sequence number: 37 (relative sequence number)" size="0" pos="34" show="37"/> + <field name="tcp.ack" showname="Acknowledgment number: 29 (relative ack number)" size="4" pos="42" show="29" value="069b9a01"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe4c [validation disabled]" size="2" pos="50" show="0xfe4c" value="fe4c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:45:5a:bb:71:43" value="0101080a5abb71455abb7143"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233669, TSecr 1522233667" size="10" pos="56" value="080a5abb71455abb7143"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233669" size="4" pos="58" show="1522233669" value="5abb7145"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233667" size="4" pos="62" show="1522233667" value="5abb7143"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 36" size="0" pos="34" show="36"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 36" size="36" pos="66" show="36" value="000000242000808600000001000000420000000100000000000000000000000100000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="36" pos="66"> + <field name="libvirt.length" showname="length: 36" size="4" pos="66" show="36" value="00000024"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: AUTH_LIST (66)" size="4" pos="78" show="66" value="00000042"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 0" size="4" pos="86" show="0" value="00000000"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_auth_list_ret" showname="remote_auth_list_ret" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types" showname="types :: remote_auth_type<1>" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_auth_list_ret.types.types" showname="types: REMOTE_AUTH_NONE(0)" size="4" pos="98" show="0" value="00000000"/> + </field> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="70" showname="Number" value="46" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.517946000 JST" showname="Captured Time" value="1379477225.517946000" size="98"/> + </proto> + <proto name="frame" showname="Frame 70: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.517946000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.517946000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.517946000 seconds" size="0" pos="0" show="1379477225.517946000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000220000 seconds" size="0" pos="0" show="0.000220000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000249000 seconds" size="0" pos="0" show="0.000249000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.207224000 seconds" size="0" pos="0" show="0.207224000"/> + <field name="frame.number" showname="Frame Number: 70" size="0" pos="0" show="70"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xe8aa (59562)" size="2" pos="18" show="0xe8aa" value="e8aa"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53f7 [correct]" size="2" pos="24" show="0x53f7" value="53f7"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53f7"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53f7"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 29, Ack: 37, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 29 (relative sequence number)" size="4" pos="38" show="29" value="069b9a01"/> + <field name="tcp.nxtseq" showname="Next sequence number: 61 (relative sequence number)" size="0" pos="34" show="61"/> + <field name="tcp.ack" showname="Acknowledgment number: 37 (relative ack number)" size="4" pos="42" show="37" value="1869d733"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:45:5a:bb:71:45" value="0101080a5abb71455abb7145"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233669, TSecr 1522233669" size="10" pos="56" value="080a5abb71455abb7145"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233669" size="4" pos="58" show="1522233669" value="5abb7145"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233669" size="4" pos="62" show="1522233669" value="5abb7145"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c0000000000000001000000000000000a"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_args" showname="remote_connect_supports_feature_args" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_args.feature" showname="feature: 10" size="4" pos="94" show="10" value="0000000a"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="71" showname="Number" value="47" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.522522000 JST" showname="Captured Time" value="1379477225.522522000" size="98"/> + </proto> + <proto name="frame" showname="Frame 71: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.522522000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.522522000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.522522000 seconds" size="0" pos="0" show="1379477225.522522000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004576000 seconds" size="0" pos="0" show="0.004576000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004576000 seconds" size="0" pos="0" show="0.004576000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.211800000 seconds" size="0" pos="0" show="0.211800000"/> + <field name="frame.number" showname="Frame Number: 71" size="0" pos="0" show="71"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xa64f (42575)" size="2" pos="18" show="0xa64f" value="a64f"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x9652 [correct]" size="2" pos="24" show="0x9652" value="9652"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="9652"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="9652"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 37, Ack: 61, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 37 (relative sequence number)" size="4" pos="38" show="37" value="1869d733"/> + <field name="tcp.nxtseq" showname="Next sequence number: 69 (relative sequence number)" size="0" pos="34" show="69"/> + <field name="tcp.ack" showname="Acknowledgment number: 61 (relative ack number)" size="4" pos="42" show="61" value="069b9a21"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:4a:5a:bb:71:45" value="0101080a5abb714a5abb7145"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233674, TSecr 1522233669" size="10" pos="56" value="080a5abb714a5abb7145"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233674" size="4" pos="58" show="1522233674" value="5abb714a"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233669" size="4" pos="62" show="1522233669" value="5abb7145"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 70" size="0" pos="34" show="70"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004576000 seconds" size="0" pos="34" show="0.004576000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000001000000010000000000000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 1" size="4" pos="86" show="1" value="00000001"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_ret" showname="remote_connect_supports_feature_ret" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_ret.supported" showname="supported: 1" size="4" pos="94" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="122"> + <field name="num" pos="0" show="72" showname="Number" value="48" size="122"/> + <field name="len" pos="0" show="122" showname="Frame Length" value="7a" size="122"/> + <field name="caplen" pos="0" show="122" showname="Captured Length" value="7a" size="122"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.522810000 JST" showname="Captured Time" value="1379477225.522810000" size="122"/> + </proto> + <proto name="frame" showname="Frame 72: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) on interface 0" size="122" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.522810000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.522810000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.522810000 seconds" size="0" pos="0" show="1379477225.522810000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000288000 seconds" size="0" pos="0" show="0.000288000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000288000 seconds" size="0" pos="0" show="0.000288000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.212088000 seconds" size="0" pos="0" show="0.212088000"/> + <field name="frame.number" showname="Frame Number: 72" size="0" pos="0" show="72"/> + <field name="frame.len" showname="Frame Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.cap_len" showname="Capture Length: 122 bytes (976 bits)" size="0" pos="0" show="122"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 108" size="2" pos="16" show="108" value="006c"/> + <field name="ip.id" showname="Identification: 0xe8ab (59563)" size="2" pos="18" show="0xe8ab" value="e8ab"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53de [correct]" size="2" pos="24" show="0x53de" value="53de"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53de"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53de"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 61, Ack: 69, Len: 56" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 56" hide="yes" size="1" pos="46" show="56" value="80"/> + <field name="tcp.seq" showname="Sequence number: 61 (relative sequence number)" size="4" pos="38" show="61" value="069b9a21"/> + <field name="tcp.nxtseq" showname="Next sequence number: 117 (relative sequence number)" size="0" pos="34" show="117"/> + <field name="tcp.ack" showname="Acknowledgment number: 69 (relative ack number)" size="4" pos="42" show="69" value="1869d753"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe60 [validation disabled]" size="2" pos="50" show="0xfe60" value="fe60"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe60"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe60"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:4a:5a:bb:71:4a" value="0101080a5abb714a5abb714a"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233674, TSecr 1522233674" size="10" pos="56" value="080a5abb714a5abb714a"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233674" size="4" pos="58" show="1522233674" value="5abb714a"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233674" size="4" pos="62" show="1522233674" value="5abb714a"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 71" size="0" pos="34" show="71"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000288000 seconds" size="0" pos="34" show="0.000288000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 56" size="0" pos="34" show="56"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 56" size="56" pos="66" show="56" value="00000038200080860000000100000001000000000000000200000000000000010000000f71656d753a2f2f2f73657373696f6e0000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="56" pos="66"> + <field name="libvirt.length" showname="length: 56" size="4" pos="66" show="56" value="00000038"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_open_args" showname="remote_connect_open_args" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_connect_open_args.name" showname="name: (null)" size="4" pos="94" show="" value=""/> + <field name="libvirt.remote_connect_open_args.flags" showname="flags: 15" size="4" pos="98" show="15" value="0000000f"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="73" showname="Number" value="49" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.527095000 JST" showname="Captured Time" value="1379477225.527095000" size="94"/> + </proto> + <proto name="frame" showname="Frame 73: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.527095000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.527095000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.527095000 seconds" size="0" pos="0" show="1379477225.527095000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004285000 seconds" size="0" pos="0" show="0.004285000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004285000 seconds" size="0" pos="0" show="0.004285000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.216373000 seconds" size="0" pos="0" show="0.216373000"/> + <field name="frame.number" showname="Frame Number: 73" size="0" pos="0" show="73"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xa650 (42576)" size="2" pos="18" show="0xa650" value="a650"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x9655 [correct]" size="2" pos="24" show="0x9655" value="9655"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="9655"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="9655"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 69, Ack: 117, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 69 (relative sequence number)" size="4" pos="38" show="69" value="1869d753"/> + <field name="tcp.nxtseq" showname="Next sequence number: 97 (relative sequence number)" size="0" pos="34" show="97"/> + <field name="tcp.ack" showname="Acknowledgment number: 117 (relative ack number)" size="4" pos="42" show="117" value="069b9a59"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:4f:5a:bb:71:4a" value="0101080a5abb714f5abb714a"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233679, TSecr 1522233674" size="10" pos="56" value="080a5abb714f5abb714a"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233679" size="4" pos="58" show="1522233679" value="5abb714f"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233674" size="4" pos="62" show="1522233674" value="5abb714a"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 72" size="0" pos="34" show="72"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004285000 seconds" size="0" pos="34" show="0.004285000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000001000000010000000200000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_OPEN (1)" size="4" pos="78" show="1" value="00000001"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 2" size="4" pos="86" show="2" value="00000002"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="106"> + <field name="num" pos="0" show="74" showname="Number" value="4a" size="106"/> + <field name="len" pos="0" show="106" showname="Frame Length" value="6a" size="106"/> + <field name="caplen" pos="0" show="106" showname="Captured Length" value="6a" size="106"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.527349000 JST" showname="Captured Time" value="1379477225.527349000" size="106"/> + </proto> + <proto name="frame" showname="Frame 74: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0" size="106" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.527349000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.527349000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.527349000 seconds" size="0" pos="0" show="1379477225.527349000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000254000 seconds" size="0" pos="0" show="0.000254000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000254000 seconds" size="0" pos="0" show="0.000254000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.216627000 seconds" size="0" pos="0" show="0.216627000"/> + <field name="frame.number" showname="Frame Number: 74" size="0" pos="0" show="74"/> + <field name="frame.len" showname="Frame Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.cap_len" showname="Capture Length: 106 bytes (848 bits)" size="0" pos="0" show="106"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 92" size="2" pos="16" show="92" value="005c"/> + <field name="ip.id" showname="Identification: 0xe8ac (59564)" size="2" pos="18" show="0xe8ac" value="e8ac"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53ed [correct]" size="2" pos="24" show="0x53ed" value="53ed"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53ed"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53ed"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 117, Ack: 97, Len: 40" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 40" hide="yes" size="1" pos="46" show="40" value="80"/> + <field name="tcp.seq" showname="Sequence number: 117 (relative sequence number)" size="4" pos="38" show="117" value="069b9a59"/> + <field name="tcp.nxtseq" showname="Next sequence number: 157 (relative sequence number)" size="0" pos="34" show="157"/> + <field name="tcp.ack" showname="Acknowledgment number: 97 (relative ack number)" size="4" pos="42" show="97" value="1869d76f"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe50 [validation disabled]" size="2" pos="50" show="0xfe50" value="fe50"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe50"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe50"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:4f:5a:bb:71:4f" value="0101080a5abb714f5abb714f"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233679, TSecr 1522233679" size="10" pos="56" value="080a5abb714f5abb714f"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233679" size="4" pos="58" show="1522233679" value="5abb714f"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233679" size="4" pos="62" show="1522233679" value="5abb714f"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 73" size="0" pos="34" show="73"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000254000 seconds" size="0" pos="34" show="0.000254000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 40" size="0" pos="34" show="40"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 40" size="40" pos="66" show="40" value="0000002820008086000000010000001700000000000000030000000000000007646f6d61696e3100"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="40" pos="66"> + <field name="libvirt.length" showname="length: 40" size="4" pos="66" show="40" value="00000028"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_LOOKUP_BY_NAME (23)" size="4" pos="78" show="23" value="00000017"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_lookup_by_name_args" showname="remote_domain_lookup_by_name_args" size="12" pos="94" show="" value=""> + <field name="libvirt.remote_domain_lookup_by_name_args.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="126"> + <field name="num" pos="0" show="75" showname="Number" value="4b" size="126"/> + <field name="len" pos="0" show="126" showname="Frame Length" value="7e" size="126"/> + <field name="caplen" pos="0" show="126" showname="Captured Length" value="7e" size="126"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.531593000 JST" showname="Captured Time" value="1379477225.531593000" size="126"/> + </proto> + <proto name="frame" showname="Frame 75: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0" size="126" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.531593000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.531593000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.531593000 seconds" size="0" pos="0" show="1379477225.531593000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004244000 seconds" size="0" pos="0" show="0.004244000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004244000 seconds" size="0" pos="0" show="0.004244000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.220871000 seconds" size="0" pos="0" show="0.220871000"/> + <field name="frame.number" showname="Frame Number: 75" size="0" pos="0" show="75"/> + <field name="frame.len" showname="Frame Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.cap_len" showname="Capture Length: 126 bytes (1008 bits)" size="0" pos="0" show="126"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 112" size="2" pos="16" show="112" value="0070"/> + <field name="ip.id" showname="Identification: 0xa651 (42577)" size="2" pos="18" show="0xa651" value="a651"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x9634 [correct]" size="2" pos="24" show="0x9634" value="9634"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="9634"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="9634"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 97, Ack: 157, Len: 60" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 60" hide="yes" size="1" pos="46" show="60" value="80"/> + <field name="tcp.seq" showname="Sequence number: 97 (relative sequence number)" size="4" pos="38" show="97" value="1869d76f"/> + <field name="tcp.nxtseq" showname="Next sequence number: 157 (relative sequence number)" size="0" pos="34" show="157"/> + <field name="tcp.ack" showname="Acknowledgment number: 157 (relative ack number)" size="4" pos="42" show="157" value="069b9a81"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe64 [validation disabled]" size="2" pos="50" show="0xfe64" value="fe64"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe64"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe64"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:53:5a:bb:71:4f" value="0101080a5abb71535abb714f"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233683, TSecr 1522233679" size="10" pos="56" value="080a5abb71535abb714f"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233683" size="4" pos="58" show="1522233683" value="5abb7153"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233679" size="4" pos="62" show="1522233679" value="5abb714f"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 74" size="0" pos="34" show="74"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004244000 seconds" size="0" pos="34" show="0.004244000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 60" size="0" pos="34" show="60"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 60" size="60" pos="66" show="60" value="0000003c20008086000000010000001700000001000000030000000000000007646f6d61696e31004c8b6b6d0a2907334b8398a02c3a4710ffffffff"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="60" pos="66"> + <field name="libvirt.length" showname="length: 60" size="4" pos="66" show="60" value="0000003c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_LOOKUP_BY_NAME (23)" size="4" pos="78" show="23" value="00000017"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 3" size="4" pos="86" show="3" value="00000003"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_lookup_by_name_ret" showname="remote_domain_lookup_by_name_ret" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_domain_lookup_by_name_ret.dom" showname="dom :: remote_nonnull_domain" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_nonnull_domain.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + <field name="libvirt.remote_nonnull_domain.uuid" showname="uuid: 4c8b6b6d0a2907334b8398a02c3a4710" size="16" pos="106" show="4c:8b:6b:6d:0a:29:07:33:4b:83:98:a0:2c:3a:47:10" value="4c8b6b6d0a2907334b8398a02c3a4710"/> + <field name="libvirt.remote_nonnull_domain.id" showname="id: -1" size="4" pos="122" show="-1" value="ffffffff"/> + </field> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="76" showname="Number" value="4c" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.531730000 JST" showname="Captured Time" value="1379477225.531730000" size="98"/> + </proto> + <proto name="frame" showname="Frame 76: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.531730000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.531730000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.531730000 seconds" size="0" pos="0" show="1379477225.531730000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000137000 seconds" size="0" pos="0" show="0.000137000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000137000 seconds" size="0" pos="0" show="0.000137000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.221008000 seconds" size="0" pos="0" show="0.221008000"/> + <field name="frame.number" showname="Frame Number: 76" size="0" pos="0" show="76"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xe8ad (59565)" size="2" pos="18" show="0xe8ad" value="e8ad"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53f4 [correct]" size="2" pos="24" show="0x53f4" value="53f4"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53f4"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53f4"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 157, Ack: 157, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 157 (relative sequence number)" size="4" pos="38" show="157" value="069b9a81"/> + <field name="tcp.nxtseq" showname="Next sequence number: 189 (relative sequence number)" size="0" pos="34" show="189"/> + <field name="tcp.ack" showname="Acknowledgment number: 157 (relative ack number)" size="4" pos="42" show="157" value="1869d7ab"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:53:5a:bb:71:53" value="0101080a5abb71535abb7153"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233683, TSecr 1522233683" size="10" pos="56" value="080a5abb71535abb7153"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233683" size="4" pos="58" show="1522233683" value="5abb7153"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233683" size="4" pos="62" show="1522233683" value="5abb7153"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 75" size="0" pos="34" show="75"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000137000 seconds" size="0" pos="34" show="0.000137000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000000000000040000000000000009"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_args" showname="remote_connect_supports_feature_args" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_args.feature" showname="feature: 9" size="4" pos="94" show="9" value="00000009"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="77" showname="Number" value="4d" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.535951000 JST" showname="Captured Time" value="1379477225.535951000" size="98"/> + </proto> + <proto name="frame" showname="Frame 77: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.535951000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.535951000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.535951000 seconds" size="0" pos="0" show="1379477225.535951000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004221000 seconds" size="0" pos="0" show="0.004221000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004221000 seconds" size="0" pos="0" show="0.004221000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.225229000 seconds" size="0" pos="0" show="0.225229000"/> + <field name="frame.number" showname="Frame Number: 77" size="0" pos="0" show="77"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xa652 (42578)" size="2" pos="18" show="0xa652" value="a652"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x964f [correct]" size="2" pos="24" show="0x964f" value="964f"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="964f"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="964f"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 157, Ack: 189, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 157 (relative sequence number)" size="4" pos="38" show="157" value="1869d7ab"/> + <field name="tcp.nxtseq" showname="Next sequence number: 189 (relative sequence number)" size="0" pos="34" show="189"/> + <field name="tcp.ack" showname="Acknowledgment number: 189 (relative ack number)" size="4" pos="42" show="189" value="069b9aa1"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:57:5a:bb:71:53" value="0101080a5abb71575abb7153"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233687, TSecr 1522233683" size="10" pos="56" value="080a5abb71575abb7153"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233687" size="4" pos="58" show="1522233687" value="5abb7157"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233683" size="4" pos="62" show="1522233683" value="5abb7153"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 76" size="0" pos="34" show="76"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004221000 seconds" size="0" pos="34" show="0.004221000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000001000000040000000000000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 4" size="4" pos="86" show="4" value="00000004"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_ret" showname="remote_connect_supports_feature_ret" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_ret.supported" showname="supported: 1" size="4" pos="94" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="134"> + <field name="num" pos="0" show="78" showname="Number" value="4e" size="134"/> + <field name="len" pos="0" show="134" showname="Frame Length" value="86" size="134"/> + <field name="caplen" pos="0" show="134" showname="Captured Length" value="86" size="134"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.536149000 JST" showname="Captured Time" value="1379477225.536149000" size="134"/> + </proto> + <proto name="frame" showname="Frame 78: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) on interface 0" size="134" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.536149000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.536149000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.536149000 seconds" size="0" pos="0" show="1379477225.536149000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000198000 seconds" size="0" pos="0" show="0.000198000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000198000 seconds" size="0" pos="0" show="0.000198000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.225427000 seconds" size="0" pos="0" show="0.225427000"/> + <field name="frame.number" showname="Frame Number: 78" size="0" pos="0" show="78"/> + <field name="frame.len" showname="Frame Length: 134 bytes (1072 bits)" size="0" pos="0" show="134"/> + <field name="frame.cap_len" showname="Capture Length: 134 bytes (1072 bits)" size="0" pos="0" show="134"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 120" size="2" pos="16" show="120" value="0078"/> + <field name="ip.id" showname="Identification: 0xe8ae (59566)" size="2" pos="18" show="0xe8ae" value="e8ae"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53cf [correct]" size="2" pos="24" show="0x53cf" value="53cf"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53cf"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53cf"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 189, Ack: 189, Len: 68" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 68" hide="yes" size="1" pos="46" show="68" value="80"/> + <field name="tcp.seq" showname="Sequence number: 189 (relative sequence number)" size="4" pos="38" show="189" value="069b9aa1"/> + <field name="tcp.nxtseq" showname="Next sequence number: 257 (relative sequence number)" size="0" pos="34" show="257"/> + <field name="tcp.ack" showname="Acknowledgment number: 189 (relative ack number)" size="4" pos="42" show="189" value="1869d7cb"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe6c [validation disabled]" size="2" pos="50" show="0xfe6c" value="fe6c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe6c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe6c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:58:5a:bb:71:57" value="0101080a5abb71585abb7157"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233688, TSecr 1522233687" size="10" pos="56" value="080a5abb71585abb7157"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233688" size="4" pos="58" show="1522233688" value="5abb7158"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233687" size="4" pos="62" show="1522233687" value="5abb7157"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 77" size="0" pos="34" show="77"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000198000 seconds" size="0" pos="34" show="0.000198000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 68" size="0" pos="34" show="68"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 68" size="68" pos="66" show="68" value="000000442000808600000001000000ce00000000000000050000000000000007646f6d61696e31004c8b6b6d0a2907334b8398a02c3a4710ffffffff0000000000000004"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="68" pos="66"> + <field name="libvirt.length" showname="length: 68" size="4" pos="66" show="68" value="00000044"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_BLKIO_PARAMETERS (206)" size="4" pos="78" show="206" value="000000ce"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 5" size="4" pos="86" show="5" value="00000005"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_blkio_parameters_args" showname="remote_domain_get_blkio_parameters_args" size="40" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_blkio_parameters_args.dom" showname="dom :: remote_nonnull_domain" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_nonnull_domain.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + <field name="libvirt.remote_nonnull_domain.uuid" showname="uuid: 4c8b6b6d0a2907334b8398a02c3a4710" size="16" pos="106" show="4c:8b:6b:6d:0a:29:07:33:4b:83:98:a0:2c:3a:47:10" value="4c8b6b6d0a2907334b8398a02c3a4710"/> + <field name="libvirt.remote_nonnull_domain.id" showname="id: -1" size="4" pos="122" show="-1" value="ffffffff"/> + </field> + <field name="libvirt.remote_domain_get_blkio_parameters_args.nparams" showname="nparams: 0" size="4" pos="126" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_blkio_parameters_args.flags" showname="flags: 4" size="4" pos="130" show="4" value="00000004"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="102"> + <field name="num" pos="0" show="79" showname="Number" value="4f" size="102"/> + <field name="len" pos="0" show="102" showname="Frame Length" value="66" size="102"/> + <field name="caplen" pos="0" show="102" showname="Captured Length" value="66" size="102"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.540042000 JST" showname="Captured Time" value="1379477225.540042000" size="102"/> + </proto> + <proto name="frame" showname="Frame 79: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0" size="102" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.540042000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.540042000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.540042000 seconds" size="0" pos="0" show="1379477225.540042000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.003893000 seconds" size="0" pos="0" show="0.003893000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.003893000 seconds" size="0" pos="0" show="0.003893000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.229320000 seconds" size="0" pos="0" show="0.229320000"/> + <field name="frame.number" showname="Frame Number: 79" size="0" pos="0" show="79"/> + <field name="frame.len" showname="Frame Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.cap_len" showname="Capture Length: 102 bytes (816 bits)" size="0" pos="0" show="102"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 88" size="2" pos="16" show="88" value="0058"/> + <field name="ip.id" showname="Identification: 0xa653 (42579)" size="2" pos="18" show="0xa653" value="a653"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x964a [correct]" size="2" pos="24" show="0x964a" value="964a"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="964a"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="964a"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 189, Ack: 257, Len: 36" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 36" hide="yes" size="1" pos="46" show="36" value="80"/> + <field name="tcp.seq" showname="Sequence number: 189 (relative sequence number)" size="4" pos="38" show="189" value="1869d7cb"/> + <field name="tcp.nxtseq" showname="Next sequence number: 225 (relative sequence number)" size="0" pos="34" show="225"/> + <field name="tcp.ack" showname="Acknowledgment number: 257 (relative ack number)" size="4" pos="42" show="257" value="069b9ae5"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe4c [validation disabled]" size="2" pos="50" show="0xfe4c" value="fe4c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe4c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:5c:5a:bb:71:58" value="0101080a5abb715c5abb7158"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233692, TSecr 1522233688" size="10" pos="56" value="080a5abb715c5abb7158"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233692" size="4" pos="58" show="1522233692" value="5abb715c"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233688" size="4" pos="62" show="1522233688" value="5abb7158"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 78" size="0" pos="34" show="78"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.003893000 seconds" size="0" pos="34" show="0.003893000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 36" size="0" pos="34" show="36"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 36" size="36" pos="66" show="36" value="000000242000808600000001000000ce0000000100000005000000000000000000000002"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="36" pos="66"> + <field name="libvirt.length" showname="length: 36" size="4" pos="66" show="36" value="00000024"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_BLKIO_PARAMETERS (206)" size="4" pos="78" show="206" value="000000ce"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 5" size="4" pos="86" show="5" value="00000005"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_blkio_parameters_ret" showname="remote_domain_get_blkio_parameters_ret" size="8" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_blkio_parameters_ret.params" showname="params :: remote_typed_param<0>" size="4" pos="94" show="" value=""/> + <field name="libvirt.remote_domain_get_blkio_parameters_ret.nparams" showname="nparams: 2" size="4" pos="98" show="2" value="00000002"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="80" showname="Number" value="50" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.540189000 JST" showname="Captured Time" value="1379477225.540189000" size="98"/> + </proto> + <proto name="frame" showname="Frame 80: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.540189000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.540189000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.540189000 seconds" size="0" pos="0" show="1379477225.540189000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000147000 seconds" size="0" pos="0" show="0.000147000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000147000 seconds" size="0" pos="0" show="0.000147000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.229467000 seconds" size="0" pos="0" show="0.229467000"/> + <field name="frame.number" showname="Frame Number: 80" size="0" pos="0" show="80"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xe8af (59567)" size="2" pos="18" show="0xe8af" value="e8af"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53f2 [correct]" size="2" pos="24" show="0x53f2" value="53f2"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53f2"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53f2"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 257, Ack: 225, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 257 (relative sequence number)" size="4" pos="38" show="257" value="069b9ae5"/> + <field name="tcp.nxtseq" showname="Next sequence number: 289 (relative sequence number)" size="0" pos="34" show="289"/> + <field name="tcp.ack" showname="Acknowledgment number: 225 (relative ack number)" size="4" pos="42" show="225" value="1869d7ef"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:5c:5a:bb:71:5c" value="0101080a5abb715c5abb715c"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233692, TSecr 1522233692" size="10" pos="56" value="080a5abb715c5abb715c"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233692" size="4" pos="58" show="1522233692" value="5abb715c"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233692" size="4" pos="62" show="1522233692" value="5abb715c"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 79" size="0" pos="34" show="79"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000147000 seconds" size="0" pos="34" show="0.000147000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000000000000060000000000000009"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 6" size="4" pos="86" show="6" value="00000006"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_args" showname="remote_connect_supports_feature_args" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_args.feature" showname="feature: 9" size="4" pos="94" show="9" value="00000009"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="98"> + <field name="num" pos="0" show="81" showname="Number" value="51" size="98"/> + <field name="len" pos="0" show="98" showname="Frame Length" value="62" size="98"/> + <field name="caplen" pos="0" show="98" showname="Captured Length" value="62" size="98"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.544510000 JST" showname="Captured Time" value="1379477225.544510000" size="98"/> + </proto> + <proto name="frame" showname="Frame 81: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0" size="98" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.544510000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.544510000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.544510000 seconds" size="0" pos="0" show="1379477225.544510000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.004321000 seconds" size="0" pos="0" show="0.004321000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.004321000 seconds" size="0" pos="0" show="0.004321000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.233788000 seconds" size="0" pos="0" show="0.233788000"/> + <field name="frame.number" showname="Frame Number: 81" size="0" pos="0" show="81"/> + <field name="frame.len" showname="Frame Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.cap_len" showname="Capture Length: 98 bytes (784 bits)" size="0" pos="0" show="98"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 84" size="2" pos="16" show="84" value="0054"/> + <field name="ip.id" showname="Identification: 0xa654 (42580)" size="2" pos="18" show="0xa654" value="a654"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x964d [correct]" size="2" pos="24" show="0x964d" value="964d"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="964d"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="964d"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 225, Ack: 289, Len: 32" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 32" hide="yes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.seq" showname="Sequence number: 225 (relative sequence number)" size="4" pos="38" show="225" value="1869d7ef"/> + <field name="tcp.nxtseq" showname="Next sequence number: 257 (relative sequence number)" size="0" pos="34" show="257"/> + <field name="tcp.ack" showname="Acknowledgment number: 289 (relative ack number)" size="4" pos="42" show="289" value="069b9b05"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe48 [validation disabled]" size="2" pos="50" show="0xfe48" value="fe48"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe48"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe48"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:60:5a:bb:71:5c" value="0101080a5abb71605abb715c"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233696, TSecr 1522233692" size="10" pos="56" value="080a5abb71605abb715c"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233696" size="4" pos="58" show="1522233696" value="5abb7160"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233692" size="4" pos="62" show="1522233692" value="5abb715c"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 80" size="0" pos="34" show="80"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.004321000 seconds" size="0" pos="34" show="0.004321000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 32" size="0" pos="34" show="32"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 32" size="32" pos="66" show="32" value="0000002020008086000000010000003c00000001000000060000000000000001"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="32" pos="66"> + <field name="libvirt.length" showname="length: 32" size="4" pos="66" show="32" value="00000020"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_SUPPORTS_FEATURE (60)" size="4" pos="78" show="60" value="0000003c"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 6" size="4" pos="86" show="6" value="00000006"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_connect_supports_feature_ret" showname="remote_connect_supports_feature_ret" size="4" pos="94" show="" value=""> + <field name="libvirt.remote_connect_supports_feature_ret.supported" showname="supported: 1" size="4" pos="94" show="1" value="00000001"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="134"> + <field name="num" pos="0" show="82" showname="Number" value="52" size="134"/> + <field name="len" pos="0" show="134" showname="Frame Length" value="86" size="134"/> + <field name="caplen" pos="0" show="134" showname="Captured Length" value="86" size="134"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.544665000 JST" showname="Captured Time" value="1379477225.544665000" size="134"/> + </proto> + <proto name="frame" showname="Frame 82: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) on interface 0" size="134" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.544665000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.544665000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.544665000 seconds" size="0" pos="0" show="1379477225.544665000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000155000 seconds" size="0" pos="0" show="0.000155000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000155000 seconds" size="0" pos="0" show="0.000155000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.233943000 seconds" size="0" pos="0" show="0.233943000"/> + <field name="frame.number" showname="Frame Number: 82" size="0" pos="0" show="82"/> + <field name="frame.len" showname="Frame Length: 134 bytes (1072 bits)" size="0" pos="0" show="134"/> + <field name="frame.cap_len" showname="Capture Length: 134 bytes (1072 bits)" size="0" pos="0" show="134"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 120" size="2" pos="16" show="120" value="0078"/> + <field name="ip.id" showname="Identification: 0xe8b0 (59568)" size="2" pos="18" show="0xe8b0" value="e8b0"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53cd [correct]" size="2" pos="24" show="0x53cd" value="53cd"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53cd"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53cd"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 289, Ack: 257, Len: 68" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 68" hide="yes" size="1" pos="46" show="68" value="80"/> + <field name="tcp.seq" showname="Sequence number: 289 (relative sequence number)" size="4" pos="38" show="289" value="069b9b05"/> + <field name="tcp.nxtseq" showname="Next sequence number: 357 (relative sequence number)" size="0" pos="34" show="357"/> + <field name="tcp.ack" showname="Acknowledgment number: 257 (relative ack number)" size="4" pos="42" show="257" value="1869d80f"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe6c [validation disabled]" size="2" pos="50" show="0xfe6c" value="fe6c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe6c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe6c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:60:5a:bb:71:60" value="0101080a5abb71605abb7160"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233696, TSecr 1522233696" size="10" pos="56" value="080a5abb71605abb7160"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233696" size="4" pos="58" show="1522233696" value="5abb7160"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233696" size="4" pos="62" show="1522233696" value="5abb7160"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 81" size="0" pos="34" show="81"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000155000 seconds" size="0" pos="34" show="0.000155000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 68" size="0" pos="34" show="68"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 68" size="68" pos="66" show="68" value="000000442000808600000001000000ce00000000000000070000000000000007646f6d61696e31004c8b6b6d0a2907334b8398a02c3a4710ffffffff0000000200000004"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="68" pos="66"> + <field name="libvirt.length" showname="length: 68" size="4" pos="66" show="68" value="00000044"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_BLKIO_PARAMETERS (206)" size="4" pos="78" show="206" value="000000ce"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 7" size="4" pos="86" show="7" value="00000007"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_blkio_parameters_args" showname="remote_domain_get_blkio_parameters_args" size="40" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_blkio_parameters_args.dom" showname="dom :: remote_nonnull_domain" size="32" pos="94" show="" value=""> + <field name="libvirt.remote_nonnull_domain.name" showname="name: domain1" size="12" pos="94" show="domain1" value="00000007646f6d61696e3100"/> + <field name="libvirt.remote_nonnull_domain.uuid" showname="uuid: 4c8b6b6d0a2907334b8398a02c3a4710" size="16" pos="106" show="4c:8b:6b:6d:0a:29:07:33:4b:83:98:a0:2c:3a:47:10" value="4c8b6b6d0a2907334b8398a02c3a4710"/> + <field name="libvirt.remote_nonnull_domain.id" showname="id: -1" size="4" pos="122" show="-1" value="ffffffff"/> + </field> + <field name="libvirt.remote_domain_get_blkio_parameters_args.nparams" showname="nparams: 2" size="4" pos="126" show="2" value="00000002"/> + <field name="libvirt.remote_domain_get_blkio_parameters_args.flags" showname="flags: 4" size="4" pos="130" show="4" value="00000004"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="150"> + <field name="num" pos="0" show="83" showname="Number" value="53" size="150"/> + <field name="len" pos="0" show="150" showname="Frame Length" value="96" size="150"/> + <field name="caplen" pos="0" show="150" showname="Captured Length" value="96" size="150"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.551347000 JST" showname="Captured Time" value="1379477225.551347000" size="150"/> + </proto> + <proto name="frame" showname="Frame 83: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits) on interface 0" size="150" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.551347000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.551347000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.551347000 seconds" size="0" pos="0" show="1379477225.551347000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.006682000 seconds" size="0" pos="0" show="0.006682000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.006682000 seconds" size="0" pos="0" show="0.006682000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.240625000 seconds" size="0" pos="0" show="0.240625000"/> + <field name="frame.number" showname="Frame Number: 83" size="0" pos="0" show="83"/> + <field name="frame.len" showname="Frame Length: 150 bytes (1200 bits)" size="0" pos="0" show="150"/> + <field name="frame.cap_len" showname="Capture Length: 150 bytes (1200 bits)" size="0" pos="0" show="150"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 136" size="2" pos="16" show="136" value="0088"/> + <field name="ip.id" showname="Identification: 0xa655 (42581)" size="2" pos="18" show="0xa655" value="a655"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x9618 [correct]" size="2" pos="24" show="0x9618" value="9618"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="9618"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="9618"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 257, Ack: 357, Len: 84" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 84" hide="yes" size="1" pos="46" show="84" value="80"/> + <field name="tcp.seq" showname="Sequence number: 257 (relative sequence number)" size="4" pos="38" show="257" value="1869d80f"/> + <field name="tcp.nxtseq" showname="Next sequence number: 341 (relative sequence number)" size="0" pos="34" show="341"/> + <field name="tcp.ack" showname="Acknowledgment number: 357 (relative ack number)" size="4" pos="42" show="357" value="069b9b49"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe7c [validation disabled]" size="2" pos="50" show="0xfe7c" value="fe7c"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe7c"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe7c"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:67:5a:bb:71:60" value="0101080a5abb71675abb7160"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233703, TSecr 1522233696" size="10" pos="56" value="080a5abb71675abb7160"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233703" size="4" pos="58" show="1522233703" value="5abb7167"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233696" size="4" pos="62" show="1522233696" value="5abb7160"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 82" size="0" pos="34" show="82"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.006682000 seconds" size="0" pos="34" show="0.006682000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 84" size="0" pos="34" show="84"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 84" size="84" pos="66" show="84" value="000000542000808600000001000000ce0000000100000007000000000000000200000006776569676874000000000002000000000000000d6465766963655f776569676874000000000000070000000000000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="84" pos="66"> + <field name="libvirt.length" showname="length: 84" size="4" pos="66" show="84" value="00000054"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: DOMAIN_GET_BLKIO_PARAMETERS (206)" size="4" pos="78" show="206" value="000000ce"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 7" size="4" pos="86" show="7" value="00000007"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + <field name="libvirt.remote_domain_get_blkio_parameters_ret" showname="remote_domain_get_blkio_parameters_ret" size="56" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_blkio_parameters_ret.params" showname="params :: remote_typed_param<2>" size="52" pos="94" show="" value=""> + <field name="libvirt.remote_domain_get_blkio_parameters_ret.params.params" showname="params :: remote_typed_param" size="20" pos="98" show="" value=""> + <field name="libvirt.remote_typed_param.field" showname="field: weight" size="12" pos="98" show="weight" value="000000067765696768740000"/> + <field name="libvirt.remote_typed_param_value.ui" showname="ui: 0" size="4" pos="114" show="0" value="00000000"/> + </field> + <field name="libvirt.remote_domain_get_blkio_parameters_ret.params.params" showname="params :: remote_typed_param" size="28" pos="118" show="" value=""> + <field name="libvirt.remote_typed_param.field" showname="field: device_weight" size="20" pos="118" show="device_weight" value="0000000d6465766963655f776569676874000000"/> + <field name="libvirt.remote_typed_param_value.s" showname="s: " size="4" pos="142" show="" value="00000000"/> + </field> + </field> + <field name="libvirt.remote_domain_get_blkio_parameters_ret.nparams" showname="nparams: 0" size="4" pos="146" show="0" value="00000000"/> + </field> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="84" showname="Number" value="54" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.551763000 JST" showname="Captured Time" value="1379477225.551763000" size="94"/> + </proto> + <proto name="frame" showname="Frame 84: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.551763000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.551763000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.551763000 seconds" size="0" pos="0" show="1379477225.551763000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000416000 seconds" size="0" pos="0" show="0.000416000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000416000 seconds" size="0" pos="0" show="0.000416000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.241041000 seconds" size="0" pos="0" show="0.241041000"/> + <field name="frame.number" showname="Frame Number: 84" size="0" pos="0" show="84"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xe8b1 (59569)" size="2" pos="18" show="0xe8b1" value="e8b1"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x53f4 [correct]" size="2" pos="24" show="0x53f4" value="53f4"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="53f4"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="53f4"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 55131 (55131), Dst Port: 16509 (16509), Seq: 357, Ack: 341, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 55131 (55131)" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.dstport" showname="Destination port: 16509 (16509)" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="34" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="36" show="16509" value="407d"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 357 (relative sequence number)" size="4" pos="38" show="357" value="069b9b49"/> + <field name="tcp.nxtseq" showname="Next sequence number: 385 (relative sequence number)" size="0" pos="34" show="385"/> + <field name="tcp.ack" showname="Acknowledgment number: 341 (relative ack number)" size="4" pos="42" show="341" value="1869d863"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:67:5a:bb:71:67" value="0101080a5abb71675abb7167"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233703, TSecr 1522233703" size="10" pos="56" value="080a5abb71675abb7167"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233703" size="4" pos="58" show="1522233703" value="5abb7167"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233703" size="4" pos="62" show="1522233703" value="5abb7167"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 83" size="0" pos="34" show="83"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.000416000 seconds" size="0" pos="34" show="0.000416000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000000000000800000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: CALL (0)" size="4" pos="82" show="0" value="00000000"/> + <field name="libvirt.serial" showname="serial: 8" size="4" pos="86" show="8" value="00000008"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +<packet> + <proto name="geninfo" pos="0" showname="General information" size="94"> + <field name="num" pos="0" show="85" showname="Number" value="55" size="94"/> + <field name="len" pos="0" show="94" showname="Frame Length" value="5e" size="94"/> + <field name="caplen" pos="0" show="94" showname="Captured Length" value="5e" size="94"/> + <field name="timestamp" pos="0" show="Sep 18, 2013 13:07:05.553341000 JST" showname="Captured Time" value="1379477225.553341000" size="94"/> + </proto> + <proto name="frame" showname="Frame 85: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface 0" size="94" pos="0"> + <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/> + <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/> + <field name="frame.time" showname="Arrival Time: Sep 18, 2013 13:07:05.553341000 JST" size="0" pos="0" show="Sep 18, 2013 13:07:05.553341000"/> + <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/> + <field name="frame.time_epoch" showname="Epoch Time: 1379477225.553341000 seconds" size="0" pos="0" show="1379477225.553341000"/> + <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.001578000 seconds" size="0" pos="0" show="0.001578000"/> + <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.001578000 seconds" size="0" pos="0" show="0.001578000"/> + <field name="frame.time_relative" showname="Time since reference or first frame: 0.242619000 seconds" size="0" pos="0" show="0.242619000"/> + <field name="frame.number" showname="Frame Number: 85" size="0" pos="0" show="85"/> + <field name="frame.len" showname="Frame Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.cap_len" showname="Capture Length: 94 bytes (752 bits)" size="0" pos="0" show="94"/> + <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/> + <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/> + <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:libvirt" size="0" pos="0" show="eth:ip:tcp:libvirt"/> + </proto> + <proto name="eth" showname="Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="14" pos="0"> + <field name="eth.dst" showname="Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="0" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.src" showname="Source: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"> + <field name="eth.addr" showname="Address: 00:00:00_00:00:00 (00:00:00:00:00:00)" size="6" pos="6" show="00:00:00:00:00:00" value="000000000000"/> + <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="000000"/> + </field> + <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="0x0800" value="0800"/> + </proto> + <proto name="ip" showname="Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)" size="20" pos="14"> + <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/> + <field name="ip.hdr_len" showname="Header length: 20 bytes" size="1" pos="14" show="20" value="45"/> + <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00"> + <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0x00" value="0" unmaskedvalue="00"/> + </field> + <field name="ip.len" showname="Total Length: 80" size="2" pos="16" show="80" value="0050"/> + <field name="ip.id" showname="Identification: 0xa656 (42582)" size="2" pos="18" show="0xa656" value="a656"/> + <field name="ip.flags" showname="Flags: 0x02 (Don't Fragment)" size="1" pos="20" show="0x02" value="40"> + <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="40"/> + <field name="ip.flags.df" showname=".1.. .... = Don't fragment: Set" size="1" pos="20" show="1" value="40"/> + <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="40"/> + </field> + <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="4000"/> + <field name="ip.ttl" showname="Time to live: 64" size="1" pos="22" show="64" value="40"/> + <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/> + <field name="ip.checksum" showname="Header checksum: 0x964f [correct]" size="2" pos="24" show="0x964f" value="964f"> + <field name="ip.checksum_good" showname="Good: True" size="2" pos="24" show="1" value="964f"/> + <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="964f"/> + </field> + <field name="ip.src" showname="Source: 127.0.0.1 (127.0.0.1)" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.src_host" showname="Source Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="26" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst" showname="Destination: 127.0.0.1 (127.0.0.1)" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.addr" showname="Source or Destination Address: 127.0.0.1 (127.0.0.1)" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.dst_host" showname="Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="ip.host" showname="Source or Destination Host: 127.0.0.1" hide="yes" size="4" pos="30" show="127.0.0.1" value="7f000001"/> + <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="7f000001"/> + <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="7f000001"/> + </proto> + <proto name="tcp" showname="Transmission Control Protocol, Src Port: 16509 (16509), Dst Port: 55131 (55131), Seq: 341, Ack: 385, Len: 28" size="32" pos="34"> + <field name="tcp.srcport" showname="Source port: 16509 (16509)" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.dstport" showname="Destination port: 55131 (55131)" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.port" showname="Source or Destination Port: 16509" hide="yes" size="2" pos="34" show="16509" value="407d"/> + <field name="tcp.port" showname="Source or Destination Port: 55131" hide="yes" size="2" pos="36" show="55131" value="d75b"/> + <field name="tcp.stream" showname="Stream index: 3" size="0" pos="34" show="3"/> + <field name="tcp.len" showname="TCP Segment Len: 28" hide="yes" size="1" pos="46" show="28" value="80"/> + <field name="tcp.seq" showname="Sequence number: 341 (relative sequence number)" size="4" pos="38" show="341" value="1869d863"/> + <field name="tcp.nxtseq" showname="Next sequence number: 369 (relative sequence number)" size="0" pos="34" show="369"/> + <field name="tcp.ack" showname="Acknowledgment number: 385 (relative ack number)" size="4" pos="42" show="385" value="069b9b65"/> + <field name="tcp.hdr_len" showname="Header length: 32 bytes" size="1" pos="46" show="32" value="80"/> + <field name="tcp.flags" showname="Flags: 0x018 (PSH, ACK)" size="2" pos="46" show="0x0018" value="18" unmaskedvalue="8018"> + <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="80"/> + <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.ack" showname=".... ...1 .... = Acknowledgment: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.push" showname=".... .... 1... = Push: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="18"/> + <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.syn" showname=".... .... ..0. = Syn: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="18"/> + </field> + <field name="tcp.window_size_value" showname="Window size value: 342" size="2" pos="48" show="342" value="0156"/> + <field name="tcp.window_size" showname="Calculated window size: 43776" size="2" pos="48" show="43776" value="0156"/> + <field name="tcp.window_size_scalefactor" showname="Window size scaling factor: 128" size="2" pos="48" show="128" value="0156"/> + <field name="tcp.checksum" showname="Checksum: 0xfe44 [validation disabled]" size="2" pos="50" show="0xfe44" value="fe44"> + <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="fe44"/> + <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="fe44"/> + </field> + <field name="tcp.options" showname="Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps" size="12" pos="54" show="01:01:08:0a:5a:bb:71:69:5a:bb:71:67" value="0101080a5abb71695abb7167"> + <field name="" show="No-Operation (NOP)" size="1" pos="54" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="54" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="54" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="54" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="No-Operation (NOP)" size="1" pos="55" value="01"> + <field name="tcp.options.type" showname="Type: 1" size="1" pos="55" show="1" value="01"> + <field name="tcp.options.type.copy" showname="0... .... = Copy on fragmentation: No" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.class" showname=".00. .... = Class: Control (0)" size="1" pos="55" show="0" value="0" unmaskedvalue="01"/> + <field name="tcp.options.type.number" showname="...0 0001 = Number: No-Operation (NOP) (1)" size="1" pos="55" show="1" value="1" unmaskedvalue="01"/> + </field> + </field> + <field name="" show="Timestamps: TSval 1522233705, TSecr 1522233703" size="10" pos="56" value="080a5abb71695abb7167"> + <field name="tcp.option_kind" showname="Kind: Timestamp (8)" size="1" pos="56" show="8" value="08"/> + <field name="tcp.option_len" showname="Length: 10" size="1" pos="57" show="10" value="0a"/> + <field name="tcp.options.timestamp.tsval" showname="Timestamp value: 1522233705" size="4" pos="58" show="1522233705" value="5abb7169"/> + <field name="tcp.options.timestamp.tsecr" showname="Timestamp echo reply: 1522233703" size="4" pos="62" show="1522233703" value="5abb7167"/> + </field> + </field> + <field name="tcp.analysis" showname="SEQ/ACK analysis" size="0" pos="34" show="" value=""> + <field name="tcp.analysis.acks_frame" showname="This is an ACK to the segment in frame: 84" size="0" pos="34" show="84"/> + <field name="tcp.analysis.ack_rtt" showname="The RTT to ACK the segment was: 0.001578000 seconds" size="0" pos="34" show="0.001578000"/> + <field name="tcp.analysis.bytes_in_flight" showname="Bytes in flight: 28" size="0" pos="34" show="28"/> + </field> + <field name="tcp.pdu.size" showname="PDU Size: 28" size="28" pos="66" show="28" value="0000001c200080860000000100000002000000010000000800000000"/> + </proto> + <proto name="libvirt" showname="Libvirt" size="28" pos="66"> + <field name="libvirt.length" showname="length: 28" size="4" pos="66" show="28" value="0000001c"/> + <field name="libvirt.program" showname="program: REMOTE (0x20008086)" size="4" pos="70" show="0x20008086" value="20008086"/> + <field name="libvirt.version" showname="version: 1" size="4" pos="74" show="1" value="00000001"/> + <field name="libvirt.procedure" showname="procedure: CONNECT_CLOSE (2)" size="4" pos="78" show="2" value="00000002"/> + <field name="libvirt.type" showname="type: REPLY (1)" size="4" pos="82" show="1" value="00000001"/> + <field name="libvirt.serial" showname="serial: 8" size="4" pos="86" show="8" value="00000008"/> + <field name="libvirt.status" showname="status: OK (0)" size="4" pos="90" show="0" value="00000000"/> + </proto> +</packet> + + +</pdml> -- 1.8.1.5
On 09/18/13 06:18, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Add directory devtools/wireshark-dissector/samples/ and libvirt-sample.pdml which is sample output of dissector. --- .../samples/libvirt-sample.pdml | 7970 ++++++++++++++++++++ 1 file changed, 7970 insertions(+) create mode 100644 devtools/wireshark-dissector/samples/libvirt-sample.pdml
Is it really necessary to add a 800+ KiB file to the repository? Peter
On Wed, Sep 18, 2013 at 09:16:07AM +0200, Peter Krempa wrote:
On 09/18/13 06:18, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Add directory devtools/wireshark-dissector/samples/ and libvirt-sample.pdml which is sample output of dissector. --- .../samples/libvirt-sample.pdml | 7970 ++++++++++++++++++++ 1 file changed, 7970 insertions(+) create mode 100644 devtools/wireshark-dissector/samples/libvirt-sample.pdml
Is it really necessary to add a 800+ KiB file to the repository?
Agreed, given its size I don't think we want this example file in the repo. ....it shouldn't even have been approved on the mailing lists ! Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
2013/9/18 Daniel P. Berrange <berrange@redhat.com>:
On Wed, Sep 18, 2013 at 09:16:07AM +0200, Peter Krempa wrote:
On 09/18/13 06:18, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Add directory devtools/wireshark-dissector/samples/ and libvirt-sample.pdml which is sample output of dissector. --- .../samples/libvirt-sample.pdml | 7970 ++++++++++++++++++++ 1 file changed, 7970 insertions(+) create mode 100644 devtools/wireshark-dissector/samples/libvirt-sample.pdml
Is it really necessary to add a 800+ KiB file to the repository?
Agreed, given its size I don't think we want this example file in the repo.
....it shouldn't even have been approved on the mailing lists !
Right. I will minimize sample pdml in next patch.
On Wed, Sep 18, 2013 at 01:18:50PM +0900, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol.
This feature was presented by Michal Privoznik year before last[1]. But it did only support dissecting packet headers. This time I enhanced that dissector to support dissecting packet payload. Furthermore, I provide code generator of dissector. So you can get fresh build of dissector from libvirt RPC specification file at any version you like.
[1] http://www.redhat.com/archives/libvir-list/2011-October/msg00301.html
Yuto KAWAMURA(kawamuray) (3): Exclude files in VC_LIST_ALWAYS_EXCLUDE_REGEX from bracket-spacing-check Introduce Libvirt Wireshark dissector Add sample output of Wireshark dissector
Makefile.am | 3 +- cfg.mk | 10 +- configure.ac | 69 +- devtools/wireshark-dissector/Makefile.am | 28 + devtools/wireshark-dissector/README.md | 25 + .../samples/libvirt-sample.pdml | 7970 ++++++++++++++++++++ devtools/wireshark-dissector/src/.gitignore | 2 + devtools/wireshark-dissector/src/Makefile.am | 31 + devtools/wireshark-dissector/src/moduleinfo.h | 36 + devtools/wireshark-dissector/src/packet-libvirt.c | 512 ++ devtools/wireshark-dissector/src/packet-libvirt.h | 127 + devtools/wireshark-dissector/src/plugin.c | 27 + devtools/wireshark-dissector/util/genxdrstub.pl | 1009 +++
I don't think we need to create a new top level 'devtools' directory for this. Please just put it in a directory named tools/wireshark/ Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
2013/9/18 Daniel P. Berrange <berrange@redhat.com>:
On Wed, Sep 18, 2013 at 01:18:50PM +0900, Yuto KAWAMURA(kawamuray) wrote:
From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada@gmail.com>
Introduce Wireshark dissector plugin which adds support to Wireshark for dissecting libvirt RPC protocol.
This feature was presented by Michal Privoznik year before last[1]. But it did only support dissecting packet headers. This time I enhanced that dissector to support dissecting packet payload. Furthermore, I provide code generator of dissector. So you can get fresh build of dissector from libvirt RPC specification file at any version you like.
[1] http://www.redhat.com/archives/libvir-list/2011-October/msg00301.html
Yuto KAWAMURA(kawamuray) (3): Exclude files in VC_LIST_ALWAYS_EXCLUDE_REGEX from bracket-spacing-check Introduce Libvirt Wireshark dissector Add sample output of Wireshark dissector
Makefile.am | 3 +- cfg.mk | 10 +- configure.ac | 69 +- devtools/wireshark-dissector/Makefile.am | 28 + devtools/wireshark-dissector/README.md | 25 + .../samples/libvirt-sample.pdml | 7970 ++++++++++++++++++++ devtools/wireshark-dissector/src/.gitignore | 2 + devtools/wireshark-dissector/src/Makefile.am | 31 + devtools/wireshark-dissector/src/moduleinfo.h | 36 + devtools/wireshark-dissector/src/packet-libvirt.c | 512 ++ devtools/wireshark-dissector/src/packet-libvirt.h | 127 + devtools/wireshark-dissector/src/plugin.c | 27 + devtools/wireshark-dissector/util/genxdrstub.pl | 1009 +++
I don't think we need to create a new top level 'devtools' directory for this. Please just put it in a directory named
tools/wireshark/
Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Okey, I'll rename it.
participants (5)
-
Daniel P. Berrange -
Michal Privoznik -
Peter Krempa -
Yuto KAWAMURA -
Yuto KAWAMURA(kawamuray)