802.1q issue on LAN - certain traffic arrives untagged on FW interface

elias28

Hi there,

I have got strange networking behaviour on my VLAN Tagged LAN interface, whereas traffic does not flow properly over the interface - neither in- nor egress.

Short information concerning the setup:

1. Virtual firewall on VMware Enterprise Plus cluster with E1000 NICs on vSwitch
2. On both interfaces (LAN & WAN) the traffic is tagged - VL ID's are for WAN:258 and for LAN:260

So parent interface for VL258 is em0 and for VL260 it's em1

Now for some reason, I am receiving a lot of packets from clients on the em1 interface instead of the em1.260, which is LAN.
This means that this traffic is blocked - there is also no way to pass this traffic through the firewall by any rule, because this interface simply does not exist.
Anyhow, I simply should not see any traffic destined vor VL260 on the parent interface.

For example:

1 Client tries to make a WA call, UDP traffic is on em1:

and TCP traffic is on LAN

This behaviour is absolutely not comprehensible for me.
Is this a bug???

Guest

And witch pfSense Version you are using? Is this 2.4.0 that has some problems with the VLAN labeling
or it this the Version 2.4.1 with some problems with the VLANs over PPP Internet connections, what
version is it now? Do you try out the Version 2.4.2a from the 10 November 2017 that is solving that
behaviors right and is running well? If you will be not interested using this early snapshot (2.4.2a) you
should perhaps settle back to the version 2.3.5 where this will be not really an issue as I am informed.

elias28

Danke BlueKobold  ;)

I am currently running Version 2.4.1
Will test Alpha Version and report back.

elias28

I have tested Version 2.4.2A from yesterdays release.

Problem persists:

Will install now a Testbed with Version 2.3.5 and give that a try…........

elias28

Installed Version 2.3.2 and changed the following in addition:

1. VMXNET3 NICs instead of E1000
2. Didn't change any settings on the firewall. So all is Default, except from the VLAN configuration

Anyhow - still same problem with traffic arriving on the parent interface

So either it is Version 2.3.2 (did not try yet 2.3.5) or it is something related to the virtualization of the firewall inside my infrastructure.
But I do not believe, that there is a "general" issue with the network. All other tagged traffic is properly working - means all other VM's which are on the same vSwitch do not have any issues.
I also do not have any problems with connection between LAN clients and also constant icmp replies from the LAN Net to the LAN Address. If there would be a general issue, I would definetly see
dropped packets or timeouts.
For me it looks like (mainly)UDP traffic gets untagged or arrives untagged on the interface.
Also TCP traffic is affected by this - but as far as I can tell, this only applies to traffic for destination Port 5094

I have tested this issue with a Netgate SG-8860 and no tagged traffic, and this works:

Maybe should give it a try and attach the SG-8860 interfaces to dot1q interfaces and see what happens…....

elias28

I have conducted some more tests, including attaching the physical FW to dot1q interfaces.

Here my results:

1. Connecting the SG-8860 to dot1q interfaces works. Traffic flows over the VLAN interfaces - no packets arriving on the parents.

2. I have created on the vSwitch dedicated Portgroups for the pfSense WAN and LAN interfaces. This eliminates the need for VLAN interfaces on the pfSense. Of course with this solution, there are no more packets in- or egress on any other interface than the LAN or WAN interfaces. So this is basically a workaround instead of a fix.
But doing this, solves the problem for me now.

My conclusion:
There is an incompatibility between a VMware vSwitch and the pfsense virtual interfaces. Would be interesting to know, if others with a similar infrastructure design, are getting the same error.
I do not have the passion to do more troubleshooting on this, like packet captures on the vSwitch etc…..

I will very likely switch to a physical CARP cluster solution and keep the virtual one as a backup in the network.
Will see......

johnpoz

Did you set vswitch to 4095 for the vlan id?  If not its going to strip the tags..

https://kb.vmware.com/s/article/1004252
This article provides a sample configuration of a VLAN tagging at the virtual machine level.

If you do not do this then yeah all tagged packets would just show up on the native interface of pfsense.  Since tags would be stripped.

See attached - these are all vms where they see the tags and then handle the traffic..

elias28

Hi johnpoz

of course it is set to 4095. Otherwise none of the traffic destined for any destination would work.
As I already stated - I have got dozens of VMs running on the same vSwitch without any problems.
Also had before the pfSense a different firewall on the same vSwitch running, also without any issues.

@johnpoz:

…....If you do not do this then yeah all tagged packets would just show up on the native interface of pfsense.  Since tags would be stripped.

You probably missed my earlier post.
It is not all traffic which arrives on the parent interface:

@elias28:

But I do not believe, that there is a "general" issue with the network. All other tagged traffic is properly working - means all other VM's which are on the same vSwitch do not have any issues.
I also do not have any problems with connection between LAN clients and also constant icmp replies from the LAN Net to the LAN Address. If there would be a general issue, I would definetly see
dropped packets or timeouts.
For me it looks like (mainly)UDP traffic gets untagged or arrives untagged on the interface.
Also TCP traffic is affected by this - but as far as I can tell, this only applies to traffic for destination Port 5094

Anyhow, for me this issue is buried.

I hand this over to the developers, who can (if they are interested) easily replicate this issue, with the information I have provided so far.

johnpoz

Can not replicate this issue… I send tagged traffic to pfsense interfaces without issue using esxi.. trunked port into esxi host nic, vswitch set to 4095.. Pfsense nic on this vswitch..

Do a simple sniff - with tcpdump so you can see the tags.. If they are stripped that is esxi issue not pfsense.  Pfsense can only work with what it gets.. If your seeing the tags and pfsense is still seeing it on its native interface on that vswitch then you have a problem.

Like said can not replicate this..  See attached with simple tcpdump on the parent interface in pfsense with the -e to show vlan info..

If traffic is getting to pfsense not tagged then yes the parent interface would see it..

elias28

Ok, challange accepted  ;) and thanks for investing time into this, but your test doesn't prove a lot.
I can also show you my tcpdumps, proving that Broadcast traffic is arriving tagged.
(Subnet 10.0.0.0/16 is indeed untagged traffic, which is correct)

[2.4.1-RELEASE][root@pfSense.xxx-yyy.local]: tcpdump -e -i em1 | grep Broad
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
06:54:52.802186 00:50:56:9f:44:56 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.37 tell 192.168.0.78, length 46
06:54:54.924169 3c:52:82:d7:a0:d7 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 261, p 0, ethertype IPv4, 172.20.15.38.netbios-ns > 172.20.15.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:54:54.942445 fc:3f:db:b5:26:0a (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype ARP, Request who-has 172.20.15.111 tell 172.20.15.214, length 46
06:54:55.360938 84:8f:69:ef:ee:25 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 261, p 0, ethertype IPv4, 172.20.15.218.netbios-ns > 172.20.15.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:54:55.673801 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.52 tell 10.0.20.250, length 46
06:54:55.676684 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.72 tell 10.0.20.250, length 46
06:54:55.677622 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.230 tell 10.0.20.250, length 46
06:54:55.677624 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.99 tell 10.0.20.250, length 46
06:54:55.677626 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.100 tell 10.0.20.250, length 46
06:54:55.679413 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.62 tell 10.0.20.250, length 46
06:54:55.696961 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.0.110 tell 10.0.20.250, length 46
06:54:55.697471 00:50:56:9f:25:ef (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.1.61 tell 10.0.20.250, length 46
06:54:55.941183 c0:56:e3:07:9d:fb (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype AoE, AoE length 46, Ver 1, Flags: [none]
06:54:55.951648 00:50:56:9f:0a:05 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.8 tell 192.168.0.82, length 46
06:54:56.236771 f0:d5:bf:df:7d:d9 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 13, p 0, ethertype IPv4, 10.8.15.234.netbios-ns > 10.8.15.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:54:56.274191 f0:79:60:27:47:ee (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has pfSense.xxx-yyy.local tell 172.20.15.129, length 46
06:54:56.515323 84:8f:69:ef:ee:25 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype ARP, Request who-has 172.20.15.93 tell 172.20.15.218, length 46
06:54:56.635664 00:50:56:9f:4f:94 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 258, p 0, ethertype ARP, Request who-has 192.168.1.93 tell 192.168.1.110, length 46
06:54:57.506967 00:10:db:ff:10:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 966, p 0, ethertype ARP, Request who-has 172.17.0.200 tell 172.17.1.1, length 46
06:54:57.513452 84:8f:69:ef:ee:25 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype ARP, Request who-has 172.20.15.124 tell 172.20.15.218, length 46
06:54:57.527731 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype ARP, Request who-has 172.20.15.110 tell 172.20.15.226, length 46
06:54:57.529031 00:90:e8:39:2f:da (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 302, p 0, ethertype ARP, Request who-has 10.10.1.244 tell 10.10.1.237, length 46
06:54:57.588007 5c:f9:38:99:40:ac (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.201.6.1 tell 10.201.6.131, length 46
06:54:57.592100 54:ee:75:b1:41:06 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.111 tell 10.0.0.248, length 46
06:54:57.592102 54:ee:75:b1:41:06 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.230 tell 10.0.0.248, length 46
06:54:57.592104 54:ee:75:b1:41:06 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.20.99 tell 10.0.0.248, length 46
06:54:58.593971 5c:f9:38:99:40:ac (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.201.6.1 tell 10.201.6.131, length 46
06:54:59.452162 00:50:56:d1:a0:06 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 968, p 0, ethertype Reverse ARP, Request who-has 0.0.0.0 (Broadcast) tell 0.0.0.0, length 46
06:54:59.452164 00:50:56:d1:a0:06 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 968, p 0, ethertype ARP, Request who-has 0.0.0.0 (Broadcast) tell 0.0.0.0, length 46
06:54:59.507879 00:50:56:9f:02:de (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.254 tell 192.168.0.69, length 46
06:54:59.508298 00:0c:29:ea:f9:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.69 tell 192.168.0.254, length 46
06:54:59.514504 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.514522 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.514526 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.514533 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.514980 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.514987 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.515065 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.515071 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.226.51029 > 172.20.15.255.22936: UDP, length 32
06:54:59.515971 00:50:56:d1:b0:07 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 968, p 0, ethertype Reverse ARP, Request who-has 0.0.0.0 (Broadcast) tell 0.0.0.0, length 46
06:54:59.515974 00:50:56:d1:b0:07 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 968, p 0, ethertype ARP, Request who-has 0.0.0.0 (Broadcast) tell 0.0.0.0, length 46
06:54:59.516375 00:50:56:d1:b0:01 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 968, p 0, ethertype Reverse ARP, Request who-has 0.0.0.0 (Broadcast) tell 0.0.0.0, length 46
06:54:59.516380 00:50:56:d1:b0:01 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 968, p 0, ethertype ARP, Request who-has 0.0.0.0 (Broadcast) tell 0.0.0.0, length 46
06:54:59.529029 00:90:e8:39:2f:da (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 302, p 0, ethertype ARP, Request who-has 10.10.1.244 tell 10.10.1.237, length 46
06:54:59.746498 b4:b5:2f:35:c8:89 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 11, p 0, ethertype IPv4, 192.168.0.76.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b4:b5:2f:35:c8:89 (oui Unknown), length 300
06:54:59.746722 00:0c:29:ea:f9:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.76 tell 192.168.0.254, length 46
06:55:00.189949 a0:a8:cd:8f:94:9f (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 260, p 0, ethertype ARP, Request who-has 10.201.6.1 tell 10.201.6.111, length 46
06:55:01.377330 00:28:f8:1d:16:ea (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 13, p 0, ethertype IPv4, 10.8.15.244.netbios-ns > 10.8.15.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:55:04.390417 24:77:03:15:11:4c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 260, p 0, ethertype IPv4, 10.201.6.149.netbios-ns > 10.201.6.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:55:05.015185 ac:cc:8e:01:3e:bc (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 172.20.15.204 tell 192.168.0.101, length 46
06:55:05.607061 00:50:56:9f:e0:ff (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.8 tell 192.168.0.64, length 46
06:55:05.623704 5c:f9:38:99:40:ac (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.201.6.1 tell 10.201.6.131, length 46
06:55:05.925307 24:77:03:15:11:4c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 260, p 0, ethertype IPv4, 10.201.6.149.netbios-ns > 10.201.6.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:55:05.929148 00:0b:16:00:06:15 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 669, p 0, ethertype ARP, Request who-has 10.254.0.150 tell 10.254.3.30, length 46
06:55:05.945659 c0:97:27:54:36:de (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 260, p 0, ethertype ARP, Request who-has 10.201.6.1 tell 10.201.6.73, length 46
06:55:07.951401 24:b6:fd:fd:66:9c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype ARP, Request who-has 172.20.15.227 tell 172.20.15.119, length 46
06:55:07.956495 00:50:56:9f:23:aa (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.0.1.61 tell 10.0.10.200, length 46
06:55:08.139324 00:0c:29:ea:f9:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.29 tell 192.168.0.254, length 46
06:55:08.139325 00:0c:29:ea:f9:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.30 tell 192.168.0.254, length 46
06:55:08.765440 cc:3d:82:70:cd:f8 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 260, p 0, ethertype IPv4, 10.201.6.98.netbios-ns > 10.201.6.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:55:08.770807 3a:4b:b6:6b:16:53 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 260, p 0, ethertype ARP, Request who-has 10.201.6.3 tell 10.201.6.171, length 46
06:55:09.262540 b4:b6:76:2a:c9:bb (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 96: vlan 13, p 0, ethertype IPv4, 10.8.15.237.netbios-ns > 10.8.15.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:55:09.299314 f0:79:60:27:47:ee (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has pfSense.xxx-yyy.local tell 172.20.15.129, length 46
06:55:09.353297 00:50:56:9f:44:56 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.8 tell 192.168.0.78, length 46
06:55:10.477957 00:50:56:9f:e0:ff (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 11, p 0, ethertype ARP, Request who-has 192.168.0.8 tell 192.168.0.64, length 46
06:55:10.481632 00:50:56:9f:4f:94 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 258, p 0, ethertype ARP, Request who-has 192.168.1.93 tell 192.168.1.110, length 46
06:55:10.489863 3a:4b:b6:6b:16:53 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 260, p 0, ethertype ARP, Request who-has 10.201.6.3 tell 10.201.6.171, length 46
06:55:10.649100 5c:f9:38:99:40:ac (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 10.201.6.1 tell 10.201.6.131, length 46
80266 packets captured
1449190 packets received by filter
1366913 packets dropped by kernel

I can even prove that 99,9% of the traffic is properly tagged:

[2.4.1-RELEASE][root@pfSense.xxx-yyy.local]: tcpdump -e -i em1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
06:44:18.372617 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 298: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 1255234859:1255235099, ack 2368132969, win 513, length 240
06:44:18.373552 00:0c:29:ea:f9:2d (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.254.53687 > pfSense.xxx-yyy.local.ssh: Flags [.], ack 240, win 256, length 0
06:44:18.382261 c0:56:e3:07:9e:07 (oui Unknown) > 01:00:5e:7e:00:19 (oui Unknown), ethertype 802.1Q (0x8100), length 1446: vlan 11, p 0, ethertype IPv4, 192.168.0.25.8620 > 239.254.0.25.8148: UDP, length 1400
06:44:18.389205 00:50:56:9f:78:12 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.83.52037 > 10.10.100.1.2377: Flags [.], ack 849233285, win 1022, length 0
06:44:18.389245 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.83.52037 > 10.10.100.1.2377: Flags [.], ack 1, win 1022, length 0
06:44:18.390243 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 666: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 240:848, ack 1, win 513, length 608
06:44:18.390429 28:f1:0e:4e:d4:93 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.196.57094 > 10.10.100.1.2377: Flags [.], ack 846988514, win 252, length 0
06:44:18.390443 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.196.57094 > 10.10.100.1.2377: Flags [.], ack 1, win 252, length 0
06:44:18.390496 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, google-public-dns-a.google.com > 172.20.15.254: ICMP echo reply, id 145, seq 39388, length 40
06:44:18.392065 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 362: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 848:1152, ack 1, win 513, length 304
06:44:18.392564 00:0c:29:ea:f9:2d (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.254.53687 > pfSense.xxx-yyy.local.ssh: Flags [.], ack 1152, win 253, length 0
06:44:18.394995 00:50:56:9f:49:4f (oui Unknown) > fc:3f:db:b5:26:0a (oui Unknown), ethertype 802.1Q (0x8100), length 256: vlan 261, p 0, ethertype IPv4, ec2-54-76-253-149.eu-west-1.compute.amazonaws.com.https > 172.20.15.214.55179: Flags [P.], seq 231344292:231344490, ack 1619979875, win 114, length 198
06:44:18.395357 fc:3f:db:b5:26:0a (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 89: vlan 261, p 0, ethertype IPv4, 172.20.15.214.55179 > ec2-54-76-253-149.eu-west-1.compute.amazonaws.com.https: Flags [P.], seq 1:32, ack 198, win 254, length 31
06:44:18.395376 fc:3f:db:b5:26:0a (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.214.55179 > ec2-54-76-253-149.eu-west-1.compute.amazonaws.com.https: Flags [F.], seq 32, ack 198, win 254, length 0
06:44:18.395601 fc:3f:db:b5:26:0a (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.20.15.214.55183 > ec2-54-76-253-149.eu-west-1.compute.amazonaws.com.https: Flags [s], seq 753223452, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
06:44:18.396613 00:0c:29:ea:f9:2d (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.20.15.254 > google-public-dns-a.google.com: ICMP echo request, id 145, seq 39390, length 40
06:44:18.411268 fc:3f:db:b5:26:0a (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.214.54654 > fra16s14-in-f3.1e100.net.https: Flags [.], seq 918028174:918028175, ack 728919029, win 257, length 1
06:44:18.415783 00:50:56:9f:95:79 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.114.49728 > 10.10.100.1.2377: Flags [.], ack 4049013404, win 510, length 0
06:44:18.415811 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.114.49728 > 10.10.100.1.2377: Flags [.], ack 1, win 510, length 0
06:44:18.415829 00:50:56:9f:69:c3 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.31.37284 > 10.10.100.1.2377: Flags [.], ack 4094296297, win 506, length 0
06:44:18.415839 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.31.37284 > 10.10.100.1.2377: Flags [.], ack 1, win 506, length 0
06:44:18.415841 00:50:56:9f:23:75 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.18.49338 > 10.10.100.1.2377: Flags [.], ack 2372356062, win 510, length 0
06:44:18.415847 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.18.49338 > 10.10.100.1.2377: Flags [.], ack 1, win 510, length 0
06:44:18.415853 00:50:56:9f:6c:8a (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.21.51718 > 10.10.100.1.2377: Flags [.], ack 730774043, win 510, length 0
06:44:18.415859 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.21.51718 > 10.10.100.1.2377: Flags [.], ack 1, win 510, length 0
06:44:18.415877 00:50:56:9f:68:82 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.15.52608 > 10.10.100.1.2377: Flags [.], ack 3779267763, win 513, length 0
06:44:18.415889 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.15.52608 > 10.10.100.1.2377: Flags [.], ack 1, win 513, length 0
06:44:18.415891 00:50:56:9f:6c:8a (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.21.51720 > 10.10.100.1.2377: Flags [.], ack 431387434, win 510, length 0
06:44:18.415897 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.21.51720 > 10.10.100.1.2377: Flags [.], ack 1, win 510, length 0
06:44:18.415898 00:50:56:9f:3d:d8 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.24.64099 > 10.10.100.1.2377: Flags [.], ack 968879018, win 513, length 0
06:44:18.415903 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.24.64099 > 10.10.100.1.2377: Flags [.], ack 1, win 513, length 0
06:44:18.415905 48:65:ee:10:14:92 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.20.15.112.61179 > 10.10.100.1.2377: Flags [.], ack 3215571007, win 4084, options [nop,nop,TS val 1000828323 ecr 41169571], length 0
06:44:18.415911 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.20.15.112.61179 > 10.10.100.1.2377: Flags [.], ack 1, win 4084, options [nop,nop,TS val 1000828323 ecr 41169571], length 0
06:44:18.415924 00:50:56:9f:34:d3 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.22.54567 > 10.10.100.1.2377: Flags [.], ack 1826024802, win 510, length 0
06:44:18.415930 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.22.54567 > 10.10.100.1.2377: Flags [.], ack 1, win 510, length 0
06:44:18.416020 e4:a7:a0:fc:90:ef (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 146: vlan 261, p 0, ethertype IPv4, 172.20.15.207.50002 > 10.4.0.71.4172: UDP, length 100
06:44:18.416032 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 146: vlan 261, p 0, ethertype IPv4, 172.20.15.207.50002 > 10.4.0.71.4172: UDP, length 100
06:44:18.422652 6c:c2:17:7e:29:ee (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.224.63434 > 172.16.53.240.7500: Flags [.], ack 1956943870, win 16165, length 0
06:44:18.422669 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.224.63434 > 172.16.53.240.7500: Flags [.], ack 1, win 16165, length 0
06:44:18.422699 00:50:56:9f:31:40 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.16.59185 > 10.10.100.2.rdp: Flags [.], ack 4005528242, win 1825, length 0
06:44:18.422708 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.20.15.16.59185 > 10.10.100.2.rdp: Flags [.], ack 1, win 1825, length 0
06:44:18.422967 00:0c:29:ea:f9:2d (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 82: vlan 261, p 0, ethertype IPv4, 10.10.100.19.51134 > defra1-vip-bx-011.aaplimg.com.https: Flags [s], seq 3435286477, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 906565302 ecr 0,sackOK,eol], length 0
06:44:18.610549 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 46: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local > 172.20.15.254: ICMP echo request, id 19845, seq 7622, length 8
06:44:18.626583 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 16227808, win 32768, length 0
06:44:18.626597 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.38920 > 172.16.51.200.http: Flags [.], ack 2255910836, win 32768, length 0
06:44:18.626603 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 1381, win 32768, length 0
06:44:18.627241 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 618: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 1152:1712, ack 1, win 513, length 560
06:44:18.627535 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 2761, win 32768, length 0
06:44:18.627538 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 1114: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 1712:2768, ack 1, win 513, length 1056
06:44:18.627573 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 4141, win 32768, length 0
06:44:18.627672 00:0c:29:ea:f9:2d (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.254.53687 > pfSense.xxx-yyy.local.ssh: Flags [.], ack 2768, win 256, length 0
06:44:18.627937 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 650: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 2768:3360, ack 1, win 513, length 592
06:44:18.628581 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.28019 > 172.16.51.200.http: Flags [.], ack 2234045447, win 32768, length 0
06:44:18.628590 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 3188304549, win 32768, length 0
06:44:18.628628 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 1381, win 32768, length 0
06:44:18.628640 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 2761, win 32768, length 0
06:44:18.628650 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 4141, win 32768, length 0
06:44:18.628657 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 5521, win 32768, length 0
06:44:18.628666 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 6901, win 32768, length 0
06:44:18.628675 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 8281, win 32768, length 0
06:44:18.628681 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 9661, win 32768, length 0
06:44:18.628687 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 11041, win 32768, length 0
06:44:18.628695 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 11041, win 32768, options [nop,nop,sack 1 {12421:13801}], length 0
06:44:18.628702 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 11041, win 32768, options [nop,nop,sack 1 {12421:15181}], length 0
06:44:18.628708 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 15181, win 32768, length 0
06:44:18.628715 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 16561, win 32768, length 0
06:44:18.629555 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 17941, win 32768, length 0
06:44:18.629563 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 19321, win 32768, length 0
06:44:18.629569 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 20701, win 32768, length 0
06:44:18.629599 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 22081, win 32768, length 0
06:44:18.629609 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 4141, win 32768, options [nop,nop,sack 1 {5521:6901}], length 0
06:44:18.629618 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 6901, win 32768, length 0
06:44:18.629628 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 8281, win 32768, length 0
06:44:18.629645 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 9661, win 32768, length 0
06:44:18.629653 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 11041, win 32768, length 0
06:44:18.629732 00:50:56:9f:49:4f (oui Unknown) > fc:3f:db:b5:26:0a (oui Unknown), ethertype 802.1Q (0x8100), length 109: vlan 261, p 0, ethertype IPv4, ec2-52-37-117-0.us-west-2.compute.amazonaws.com.https > 172.20.15.214.55175: Flags [P.], seq 2639866567:2639866618, ack 4234796770, win 110, length 51
06:44:18.629787 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 12421, win 32768, length 0
06:44:18.629879 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 13801, win 32768, length 0
06:44:18.630210 fc:3f:db:b5:26:0a (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 404: vlan 261, p 0, ethertype IPv4, 172.20.15.214.55175 > ec2-52-37-117-0.us-west-2.compute.amazonaws.com.https: Flags [P.], seq 1:347, ack 51, win 255, length 346
06:44:18.630231 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 15181, win 32768, length 0
06:44:18.630540 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 16561, win 32768, length 0
06:44:18.630570 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 16561, win 32768, options [nop,nop,sack 1 {17941:19321}], length 0
06:44:18.630595 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 19321, win 32768, length 0
06:44:18.630601 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 20701, win 32768, length 0
06:44:18.631568 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 22081, win 32768, length 0
06:44:18.631576 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 23461, win 32768, length 0
06:44:18.631583 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 24841, win 32768, length 0
06:44:18.631589 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 26221, win 32768, length 0
06:44:18.631596 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 27601, win 32768, length 0
06:44:18.631601 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 28981, win 32768, length 0
06:44:18.631649 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 23461, win 32768, length 0
06:44:18.631654 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 24841, win 32768, length 0
06:44:18.631660 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 26221, win 32768, length 0
06:44:18.631665 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 27601, win 32768, length 0
06:44:18.631669 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 27601, win 32768, options [nop,nop,sack 1 {28981:30361}], length 0
06:44:18.631676 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 27601, win 32768, options [nop,nop,sack 1 {28981:31741}], length 0
06:44:18.631683 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 27601, win 32768, options [nop,nop,sack 1 {28981:33121}], length 0
06:44:18.631688 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 27601, win 32768, options [nop,nop,sack 1 {28981:34501}], length 0
06:44:18.631728 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 34501, win 32768, length 0
06:44:18.631735 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 35881, win 32768, length 0
06:44:18.632533 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 37261, win 32768, length 0
06:44:18.632538 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 38641, win 32768, length 0
06:44:18.632571 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 40021, win 32768, length 0
06:44:18.632576 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 41401, win 32768, length 0
06:44:18.632594 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 42781, win 32768, length 0
06:44:18.632599 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 44161, win 32768, length 0
06:44:18.632619 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 28981, win 32768, options [nop,nop,sack 1 {30361:31741}], length 0
06:44:18.632623 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 28981, win 32768, options [nop,nop,sack 1 {30361:33121}], length 0
06:44:18.633533 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 33121, win 32768, length 0
06:44:18.633554 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 34501, win 32768, length 0
06:44:18.633578 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 35881, win 32768, length 0
06:44:18.633583 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 37261, win 32768, length 0
06:44:18.633602 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 38641, win 32768, length 0
06:44:18.633608 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 40021, win 32768, length 0
06:44:18.633631 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 40021, win 32768, options [nop,nop,sack 1 {41401:42781}], length 0
06:44:18.633654 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 40021, win 32768, options [nop,nop,sack 1 {41401:44161}], length 0
06:44:18.633659 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 40021, win 32768, options [nop,nop,sack 1 {41401:45541}], length 0
06:44:18.634159 e4:a7:a0:fc:90:ef (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 146: vlan 261, p 0, ethertype IPv4, 172.20.15.207.50002 > 10.4.0.71.4172: UDP, length 100
06:44:18.634175 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 146: vlan 261, p 0, ethertype IPv4, 172.20.15.207.50002 > 10.4.0.71.4172: UDP, length 100
06:44:18.634546 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 45541, win 32768, length 0
06:44:18.634551 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 46921, win 32768, length 0
06:44:18.634556 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 48301, win 32768, length 0
06:44:18.634561 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 49681, win 32768, length 0
06:44:18.634595 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 51061, win 32768, length 0
06:44:18.634601 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 51061, win 32768, options [nop,nop,sack 1 {52441:53821}], length 0
06:44:18.634607 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 53821, win 32768, length 0
06:44:18.634671 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 45541, win 32768, length 0
06:44:18.634677 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 46921, win 32768, length 0
06:44:18.634682 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 48301, win 32768, length 0
06:44:18.634974 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 79: vlan 261, p 0, ethertype IPv4, 172.16.52.100 > 172.16.51.200: ICMP echo request, id 434, seq 2447, length 41
06:44:18.635565 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 49681, win 32768, length 0
06:44:18.635624 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 55201, win 32768, length 0
06:44:18.635630 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 51061, win 32768, length 0
06:44:18.635635 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 52441, win 32768, length 0
06:44:18.635641 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 53821, win 32768, length 0
06:44:18.635647 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 53821, win 32768, options [nop,nop,sack 1 {55201:56581}], length 0
06:44:18.635678 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 78: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 53821, win 32768, options [nop,nop,sack 2 {59341:60721}{55201:56581}], length 0
06:44:18.636537 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 56581, win 32768, options [nop,nop,sack 1 {59341:60721}], length 0
06:44:18.636543 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 57961, win 32768, options [nop,nop,sack 1 {59341:60721}], length 0
06:44:18.636580 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 60721, win 32768, length 0
06:44:18.636586 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 60721, win 32768, options [nop,nop,sack 1 {62101:63308}], length 0
06:44:18.636592 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 56581, win 32768, length 0
06:44:18.636598 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 57961, win 32768, length 0
06:44:18.636653 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.21126 > 172.16.51.200.http: Flags [.], ack 63308, win 32768, length 0
06:44:18.636659 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 59341, win 32768, length 0
06:44:18.636664 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 60721, win 32768, length 0
06:44:18.636703 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 60721, win 32768, options [nop,nop,sack 1 {63481:64861}], length 0
06:44:18.636812 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 62101, win 32768, options [nop,nop,sack 1 {63481:64861}], length 0
06:44:18.637027 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 64861, win 32768, length 0
06:44:18.637154 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 66241, win 32768, length 0
06:44:18.637386 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 67621, win 32768, length 0
06:44:18.637543 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 69001, win 32768, length 0
06:44:18.637548 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 70381, win 32768, length 0
06:44:18.637610 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 71761, win 32768, length 0
06:44:18.637756 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 71761, win 32768, options [nop,nop,sack 1 {74521:75507}], length 0
06:44:18.637860 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 73141, win 32768, options [nop,nop,sack 1 {74521:75507}], length 0
06:44:18.637954 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, 172.16.52.50.2123 > 172.16.51.200.http: Flags [.], ack 75507, win 32768, length 0
06:44:18.930857 48:65:ee:10:14:92 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.20.15.112.61179 > 10.10.100.1.2377: Flags [.], ack 4524, win 4095, options [nop,nop,TS val 1000828829 ecr 41169623], length 0
06:44:18.930872 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 172.20.15.112.61179 > 10.10.100.1.2377: Flags [.], ack 4524, win 4095, options [nop,nop,TS val 1000828829 ecr 41169623], length 0
06:44:18.931469 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 426: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 4976:5344, ack 1, win 513, length 368
06:44:18.932404 00:50:56:9f:49:4f (oui Unknown) > 00:0c:29:ea:f9:2d (oui Unknown), ethertype 802.1Q (0x8100), length 1082: vlan 261, p 0, ethertype IPv4, pfSense.xxx-yyy.local.ssh > 172.20.15.254.53687: Flags [P.], seq 5344:6368, ack 1, win 513, length 1024
06:44:18.932641 00:0c:29:ea:f9:2d (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.254.53687 > pfSense.xxx-yyy.local.ssh: Flags [.], ack 6368, win 251, length 0
06:44:18.932929 00:50:56:9f:49:4f (oui Unknown) > 6c:c2:17:7e:29:28 (oui Unknown), ethertype 802.1Q (0x8100), length 58: vlan 261, p 0, ethertype IPv4, edge-video-shv-01-cdt1.fbcdn.net.https > 172.20.15.234.50315: Flags [R], seq 992481694, win 0, length 0
06:44:18.933168 00:50:56:9f:49:4f (oui Unknown) > fc:3f:db:b5:26:0a (oui Unknown), ethertype 802.1Q (0x8100), length 256: vlan 261, p 0, ethertype IPv4, ec2-52-37-117-0.us-west-2.compute.amazonaws.com.https > 172.20.15.214.55175: Flags [P.], seq 51:249, ack 347, win 114, length 198

My issue is once again:
UDP Traffic: mainly for destination Port 3478 (WhatsApp)
and
TCP Traffic for destination Port 5094.

Please try to make a WA call with your tagged interfaces on WAN and LAN and capture that connection attempt.

[/s][/s]

johnpoz

Where is the tcpdump showing that traffic was correctly tagged?

I do not see that in you dumps… So your sniffs prove nothing...  I searched for those ports and the service names stun, hart-it and do not see any traffic in that dump showing its tagged.

Again please show the traffic hitting pfsense interface tagged but showing up in the firewall hitting the wrong interface.. Ie your native untagged..

Think about it for 2 seconds... What makes more sense the traffic is getting to pfsense untagged you believe it should be tagged, or that pfsense ignores the tagged on traffic on specific ports?  Come on... Isn't it just more likely that say your AP is not tagging this traffic correctly..  Since you mention whatsapp call I would guess this is coming from a wireless device..

elias28

I did so far nothing else, than showing that traffic in general is tagged (as you did)
I did not show here, that traffic for UDP Ports 3478 and TCP 5094 are hitting the interface.

@johnpoz:

Come on… Isn't it just more likely that say your AP is not tagging this traffic correctly..  Since you mention whatsapp call I would guess this is coming from a wireless device..

Yes, was also thinking about this possibility. But I do not believe that the AP is tagging 99% of the traffic correctly, whereas 1% is not tagged. Either it is tagged or it isn't. Period.
This is what I simply do not comprehend.
Further please note, that the captured traffic includes Wireless Traffic…

So my initial thought was, that this must be some sort of a bug. Now that I have tested it with a SG-8860, I can say, that pfSense is very likely not the
root cause here.

I will try to find some time to nail this down, but as I already indicated - I do not have the passion anymore, as I can work with my temporary workaround and will very likely switch to a physical solution in the near future.

Derelict

Yes, was also thinking about this possibility. But I do not believe that the AP is tagging 99% of the traffic correct, whereas 1% is not tagged. Either it is tagged or it isn't. Period.

Exactly the same thing could be said for the pfSense interface. It is either received tagged or it isn't. Period.

johnpoz

Here you go… I just fired up my phone..  You can see both tagged and untagged traffic for stun.. Unifi uses stun which would be untagged on the 192.168.2 network and my phone on tagged wifi vlan 200 that is tagged.

So when you show us it as tagged but pfsense process it on the wrong interface - then we can talk..  Until then its pfsense doing what it is suppose to be doing.. It saw untagged traffic and processed it as untagged.  Why it got to pfsense as untagged when you feel it should be tagged would be on your network and not pfsense.

What makes more sense the traffic is there untagged, or pfsense says oh screw this its port 3478 and tagged - let me process that port as untagged ;)

elias28

@Derelict:

Exactly the same thing could be said for the pfSense interface. It is either received tagged or it isn't. Period.

Absolutely agree on that! You can also put it this way!

@johnpoz:

Here you go… I just fired up my phone..  You can see both tagged and untagged traffic for stun.. Unifi uses stun which would be untagged on the 192.168.2 network and my phone on tagged wifi vlan 200 that is tagged.

So when you show us it as tagged but pfsense process it on the wrong interface - then we can talk..  Until then its pfsense doing what it is suppose to be doing.. It saw untagged traffic and processed it as untagged.  Why it got to pfsense as untagged when you feel it should be tagged would be on your network and not pfsense.

Ok thanks for this confirmation. So this proves (once again), that it is not pfsense and something in my infrastructure, causing this behaviour….

elias28

Ok, here it is:

This is a phone, connected to an AP, trying to establish WA call. Traffic for UDP Port3478 arrives indeed untagged on the pfsense interface.

[2.4.1-RELEASE][root@pfSense.xxx-yyy.local]/root: tcpdump -e -i em1 | grep 172.20.15.213    
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
08:35:53.122768 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.213.51217 > 72.3a.559e.ip4.static.sl-reverse.com.https: Flags [.], ack 1416400460, win 2048, length 0
08:35:53.310425 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 82: vlan 261, p 0, ethertype IPv4, 172.20.15.213.51218 > 10.8.15.254.8080: Flags [s], seq 1005764424, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 738923910 ecr 0,sackOK,eol], length 0
08:35:53.367252 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 70: vlan 261, p 0, ethertype IPv4, 72.3a.559e.ip4.static.sl-reverse.com.https > 172.20.15.213.51217: Flags [.], ack 1, win 514, options [nop,nop,TS val 4097996799 ecr 738898319], length 0
08:35:55.228579 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-cdt1.facebook.com.3478: UDP, length 94
08:35:55.228584 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-cdt1.facebook.com.3478: UDP, length 94
08:35:55.228588 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > 185.60.216.51.3478: UDP, length 94
08:35:55.228591 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > 185.60.216.51.3478: UDP, length 94
08:35:55.228595 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-mxp1.facebook.com.3478: UDP, length 94
08:35:55.228599 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-mxp1.facebook.com.3478: UDP, length 94
08:35:55.228603 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-amt2.facebook.com.3478: UDP, length 94
08:35:55.228621 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-amt2.facebook.com.3478: UDP, length 94
08:35:55.228632 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-cdg2.facebook.com.3478: UDP, length 94
08:35:55.228644 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype IPv4 (0x0800), length 136: 172.20.15.213.52462 > edgeray-shv-01-cdg2.facebook.com.3478: UDP, length 94
08:36:03.380521 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 261, p 0, ethertype IPv4, 172.20.15.213.51217 > 72.3a.559e.ip4.static.sl-reverse.com.https: Flags [.], ack 1, win 2048, length 0
511654 packets captured
836545 packets received by filter
324245 packets dropped by kernel

Now did the following: 
Same phone, same IP, same AP, same route.
Making connection via UDP to Youtube:

[code][2.4.1-RELEASE][root@pfSense.xxx-yyy.local]/root: tcpdump -e -i em1 | grep 172.20.15.213
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
08:49:23.246411 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.61.28.https > 172.20.15.213.53061: UDP, length 1350
08:49:23.246892 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 77: vlan 261, p 0, ethertype IPv4, 173.194.61.28.https > 172.20.15.213.53061: UDP, length 31
08:49:23.246997 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 76: vlan 261, p 0, ethertype IPv4, 173.194.61.28.https > 172.20.15.213.53061: UDP, length 30
08:49:23.247067 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 255: vlan 261, p 0, ethertype IPv4, 173.194.61.28.https > 172.20.15.213.53061: UDP, length 209
08:49:23.252796 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 87: vlan 261, p 0, ethertype IPv4, 172.20.15.213.53061 > 173.194.61.28.https: UDP, length 41
08:49:23.256809 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.53061 > 173.194.61.28.https: UDP, length 38
08:49:23.283324 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.53061 > 173.194.61.28.https: UDP, length 38
08:49:25.214040 e4:e4:ab:01:fa:26 (oui Unknown) > 01:00:5e:00:00:fb (oui Unknown), ethertype 802.1Q (0x8100), length 107: vlan 261, p 0, ethertype IPv4, 172.20.15.213.mdns > 224.0.0.251.mdns: 0 [2q] PTR (QM)? _googlecast._tcp.local. PTR (QM)? _233637DE._sub._googlecast._tcp.local. (61)
08:49:25.394036 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.394583 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 77: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 31
08:49:25.394666 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 76: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 30
08:49:25.395023 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.395877 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.395914 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.397159 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.397189 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.398564 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.399290 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.400085 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.400109 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.672459 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 38
08:49:25.676935 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.679548 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.683358 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 97: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 51
08:49:25.684370 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.686135 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.690269 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.690670 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 38
08:49:25.692746 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.857275 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.862425 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.862587 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 38
08:49:25.865429 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.869700 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 38
08:49:25.872303 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.875216 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.878231 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.880478 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.882186 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 38
08:49:25.883640 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 38
08:49:25.884316 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.884358 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.885795 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.889048 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 84: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 38
08:49:25.889636 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.890360 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.892587 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.900684 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.905954 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.909782 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.913556 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.915390 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 99: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 53
08:49:25.920547 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.924351 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.925116 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.925864 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.927314 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.929930 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.931316 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.932831 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.934302 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.938913 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.942802 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 56
08:49:25.946301 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.949779 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.952681 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.956279 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.959995 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.961438 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:25.961450 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 775: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 729
08:49:25.965398 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.066932 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 123: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 77
08:49:26.827234 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.827968 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.829356 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.831506 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.832271 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.833115 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.834119 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.836238 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.836907 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.837708 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.839981 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.840681 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.842119 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.842807 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.844243 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.844921 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.846504 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.847288 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.848500 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.850545 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.851327 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.852682 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.853310 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.854451 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.856547 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.857273 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.858073 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.860232 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.860890 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.862551 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.863074 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.866305 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.866987 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.866995 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.867751 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 111: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 65
08:49:26.868356 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.869119 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.870877 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.871607 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.872494 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.874663 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.875300 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.876560 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.877261 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.878638 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.878655 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.878662 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.878963 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.879133 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.879143 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.879647 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.881083 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.881098 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.881750 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.881773 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.882338 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.883193 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.885301 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.885843 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.886024 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.887505 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.888152 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.890066 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.890749 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.892293 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.892998 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.894635 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.895386 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.896747 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.897024 e4:e4:ab:01:fa:26 (oui Unknown) > 00:50:56:9f:49:4f (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 261, p 0, ethertype IPv4, 172.20.15.213.61130 > 173.194.31.91.https: UDP, length 62
08:49:26.897478 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.899299 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.900020 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.901463 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.902234 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.903589 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 1396: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 1350
08:49:26.905653 00:50:56:9f:49:4f (oui Unknown) > e4:e4:ab:01:fa:26 (oui Unknown), ethertype 802.1Q (0x8100), length 828: vlan 261, p 0, ethertype IPv4, 173.194.31.91.https > 172.20.15.213.61130: UDP, length 782
104930 packets captured
287971 packets received by filter
181143 packets dropped by kernel[/code]

This time the traffic is tagged!
Anyone, who can explain this to me, or has an idea wins the price?
I know that this has very likely nothing to do anymore with pfSense and probably belongs into a different forum, but yeah, here it is now....   :-X

[/s]

johnpoz

Well what is the AP?  I would suggest you get on their forums..

If its unifi, I use them and not seeing this.. So what AP and firmware?  I am running current beta firmware 3.9.10 on AC Pro, Lite and LR…

Derelict

I would walk the pcap closer to 172.20.15.213 and see where the VLAN tags start doing the wrong thing and talk to those people.

johnpoz

Yup great idea.. Can you sniff right on the AP and validate it good/bad coming off the AP… And then sniff at the switch as it enters your esxi host, etc.

What is the full physical path of the traffic before it gets to pfsense interface.. How many devices.  From the AP is wired or wireless uplink, etc.  Go through any funky dumb switches where your hoping for the tags to just pass through (aka the jknott method of networking - [sorry bad joke sure derelict will get from previous threads]).  Or crappy switches like tp-link that don't allow you to remove vlan 1, etc. etc.. ;)

Here just did sniff right on the unifi AP, so can see its good there..

BZ.v3.9.10# tcpdump -i eth0 -e -n port 3478
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
05:19:58.602747 d0:c5:f3:1f:eb:ff > 78:8a:20:43:30:ab, ethertype 802.1Q (0x8100), length 140: vlan 200, p 0, ethertype IPv4, 192.168.4.208.55286 > 157.240.2.51.3478: UDP, length 94
05:19:58.602859 d0:c5:f3:1f:eb:ff > 78:8a:20:43:30:ab, ethertype 802.1Q (0x8100), length 140: vlan 200, p 0, ethertype IPv4, 192.168.4.208.55286 > 157.240.2.51.3478: UDP, length 94
05:19:58.602934 d0:c5:f3:1f:eb:ff > 78:8a:20:43:30:ab, ethertype 802.1Q (0x8100), length 140: vlan 200, p 0, ethertype IPv4, 192.168.4.208.55286 > 157.240.18.51.3478: UDP, length 94
05:19:58.603059 d0:c5:f3:1f:eb:ff > 78:8a:20:43:30:ab, ethertype 802.1Q (0x8100), length 140: vlan 200, p 0, ethertype IPv4, 192.168.4.208.55286 > 157.240.18.51.3478: UDP, length 94
05:19:58.603178 d0:c5:f3:1f:eb:ff > 78:8a:20:43:30:ab, ethertype 802.1Q (0x8100), length 140: vlan 200, p 0, ethertype IPv4, 192.168.4.208.55286 > 31.13.65.48.3478: UDP, length 94

elias28

I am running a Wireless Lancom Systems enviroment. All AP's are managed through a Lancom WLC-4100 controller, running on firmware 10.12.0082

The AP the phone was connected to, during the test, is a:
Lancom IAP-322 on Firmware 10.12.0084SU1 (latest)

In between the AP and the Controller there are two Cisco 650X Core switches, which are connected via a 20GB etherchannel.

Will check the AP and it's traffic