network activity ~$ sudo tcpdump -A -v -s 4096 -i wlxf81a671ece37
(extrait)
21:57:02.377855 IP (tos 0x0, ttl 64, id 23972, offset 0, flags [DF], proto TCP (6), length 221) 10.0.0.17.44816 > par10s22-in-f3.1e100.net.https: Flags [FP.], cksum 0x9c31 (correct), seq 0:169, ack 1, win 49, options [nop,nop,TS val 3930496 ecr 2973767648], length 169 E…].@.@.)H ….:…….4..5……1.1….. .;…@……)……..m`7{…….jL….6(.R/……….O….)………`..FA…..%…..u.`……e.sq.>r….)……. …..|.4….)…………..&f.. Z………… …..h…Q….{…
21:57:02.889885 IP (tos 0x0, ttl 64, id 6903, offset 0, flags [DF], proto TCP (6), length 122) 10.0.0.17.48698 > lb-192-30-253-125-iad.github.com.https: Flags [FP.], cksum 0x9687 (correct), seq 0:70, ack 1, win 31, options [nop,nop,TS val 3930624 ecr 1164918894], length 70 E..z..@.@.W. ……}.:.. …..]C……….. .;..Eo@n…. »………..u…..J.;@..y1.^..3… ………….Q…..C..8…<p..R
21:57:05.193909 IP (tos 0x0, ttl 64, id 7487, offset 0, flags [DF], proto TCP (6), length 122) 10.0.0.17.48058 > lb-192-30-253-125-iad.github.com.https: Flags [FP.], cksum 0xdc17 (correct), seq 0:70, ack 1, win 40, options [nop,nop,TS val 3931200 ecr 1164921731], length 70 E..z.?@.@.U. ……}…….e…….(……. .;.@EoK….. »…….T..r..O..\Y.04…..@…..L………….Um.L..O…<..P…q.
21:57:05.705906 IP (tos 0x0, ttl 64, id 13359, offset 0, flags [DF], proto TCP (6), length 221) 10.0.0.17.32806 > par21s07-in-f16.1e100.net.https: Flags [FP.], cksum 0x764a (correct), seq 0:169, ack 1, win 46, options [nop,nop,TS val 3931328 ecr 74644717], length 169 E…4/@.@.V. ….:…&…….k……vJ….. .;…r……)……..b.K.n…{..(……..WU./8`.$.7 q…..)………..8q……..b.#.~g..Aw.4….s…….)……. K..a..3I `….X4..;…….B….1…………. b…q.j..k…. .=.
21:57:10.313928 IP (tos 0x0, ttl 64, id 23973, offset 0, flags [DF], proto TCP (6), length 221) 10.0.0.17.44816 > par10s22-in-f3.1e100.net.https: Flags [FP.], cksum 0x9471 (correct), seq 0:169, ack 1, win 49, options [nop,nop,TS val 3932480 ecr 2973767648], length 169 E…].@.@.)G ….:…….4..5……1.q….. .<.@.@……)……..m`7{…….jL….6(.R/……….O….)………`..FA…..%…..u.`……e.sq.>r….)……. …..|.4….)…………..&f.. Z………… …..h…Q….{…
21:57:11.593905 IP (tos 0x0, ttl 64, id 21755, offset 0, flags [DF], proto TCP (6), length 52) 10.0.0.17.42186 > a92-122-218-154.deploy.static.akamaitechnologies.com.http: Flags [.], cksum 0x14b5 (correct), ack 385, win 30, options [nop,nop,TS val 3932800 ecr 642804199], length 0 E..4T.@.@… …\z…..P}……^……….. .<..&Pi.
21:57:11.620294 IP (tos 0x0, ttl 57, id 14878, offset 0, flags [DF], proto TCP (6), length 52) a92-122-218-154.deploy.static.akamaitechnologies.com.http > 10.0.0.17.42186: Flags [.], cksum 0x1daa (correct), ack 297, win 235, options [nop,nop,TS val 642814439 ecr 3920061], length 0 E..4:.@.9…\z.. ….P…..^}………….. &P…;..
21:57:15.550438 IP (tos 0x0, ttl 64, id 43937, offset 0, flags [DF], proto UDP (17), length 70) 10.0.0.17.39919 > 192.168.42.129.domain: 23050+ A? detectportal.firefox.com. (42) E..F..@.@… …..*….5.2..Z ………..detectportal.firefox.com…..
21:57:15.550479 IP (tos 0x0, ttl 64, id 21756, offset 0, flags [DF], proto TCP (6), length 348) 10.0.0.17.42186 > a92-122-218-154.deploy.static.akamaitechnologies.com.http: Flags [P.], cksum 0x6f9a (correct), seq 297:593, ack 385, win 30, options [nop,nop,TS val 3933789 ecr 642814439], length 296: HTTP, length: 296 GET /success.txt HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache DNT: 1 Connection: keep-alive E..\T.@.@..z …\z…..P}……^….o…… .<.]&P..GET /success.txt HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache DNT: 1 Connection: keep-alive