Playing NSA -- tapping internet communications

Playing NSA -- tapping internet communications

(originally posted 12.09.2017 on Google+)

In the wake of the Snowden reporting, a lot is written about intelligence agencies tapping internet backbone links. But what does this mean exactly? Which data can be collected? What's the effect of encryption? And what about infamous metadata? The problem so far is, when at all the media reports about the technical details, it's almost always wrong or misleading. I hope I can do better with this post. So I play NSA and show you the reality with concrete examples.

I'll send emails from my professional email account to my private gmail account (I actually sent the emails, but will X-out the local parts of the email addresses here; the ones who extract my email addresses from the hex dump really deserve it). The emails will be sent on three different ways:

1. Traditionally unencrypted email, without transport layer encryption (STARTTLS)

2. PGP-encrypted email, but sent without STARTTLS

3. Traditionally unencrypted email, but sent with STARTTLS

Concurrently I will tap the traffic with tcpdump (tcpdump is the traditional Unix tool to tap network traffic; btw the infamous NSA XkeyScore tool is basically nothing more than an enhanced tcpdump to ease the work of analysts analysing the network traffic):

tcpdump -n -i eth0 port 25 -w email.pcap

Then I will analyze the tapped traffic with:

tcpdump -X -n -r email.pcap

You can find the complete outputs of the tcpdumps at the end of this post. When you look at it, you'll see that tcpdump outputs are something that needs getting used to -- so you'll likely understand one reason why the NSA invented the cozy tool XKeyScore …

1. Traditionally unencrypted email, without transport layer encryption (STARTTLS)

Let's start with this one. The "S" in "SMTP" stands for "simple", and traditional SMTP really is simple, so I can send an email from a command line -- and this makes it easy to explain some important points:

$ telnet gmail-smtp-in.l.google.com. 25

Trying 74.125.133.27...

Connected to gmail-smtp-in.l.google.com.

Escape character is '^]'.

220 mx.google.com ESMTP v139si8345872wmv.47 - gsmtp

I telneted to the SMTP port of a gmail email server, it responds with a 220 line, everything OK.

EHLO me

250-mx.google.com at your service, [212.89.128.XX]

250-SIZE 157286400

250-8BITMIME

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-PIPELINING

250-CHUNKING

250 SMTPUTF8

My next command was "EHLO me". Some side remarks here (not important for the key goal of this post, but maybe interesting): 1. "EHLO" stands for "Extended HELO". "HELO" was the traditional way of starting an SMTP session, but was later extended so client and server could agree on advanced options, like the later discussed STARTTLS. As long as I don't acknowledge one or more of the offered options, the SMTP session will continue the traditional way. 2. Usually, the parameter after "EHLO" should be the fully qualified domain name of the sending host, but hardly any email server checks whether it is valid. I always used to use "HELO me" or "EHLO me" when I troubleshooted email from the command line, so I do it here too.

MAIL FROM: <XXXX@infos.de>

250 2.1.0 OK v139si8345872wmv.47 - gsmtp

I didn't acknowledge any of the offered options and just continue with the "MAIL FROM:" SMTP command. Gmail OK's it.

RCPT TO: <XXXXXX@gmail.com>

250 2.1.5 OK v139si8345872wmv.47 - gsmtp

Here I said with "RCPT TO:" to whom the email should be sent.

DATA

354 Go ahead v139si8345872wmv.47 - gsmtp

From: <XXXX@infos.de>

To: <XXXXXX@gmail.com>

Subject: tap me

Date: Tue, 12 Sep 2017 08:48:13 +0200 (CEST)

I'm just testing.

.

250 2.0.0 OK 1505198973 v139si8345872wmv.47 - gsmtp

The last command was "DATA". After "DATA", the complete email is transmitted. You should know that an email consists of headers (you can call it "metadata" as well) and the content, and the first empty line is the delimiter. "From:" and "To:" are email headers (they are often the same as the SMTP headers "MAIL FROM:" and "RCPT TO:", but do not need to be, eg if the email is sent to several addresses, or copied to others with "CC" or "BCC"), but there are others like "Date:" and "Subject:", and much more are possible. Some may find it strange that "Subject:" is a header field and not part of the content (reportedly there are users who write a complete email in the Subject-line), but this is how email was invented ages ago. OK, the email was sent now. Now let's look what the network tap reveals (spoiler: everything). You can find the complete output in Appendix 1, in the following I'll only explain the interesting parts:

08:48:52.729711 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [S], seq 1241588711, win 29200, options [mss 1460,sackOK,TS val 639877 ecr 0,nop,wscale 7], length 0

0x0000: 4510 003c e062 4000 4006 7f51 0a20 0140 E..<.b@.@..Q...@

0x0010: 4a7d 851b de6e 0019 4a01 23e7 0000 0000 J}...n..J.#.....

0x0020: a002 7210 db26 0000 0204 05b4 0402 080a ..r..&..........

0x0030: 0009 c385 0000 0000 0103 0307 ............

This is the first, initial packet, the so called SYN packet. Please note that the length of the packet is 0, meaning there is no content, or payload. What you see in the lines 0x0000 to 0x0030 are the IP and TCP headers of the packet. The most important of them are written in readable form in the first line. You see my sending IP address 10.32.1.64 (please note that this is a private IP address, my workstation is behind a NAT gateway; if the email would have been taped at an internet backbone link, you would see here the official IP address of the NAT gateway; I didn't tap at the NAT gateway for legal reasons, and it makes absolutely no difference for my explanations) and the sending port 56942 (this is a more or less random number). Further you see the destination IP 74.125.133.27 (a Google Gmail server), and the destination port 25 (allocated for the SMTP service). The next 2 packets are the rest of the TCP 3-way handshake. Then comes the first data packet:

08:48:52.757667 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 1:54, ack 1, win 166, options [nop,nop,TS val 1134699112 ecr 639880], length 53: SMTP: 220 mx.google.com ESMTP v139si8345872wmv.47 - gsmtp

0x0000: 4500 0069 d99c 0000 2b06 dafa 4a7d 851b E..i....+...J}..

0x0010: 0a20 0140 0019 de6e 0b5e 8855 4a01 23e8 ...@...n.^.UJ.#.

0x0020: 8018 00a6 60c2 0000 0101 080a 43a2 2268 ....`.......C."h

0x0030: 0009 c388 3232 3020 6d78 2e67 6f6f 676c ....220.mx.googl

0x0040: 652e 636f 6d20 4553 4d54 5020 7631 3339 e.com.ESMTP.v139

0x0050: 7369 3833 3435 3837 3277 6d76 2e34 3720 si8345872wmv.47.

0x0060: 2d20 6773 6d74 700d 0a -.gsmtp..

You see now a length of 53 (Bytes). And then, after the IP and TCP headers, you see perfectly in cleartext the Google email servers banner string "220 mx.google.com ESMTP v139si8345872wmv.47 - gsmtp". And in the following packets, you see all the other things in cleartext too: The SMTP headers: MAIL FROM: <XXXX@infos.de> RCPT TO: <XXXXXX@gmail.com> The email headers: From: <XXXX@infos.de> To: <XXXXXX@gmail.com> Subject: tap me Date: Tue, 12 Sep 2017 08:48:13 +0200 (CEST) And the email content: I'm just testing.

2. PGP-encrypted email, but sent without STARTTLS

OK, now let's use PGP and look what difference this makes. In the following you can see how I sent the email, quite similar to the first one, so for the explanations see above: $ telnet gmail-smtp-in.l.google.com. 25 Trying 74.125.133.27... Connected to gmail-smtp-in.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP y29si9130410wry.12 - gsmtp EHLO me 250-mx.google.com at your service, [212.89.128.XX] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 MAIL FROM: <XXXX@infos.de> 250 2.1.0 OK y29si9130410wry.12 - gsmtp RCPT TO: <XXXXXX@gmail.com> 250 2.1.5 OK y29si9130410wry.12 - gsmtp DATA 354 Go ahead y29si9130410wry.12 - gsmtp From: <XXXX@infos.de> To: <XXXXXX@gmail.com> Subject: tap me Date: Tue, 12 Sep 2017 08:50:53 +0200 (CEST) -----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQEMAww44Gtoem8GAQgAge/E9fWU3/qhIItIiBDq3z5UjWV2r4gF8X4lkl22sIFg MMshg5RbUwJSoDhQDlFxC2YjZqLHM/XgSamiZf3tYzezGrjoJlPt7eavOD5UOFo6 i3aXXC4JLWvyEgDuK2UNP50w1IFMzcp7Hsux9Iec3zaD4KxSysA6ZX3pzqJDwjdf HtN1Rdwjvt1Pp1xyvPI8Z5Ohnj9GK7qU+eFHutCxvfH7Sv9amjFcr1/DJcq46bOM LzC6vYRp64evV8WEuDKxfHW98Iu/IaqnV9K03Aomd6NVyZJmR4ynpJIBU8vjFnrk 7ni3I8fInHQqzpmlW4No1lAsWWMZnuF58NsbU84e9dJNAZ2O+QGQvTOEIx4ZH7Xw RGI9CoU3BvreRFA3bq6gzLb+L1K6fjHzchai0g6yxRL1mzKNeqJpJ4IgZNkNudwx gdBrdrA9yCyOWcwnszs= =52Pk -----END PGP MESSAGE----- . 250 2.0.0 OK 1505223474 y29si9130410wry.12 - gsmtp And in Appendix 2 you can see the related tcpdump. You can check by your own, but no surprise, all headers (metadata) are collected (including the Subject-line, but I assume all people using PGP are paranoid enough to not writing an revealing Subject-line): The SMTP headers: MAIL FROM: <XXXX@infos.de> RCPT TO: <XXXXXX@gmail.com> The email headers: From: <XXXX@infos.de> To: <XXXXXX@gmail.com> Subject: tap me Date: Tue, 12 Sep 2017 08:48:13 +0200 (CEST) Only the content itself is encrypted and eavesdroppers are unable to collect it. 3. Traditionally unencrypted email, but sent with STARTTLS Finally let's look at what happens when transport layer encryption with STARTTLS is used. First I show you that is impossible to sent such an email with telnet, like I did with the first two examples: $ telnet gmail-smtp-in.l.google.com. 25 Trying 74.125.133.26... Connected to gmail-smtp-in.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP m21si1898854wmb.103 - gsmtp EHLO me 250-mx.google.com at your service, [212.89.128.66] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 STARTTLS 220 2.0.0 Ready to start TLS MAIL FROM: <rolf@infos.de> <some unprintable characters>Connection closed by foreign host. After I acknowledged STARTTLS, the Gmail server expected from me that I switched to TLS, which is impossible with ASCII text. My "MAIL FROM:" was just nonsense for the email server, so it closed the connection. In order to have my email sent over STARTTLS, I had to use my local email server. I did, and you can see the tcpdump output of this email transmission in Appendix 3. But which information could an eavesdropper get out of this tcpdump? Not much. You can check it by your own in Appendix 3. And if you don't trust me, simply try it by your own. There is no content in the dump. There are no email headers. And there are no SMTP headers in it. Everything is encrypted. The only visible things are the IP and TCP headers. This is the only metadata that an eavesdropper could collect. And what would it tell him? Not more that someone behind my NAT gateway did send an email to a Gmail user (keep in mind that Gmail has more than 1 billion users..). Nothing more. No sender email address, no recipient email address. And of course neither Subject nor content nor any other useful information. (I don't cover here PGP encrypted emails sent with STARTTLS. Of course this is the most secure way to send emails, they are not only transport protected, but also while they are stored on email servers.) Conclusions In the pre-Snowden era, almost all emails were transported in cleartext. STARTTLS was already available then, but very few email servers actually supported it, and remember that both sites, email sender and email server, need to support it, if one site don't there is a fallback to unencrypted transmission. In this time, internet backbone tappings were likely a valuable source for intelligence agencies, all metadata and content could be collected from intercepted emails. And even from PGP-encrypted emails at least valuable metadata like sender and recipient email addresses could be extracted. But this changed dramatically after Snowden. Today virtually all email servers support STARTTLS. And they almost always use strong encryption. Basically all that can be extracted from passive(*) internet tapping -- which is, for example, the NSA Upstream program -- is source and destination IP addresses, which is almost always worthless information for intelligence agencies. With this post, I only covered email. But what I pointed out is basically also true for other transport layer encryption, like HTTPS. You can safely assume that today passive internet backbone tappings are worthless for intelligence agencies, at least they provide very limited information. (*) Targeted attacks like man-in-the-middle attacks, or altering IP packets, are still possible, but this is beyond the scope of this post. Appendix 1 08:48:52.729711 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [S], seq 1241588711, win 29200, options [mss 1460,sackOK,TS val 639877 ecr 0,nop,wscale 7], length 0 0x0000: 4510 003c e062 4000 4006 7f51 0a20 0140 E..<.b@.@..Q...@ 0x0010: 4a7d 851b de6e 0019 4a01 23e7 0000 0000 J}...n..J.#..... 0x0020: a002 7210 db26 0000 0204 05b4 0402 080a ..r..&.......... 0x0030: 0009 c385 0000 0000 0103 0307 ............ 08:48:52.742516 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [S.], seq 190744660, ack 1241588712, win 42408, options [mss 1380,sackOK,TS val 1134699097 ecr 639877,nop,wscale 8], length 0 0x0000: 4500 003c d993 0000 2b06 db30 4a7d 851b E..<....+..0J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 8854 4a01 23e8 ...@...n.^.TJ.#. 0x0020: a012 a5a8 bdf0 0000 0204 0564 0402 080a ...........d.... 0x0030: 43a2 2259 0009 c385 0103 0308 C."Y........ 08:48:52.742545 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 1, win 229, options [nop,nop,TS val 639880 ecr 1134699097], length 0 0x0000: 4510 0034 e063 4000 4006 7f58 0a20 0140 E..4.c@.@..X...@ 0x0010: 4a7d 851b de6e 0019 4a01 23e8 0b5e 8855 J}...n..J.#..^.U 0x0020: 8010 00e5 db1e 0000 0101 080a 0009 c388 ................ 0x0030: 43a2 2259 C."Y 08:48:52.757667 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 1:54, ack 1, win 166, options [nop,nop,TS val 1134699112 ecr 639880], length 53: SMTP: 220 mx.google.com ESMTP v139si8345872wmv.47 - gsmtp 0x0000: 4500 0069 d99c 0000 2b06 dafa 4a7d 851b E..i....+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 8855 4a01 23e8 ...@...n.^.UJ.#. 0x0020: 8018 00a6 60c2 0000 0101 080a 43a2 2268 ....`.......C."h 0x0030: 0009 c388 3232 3020 6d78 2e67 6f6f 676c ....220.mx.googl 0x0040: 652e 636f 6d20 4553 4d54 5020 7631 3339 e.com.ESMTP.v139 0x0050: 7369 3833 3435 3837 3277 6d76 2e34 3720 si8345872wmv.47. 0x0060: 2d20 6773 6d74 700d 0a -.gsmtp.. 08:48:52.757688 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 54, win 229, options [nop,nop,TS val 639884 ecr 1134699112], length 0 0x0000: 4510 0034 e064 4000 4006 7f57 0a20 0140 E..4.d@.@..W...@ 0x0010: 4a7d 851b de6e 0019 4a01 23e8 0b5e 888a J}...n..J.#..^.. 0x0020: 8010 00e5 db1e 0000 0101 080a 0009 c38c ................ 0x0030: 43a2 2268 C."h 08:48:57.252067 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 1:10, ack 54, win 229, options [nop,nop,TS val 641008 ecr 1134699112], length 9: SMTP: EHLO me 0x0000: 4510 003d e065 4000 4006 7f4d 0a20 0140 E..=.e@.@..M...@ 0x0010: 4a7d 851b de6e 0019 4a01 23e8 0b5e 888a J}...n..J.#..^.. 0x0020: 8018 00e5 db27 0000 0101 080a 0009 c7f0 .....'.......... 0x0030: 43a2 2268 4548 4c4f 206d 650d 0a C."hEHLO.me.. 08:48:57.266343 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 10, win 166, options [nop,nop,TS val 1134703619 ecr 641008], length 0 0x0000: 4500 0034 dfd2 0000 2b06 d4f9 4a7d 851b E..4....+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 888a 4a01 23f1 ...@...n.^..J.#. 0x0020: 8010 00a6 7b1d 0000 0101 080a 43a2 3403 ....{.......C.4. 0x0030: 0009 c7f0 .... 08:48:57.270014 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 54:223, ack 10, win 166, options [nop,nop,TS val 1134703623 ecr 641008], length 169: SMTP: 250-mx.google.com at your service, [212.89.128.XX] 0x0000: 4500 00dd dfd6 0000 2b06 d44c 4a7d 851b E.......+..LJ}.. 0x0010: 0a20 0140 0019 de6e 0b5e 888a 4a01 23f1 ...@...n.^..J.#. 0x0020: 8018 00a6 48f2 0000 0101 080a 43a2 3407 ....H.......C.4. 0x0030: 0009 c7f0 3235 302d 6d78 2e67 6f6f 676c ....250-mx.googl 0x0040: 652e 636f 6d20 6174 2079 6f75 7220 7365 e.com.at.your.se 0x0050: 7276 6963 652c 205b 3231 322e 3839 2e31 rvice,.[212.89.1 0x0060: 3238 2e36 365d 0d0a 3235 302d 5349 5a45 28.XX]..250-SIZE 0x0070: 2031 3537 3238 3634 3030 0d0a 3235 302d .157286400..250- 0x0080: 3842 4954 4d49 4d45 0d0a 3235 302d 5354 8BITMIME..250-ST 0x0090: 4152 5454 4c53 0d0a 3235 302d 454e 4841 ARTTLS..250-ENHA 0x00a0: 4e43 4544 5354 4154 5553 434f 4445 530d NCEDSTATUSCODES. 0x00b0: 0a32 3530 2d50 4950 454c 494e 494e 470d .250-PIPELINING. 0x00c0: 0a32 3530 2d43 4855 4e4b 494e 470d 0a32 .250-CHUNKING..2 0x00d0: 3530 2053 4d54 5055 5446 380d 0a 50.SMTPUTF8.. 08:48:57.270032 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 223, win 237, options [nop,nop,TS val 641012 ecr 1134703623], length 0 0x0000: 4510 0034 e066 4000 4006 7f55 0a20 0140 E..4.f@.@..U...@ 0x0010: 4a7d 851b de6e 0019 4a01 23f1 0b5e 8933 J}...n..J.#..^.3 0x0020: 8010 00ed db1e 0000 0101 080a 0009 c7f4 ................ 0x0030: 43a2 3407 C.4. 08:49:10.572588 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 10:38, ack 223, win 237, options [nop,nop,TS val 644338 ecr 1134703623], length 28: SMTP: MAIL FROM: <XXXX@infos.de> 0x0000: 4510 0050 e067 4000 4006 7f38 0a20 0140 E..P.g@.@..8...@ 0x0010: 4a7d 851b de6e 0019 4a01 23f1 0b5e 8933 J}...n..J.#..^.3 0x0020: 8018 00ed db3a 0000 0101 080a 0009 d4f2 .....:.......... 0x0030: 43a2 3407 4d41 494c 2046 524f 4d3a 203c C.4.MAIL.FROM:.< 0x0040: 726f 6c66 4069 6e66 6f73 2e64 653e 0d0a XXXX@infos.de>.. 08:49:10.586101 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 223:265, ack 38, win 166, options [nop,nop,TS val 1134716940 ecr 644338], length 42: SMTP: 250 2.1.0 OK v139si8345872wmv.47 - gsmtp 0x0000: 4500 005e fd42 0000 2b06 b75f 4a7d 851b E..^.B..+.._J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 8933 4a01 240d ...@...n.^.3J.$. 0x0020: 8018 00a6 08bb 0000 0101 080a 43a2 680c ............C.h. 0x0030: 0009 d4f2 3235 3020 322e 312e 3020 4f4b ....250.2.1.0.OK 0x0040: 2076 3133 3973 6938 3334 3538 3732 776d .v139si8345872wm 0x0050: 762e 3437 202d 2067 736d 7470 0d0a v.47.-.gsmtp.. 08:49:10.586134 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 265, win 237, options [nop,nop,TS val 644341 ecr 1134716940], length 0 0x0000: 4510 0034 e068 4000 4006 7f53 0a20 0140 E..4.h@.@..S...@ 0x0010: 4a7d 851b de6e 0019 4a01 240d 0b5e 895d J}...n..J.$..^.] 0x0020: 8010 00ed db1e 0000 0101 080a 0009 d4f5 ................ 0x0030: 43a2 680c C.h. 08:49:19.572060 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 38:67, ack 265, win 237, options [nop,nop,TS val 646588 ecr 1134716940], length 29: SMTP: RCPT TO: <XXXXXX@gmail.com> 0x0000: 4510 0051 e069 4000 4006 7f35 0a20 0140 E..Q.i@.@..5...@ 0x0010: 4a7d 851b de6e 0019 4a01 240d 0b5e 895d J}...n..J.$..^.] 0x0020: 8018 00ed db3b 0000 0101 080a 0009 ddbc .....;.......... 0x0030: 43a2 680c 5243 5054 2054 4f3a 203c 6767 C.h.RCPT.TO:.<XX 0x0040: 7277 6562 4067 6d61 696c 2e63 6f6d 3e0d XXXX@gmail.com>. 0x0050: 0a . 08:49:19.624563 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 67, win 166, options [nop,nop,TS val 1134725979 ecr 646588], length 0 0x0000: 4500 0034 15c9 0000 2b06 9f03 4a7d 851b E..4....+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 895d 4a01 242a ...@...n.^.]J.$* 0x0020: 8010 00a6 0ced 0000 0101 080a 43a2 8b5b ............C..[ 0x0030: 0009 ddbc .... 08:49:19.828348 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 265:307, ack 67, win 166, options [nop,nop,TS val 1134726182 ecr 646588], length 42: SMTP: 250 2.1.5 OK v139si8345872wmv.47 - gsmtp 0x0000: 4500 005e 1660 0000 2b06 9e42 4a7d 851b E..^.`..+..BJ}.. 0x0010: 0a20 0140 0019 de6e 0b5e 895d 4a01 242a ...@...n.^.]J.$* 0x0020: 8018 00a6 d68f 0000 0101 080a 43a2 8c26 ............C..& 0x0030: 0009 ddbc 3235 3020 322e 312e 3520 4f4b ....250.2.1.5.OK 0x0040: 2076 3133 3973 6938 3334 3538 3732 776d .v139si8345872wm 0x0050: 762e 3437 202d 2067 736d 7470 0d0a v.47.-.gsmtp.. 08:49:19.828362 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 307, win 237, options [nop,nop,TS val 646652 ecr 1134726182], length 0 0x0000: 4510 0034 e06a 4000 4006 7f51 0a20 0140 E..4.j@.@..Q...@ 0x0010: 4a7d 851b de6e 0019 4a01 242a 0b5e 8987 J}...n..J.$*.^.. 0x0020: 8010 00ed db1e 0000 0101 080a 0009 ddfc ................ 0x0030: 43a2 8c26 C..& 08:49:25.044052 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 67:73, ack 307, win 237, options [nop,nop,TS val 647956 ecr 1134726182], length 6: SMTP: DATA 0x0000: 4510 003a e06b 4000 4006 7f4a 0a20 0140 E..:.k@.@..J...@ 0x0010: 4a7d 851b de6e 0019 4a01 242a 0b5e 8987 J}...n..J.$*.^.. 0x0020: 8018 00ed db24 0000 0101 080a 0009 e314 .....$.......... 0x0030: 43a2 8c26 4441 5441 0d0a C..&DATA.. 08:49:25.057486 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 73, win 166, options [nop,nop,TS val 1134731411 ecr 647956], length 0 0x0000: 4500 0034 1fe3 0000 2b06 94e9 4a7d 851b E..4....+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 8987 4a01 2430 ...@...n.^..J.$0 0x0020: 8010 00a6 f22c 0000 0101 080a 43a2 a093 .....,......C... 0x0030: 0009 e314 .... 08:49:25.057793 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 307:350, ack 73, win 166, options [nop,nop,TS val 1134731412 ecr 647956], length 43: SMTP: 354 Go ahead v139si8345872wmv.47 - gsmtp 0x0000: 4500 005f 1fe4 0000 2b06 94bd 4a7d 851b E.._....+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 8987 4a01 2430 ...@...n.^..J.$0 0x0020: 8018 00a6 8d86 0000 0101 080a 43a2 a094 ............C... 0x0030: 0009 e314 3335 3420 2047 6f20 6168 6561 ....354..Go.ahea 0x0040: 6420 7631 3339 7369 3833 3435 3837 3277 d.v139si8345872w 0x0050: 6d76 2e34 3720 2d20 6773 6d74 700d 0a mv.47.-.gsmtp.. 08:49:25.057804 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 350, win 237, options [nop,nop,TS val 647959 ecr 1134731412], length 0 0x0000: 4510 0034 e06c 4000 4006 7f4f 0a20 0140 E..4.l@.@..O...@ 0x0010: 4a7d 851b de6e 0019 4a01 2430 0b5e 89b2 J}...n..J.$0.^.. 0x0020: 8010 00ed db1e 0000 0101 080a 0009 e317 ................ 0x0030: 43a2 a094 C... 08:49:31.156243 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 73:96, ack 350, win 237, options [nop,nop,TS val 649484 ecr 1134731412], length 23: SMTP: From: <XXXX@infos.de> 0x0000: 4510 004b e06d 4000 4006 7f37 0a20 0140 E..K.m@.@..7...@ 0x0010: 4a7d 851b de6e 0019 4a01 2430 0b5e 89b2 J}...n..J.$0.^.. 0x0020: 8018 00ed db35 0000 0101 080a 0009 e90c .....5.......... 0x0030: 43a2 a094 4672 6f6d 3a20 3c72 6f6c 6640 C...From:.<XXXX@ 0x0040: 696e 666f 732e 6465 3e0d 0a infos.de>.. 08:49:31.208828 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 96, win 166, options [nop,nop,TS val 1134737563 ecr 649484], length 0 0x0000: 4500 0034 2c2b 0000 2b06 88a1 4a7d 851b E..4,+..+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 89b2 4a01 2447 ...@...n.^..J.$G 0x0020: 8010 00a6 d3ea 0000 0101 080a 43a2 b89b ............C... 0x0030: 0009 e90c .... 08:49:31.208848 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 96:204, ack 350, win 237, options [nop,nop,TS val 649497 ecr 1134737563], length 108: SMTP: To: <XXXXXX@gmail.com> 0x0000: 4510 00a0 e06e 4000 4006 7ee1 0a20 0140 E....n@.@.~....@ 0x0010: 4a7d 851b de6e 0019 4a01 2447 0b5e 89b2 J}...n..J.$G.^.. 0x0020: 8018 00ed db8a 0000 0101 080a 0009 e919 ................ 0x0030: 43a2 b89b 546f 3a20 3c67 6772 7765 6240 C...To:.<XXXXXX@ 0x0040: 676d 6169 6c2e 636f 6d3e 0d0a 5375 626a gmail.com>..Subj 0x0050: 6563 743a 2074 6170 206d 650d 0a44 6174 ect:.tap.me..Dat 0x0060: 653a 2054 7565 2c20 3132 2053 6570 2032 e:.Tue,.12.Sep.2 0x0070: 3031 3720 3038 3a34 383a 3133 202b 3032 017.08:48:13.+02 0x0080: 3030 2028 4345 5354 290d 0a0d 0a49 276d 00.(CEST)....I'm 0x0090: 206a 7573 7420 7465 7374 696e 672e 0d0a .just.testing... 08:49:31.221832 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 204, win 166, options [nop,nop,TS val 1134737576 ecr 649497], length 0 0x0000: 4500 0034 2c2c 0000 2b06 88a0 4a7d 851b E..4,,..+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 89b2 4a01 24b3 ...@...n.^..J.$. 0x0020: 8010 00a6 d364 0000 0101 080a 43a2 b8a8 .....d......C... 0x0030: 0009 e919 .... 08:49:33.460115 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 204:207, ack 350, win 237, options [nop,nop,TS val 650060 ecr 1134737576], length 3: SMTP: . 0x0000: 4510 0037 e06f 4000 4006 7f49 0a20 0140 E..7.o@.@..I...@ 0x0010: 4a7d 851b de6e 0019 4a01 24b3 0b5e 89b2 J}...n..J.$..^.. 0x0020: 8018 00ed db21 0000 0101 080a 0009 eb4c .....!.........L 0x0030: 43a2 b8a8 2e0d 0a C...... 08:49:33.473016 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 207, win 166, options [nop,nop,TS val 1134739827 ecr 650060], length 0 0x0000: 4500 0034 330f 0000 2b06 81bd 4a7d 851b E..43...+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 89b2 4a01 24b6 ...@...n.^..J.$. 0x0020: 8010 00a6 c863 0000 0101 080a 43a2 c173 .....c......C..s 0x0030: 0009 eb4c ...L 08:49:33.609182 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 350:403, ack 207, win 166, options [nop,nop,TS val 1134739963 ecr 650060], length 53: SMTP: 250 2.0.0 OK 1505198973 v139si8345872wmv.47 - gsmtp 0x0000: 4500 0069 3397 0000 2b06 8100 4a7d 851b E..i3...+...J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 89b2 4a01 24b6 ...@...n.^..J.$. 0x0020: 8018 00a6 1094 0000 0101 080a 43a2 c1fb ............C... 0x0030: 0009 eb4c 3235 3020 322e 302e 3020 4f4b ...L250.2.0.0.OK 0x0040: 2031 3530 3531 3938 3937 3320 7631 3339 .1505198973.v139 0x0050: 7369 3833 3435 3837 3277 6d76 2e34 3720 si8345872wmv.47. 0x0060: 2d20 6773 6d74 700d 0a -.gsmtp.. 08:49:33.609200 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 403, win 237, options [nop,nop,TS val 650097 ecr 1134739963], length 0 0x0000: 4510 0034 e070 4000 4006 7f4b 0a20 0140 E..4.p@.@..K...@ 0x0010: 4a7d 851b de6e 0019 4a01 24b6 0b5e 89e7 J}...n..J.$..^.. 0x0020: 8010 00ed db1e 0000 0101 080a 0009 eb71 ...............q 0x0030: 43a2 c1fb C... 08:49:37.652084 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [P.], seq 207:213, ack 403, win 237, options [nop,nop,TS val 651108 ecr 1134739963], length 6: SMTP: quit 0x0000: 4510 003a e071 4000 4006 7f44 0a20 0140 E..:.q@.@..D...@ 0x0010: 4a7d 851b de6e 0019 4a01 24b6 0b5e 89e7 J}...n..J.$..^.. 0x0020: 8018 00ed db24 0000 0101 080a 0009 ef64 .....$.........d 0x0030: 43a2 c1fb 7175 6974 0d0a C...quit.. 08:49:37.664837 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 213, win 166, options [nop,nop,TS val 1134744019 ecr 651108], length 0 0x0000: 4500 0034 404c 0000 2b06 7480 4a7d 851b E..4@L..+.t.J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 89e7 4a01 24bc ...@...n.^..J.$. 0x0020: 8010 00a6 b3b0 0000 0101 080a 43a2 d1d3 ............C... 0x0030: 0009 ef64 ...d 08:49:37.665157 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [P.], seq 403:461, ack 213, win 166, options [nop,nop,TS val 1134744019 ecr 651108], length 58: SMTP: 221 2.0.0 closing connection v139si8345872wmv.47 - gsmtp 0x0000: 4500 006e 404d 0000 2b06 7445 4a7d 851b E..n@M..+.tEJ}.. 0x0010: 0a20 0140 0019 de6e 0b5e 89e7 4a01 24bc ...@...n.^..J.$. 0x0020: 8018 00a6 13d5 0000 0101 080a 43a2 d1d3 ............C... 0x0030: 0009 ef64 3232 3120 322e 302e 3020 636c ...d221.2.0.0.cl 0x0040: 6f73 696e 6720 636f 6e6e 6563 7469 6f6e osing.connection 0x0050: 2076 3133 3973 6938 3334 3538 3732 776d .v139si8345872wm 0x0060: 762e 3437 202d 2067 736d 7470 0d0a v.47.-.gsmtp.. 08:49:37.665176 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [.], ack 461, win 237, options [nop,nop,TS val 651111 ecr 1134744019], length 0 0x0000: 4510 0034 e072 4000 4006 7f49 0a20 0140 E..4.r@.@..I...@ 0x0010: 4a7d 851b de6e 0019 4a01 24bc 0b5e 8a21 J}...n..J.$..^.! 0x0020: 8010 00ed db1e 0000 0101 080a 0009 ef67 ...............g 0x0030: 43a2 d1d3 C... 08:49:37.665435 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [F.], seq 461, ack 213, win 166, options [nop,nop,TS val 1134744019 ecr 651108], length 0 0x0000: 4500 0034 404e 0000 2b06 747e 4a7d 851b E..4@N..+.t~J}.. 0x0010: 0a20 0140 0019 de6e 0b5e 8a21 4a01 24bc ...@...n.^.!J.$. 0x0020: 8011 00a6 b375 0000 0101 080a 43a2 d1d3 .....u......C... 0x0030: 0009 ef64 ...d 08:49:37.665465 IP 10.32.1.64.56942 > 74.125.133.27.25: Flags [F.], seq 213, ack 462, win 237, options [nop,nop,TS val 651111 ecr 1134744019], length 0 0x0000: 4510 0034 e073 4000 4006 7f48 0a20 0140 E..4.s@.@..H...@ 0x0010: 4a7d 851b de6e 0019 4a01 24bc 0b5e 8a22 J}...n..J.$..^." 0x0020: 8011 00ed db1e 0000 0101 080a 0009 ef67 ...............g 0x0030: 43a2 d1d3 C... 08:49:37.678646 IP 74.125.133.27.25 > 10.32.1.64.56942: Flags [.], ack 214, win 166, options [nop,nop,TS val 1134744033 ecr 651111], length 0 0x0000: 4500 0034 405e 0000 2b06 746e 4a7d 851b E..4@^..+.tnJ}.. 0x0010: 0a20 0140 0019 de6e 0b5e 8a22 4a01 24bd ...@...n.^."J.$. 0x0020: 8010 00a6 b363 0000 0101 080a 43a2 d1e1 .....c......C... 0x0030: 0009 ef67 ...g Appendix 2 08:51:38.766186 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [S], seq 1908930296, win 29200, options [mss 1460,sackOK,TS val 6771386 ecr 0,nop,wscale 7], length 0 0x0000: 4510 003c a442 4000 4006 bb71 0a20 0140 E..<.B@.@..q...@ 0x0010: 4a7d 851b b056 0019 71c7 f6f8 0000 0000 J}...V..q....... 0x0020: a002 7210 db26 0000 0204 05b4 0402 080a ..r..&.......... 0x0030: 0067 52ba 0000 0000 0103 0307 .gR......... 08:51:38.779131 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [S.], seq 4175801144, ack 1908930297, win 42408, options [mss 1380,sackOK,TS val 1232757736 ecr 6771386,nop,wscale 8], length 0 0x0000: 4500 003c 5885 0000 2b06 5c3f 4a7d 851b E..<X...+.\?J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ab38 71c7 f6f9 ...@...V...8q... 0x0020: a012 a5a8 09cb 0000 0204 0564 0402 080a ...........d.... 0x0030: 497a 63e8 0067 52ba 0103 0308 Izc..gR..... 08:51:38.779156 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 1, win 229, options [nop,nop,TS val 6771389 ecr 1232757736], length 0 0x0000: 4510 0034 a443 4000 4006 bb78 0a20 0140 E..4.C@.@..x...@ 0x0010: 4a7d 851b b056 0019 71c7 f6f9 f8e5 ab39 J}...V..q......9 0x0020: 8010 00e5 db1e 0000 0101 080a 0067 52bd .............gR. 0x0030: 497a 63e8 Izc. 08:51:38.793867 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [P.], seq 1:53, ack 1, win 166, options [nop,nop,TS val 1232757750 ecr 6771389], length 52: SMTP: 220 mx.google.com ESMTP y29si9130410wry.12 - gsmtp 0x0000: 4500 0068 588b 0000 2b06 5c0d 4a7d 851b E..hX...+.\.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ab39 71c7 f6f9 ...@...V...9q... 0x0020: 8018 00a6 e9a3 0000 0101 080a 497a 63f6 ............Izc. 0x0030: 0067 52bd 3232 3020 6d78 2e67 6f6f 676c .gR.220.mx.googl 0x0040: 652e 636f 6d20 4553 4d54 5020 7932 3973 e.com.ESMTP.y29s 0x0050: 6939 3133 3034 3130 7772 792e 3132 202d i9130410wry.12.- 0x0060: 2067 736d 7470 0d0a .gsmtp.. 08:51:38.793927 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 53, win 229, options [nop,nop,TS val 6771393 ecr 1232757750], length 0 0x0000: 4510 0034 a444 4000 4006 bb77 0a20 0140 E..4.D@.@..w...@ 0x0010: 4a7d 851b b056 0019 71c7 f6f9 f8e5 ab6d J}...V..q......m 0x0020: 8010 00e5 db1e 0000 0101 080a 0067 52c1 .............gR. 0x0030: 497a 63f6 Izc. 08:51:39.539331 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 1:10, ack 53, win 229, options [nop,nop,TS val 6771579 ecr 1232757750], length 9: SMTP: EHLO me 0x0000: 4510 003d a445 4000 4006 bb6d 0a20 0140 E..=.E@.@..m...@ 0x0010: 4a7d 851b b056 0019 71c7 f6f9 f8e5 ab6d J}...V..q......m 0x0020: 8018 00e5 db27 0000 0101 080a 0067 537b .....'.......gS{ 0x0030: 497a 63f6 4548 4c4f 206d 650d 0a Izc.EHLO.me.. 08:51:39.552599 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 10, win 166, options [nop,nop,TS val 1232758509 ecr 6771579], length 0 0x0000: 4500 0034 5b08 0000 2b06 59c4 4a7d 851b E..4[...+.Y.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ab6d 71c7 f702 ...@...V...mq... 0x0020: 8010 00a6 d947 0000 0101 080a 497a 66ed .....G......Izf. 0x0030: 0067 537b .gS{ 08:51:39.555505 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [P.], seq 53:222, ack 10, win 166, options [nop,nop,TS val 1232758512 ecr 6771579], length 169: SMTP: 250-mx.google.com at your service, [212.89.128.XX] 0x0000: 4500 00dd 5b0a 0000 2b06 5919 4a7d 851b E...[...+.Y.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ab6d 71c7 f702 ...@...V...mq... 0x0020: 8018 00a6 a71d 0000 0101 080a 497a 66f0 ............Izf. 0x0030: 0067 537b 3235 302d 6d78 2e67 6f6f 676c .gS{250-mx.googl 0x0040: 652e 636f 6d20 6174 2079 6f75 7220 7365 e.com.at.your.se 0x0050: 7276 6963 652c 205b 3231 322e 3839 2e31 rvice,.[212.89.1 0x0060: 3238 2e36 365d 0d0a 3235 302d 5349 5a45 28.XX]..250-SIZE 0x0070: 2031 3537 3238 3634 3030 0d0a 3235 302d .157286400..250- 0x0080: 3842 4954 4d49 4d45 0d0a 3235 302d 5354 8BITMIME..250-ST 0x0090: 4152 5454 4c53 0d0a 3235 302d 454e 4841 ARTTLS..250-ENHA 0x00a0: 4e43 4544 5354 4154 5553 434f 4445 530d NCEDSTATUSCODES. 0x00b0: 0a32 3530 2d50 4950 454c 494e 494e 470d .250-PIPELINING. 0x00c0: 0a32 3530 2d43 4855 4e4b 494e 470d 0a32 .250-CHUNKING..2 0x00d0: 3530 2053 4d54 5055 5446 380d 0a 50.SMTPUTF8.. 08:51:39.555520 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 222, win 237, options [nop,nop,TS val 6771584 ecr 1232758512], length 0 0x0000: 4510 0034 a446 4000 4006 bb75 0a20 0140 E..4.F@.@..u...@ 0x0010: 4a7d 851b b056 0019 71c7 f702 f8e5 ac16 J}...V..q....... 0x0020: 8010 00ed db1e 0000 0101 080a 0067 5380 .............gS. 0x0030: 497a 66f0 Izf. 08:51:42.363434 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 10:38, ack 222, win 237, options [nop,nop,TS val 6772285 ecr 1232758512], length 28: SMTP: MAIL FROM: <XXXX@infos.de> 0x0000: 4510 0050 a447 4000 4006 bb58 0a20 0140 E..P.G@.@..X...@ 0x0010: 4a7d 851b b056 0019 71c7 f702 f8e5 ac16 J}...V..q....... 0x0020: 8018 00ed db3a 0000 0101 080a 0067 563d .....:.......gV= 0x0030: 497a 66f0 4d41 494c 2046 524f 4d3a 203c Izf.MAIL.FROM:.< 0x0040: 726f 6c66 4069 6e66 6f73 2e64 653e 0d0a XXXX@infos.de>.. 08:51:42.376757 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [P.], seq 222:263, ack 38, win 166, options [nop,nop,TS val 1232761333 ecr 6772285], length 41: SMTP: 250 2.1.0 OK y29si9130410wry.12 - gsmtp 0x0000: 4500 005d 60c6 0000 2b06 53dd 4a7d 851b E..]`...+.S.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac16 71c7 f71e ...@...V....q... 0x0020: 8018 00a6 9f64 0000 0101 080a 497a 71f5 .....d......Izq. 0x0030: 0067 563d 3235 3020 322e 312e 3020 4f4b .gV=250.2.1.0.OK 0x0040: 2079 3239 7369 3931 3330 3431 3077 7279 .y29si9130410wry 0x0050: 2e31 3220 2d20 6773 6d74 700d 0a .12.-.gsmtp.. 08:51:42.376779 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 263, win 237, options [nop,nop,TS val 6772289 ecr 1232761333], length 0 0x0000: 4510 0034 a448 4000 4006 bb73 0a20 0140 E..4.H@.@..s...@ 0x0010: 4a7d 851b b056 0019 71c7 f71e f8e5 ac3f J}...V..q......? 0x0020: 8010 00ed db1e 0000 0101 080a 0067 5641 .............gVA 0x0030: 497a 71f5 Izq. 08:51:45.203129 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 38:67, ack 263, win 237, options [nop,nop,TS val 6772995 ecr 1232761333], length 29: SMTP: RCPT TO: <XXXXXX@gmail.com> 0x0000: 4510 0051 a449 4000 4006 bb55 0a20 0140 E..Q.I@.@..U...@ 0x0010: 4a7d 851b b056 0019 71c7 f71e f8e5 ac3f J}...V..q......? 0x0020: 8018 00ed db3b 0000 0101 080a 0067 5903 .....;.......gY. 0x0030: 497a 71f5 5243 5054 2054 4f3a 203c 6767 Izq.RCPT.TO:.<XX 0x0040: 7277 6562 4067 6d61 696c 2e63 6f6d 3e0d XXXX@gmail.com>. 0x0050: 0a . 08:51:45.257117 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 67, win 166, options [nop,nop,TS val 1232764213 ecr 6772995], length 0 0x0000: 4500 0034 641e 0000 2b06 50ae 4a7d 851b E..4d...+.P.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac3f 71c7 f73b ...@...V...?q..; 0x0020: 8010 00a6 bc6c 0000 0101 080a 497a 7d35 .....l......Iz}5 0x0030: 0067 5903 .gY. 08:51:45.373251 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [P.], seq 263:304, ack 67, win 166, options [nop,nop,TS val 1232764330 ecr 6772995], length 41: SMTP: 250 2.1.5 OK y29si9130410wry.12 - gsmtp 0x0000: 4500 005d 6454 0000 2b06 504f 4a7d 851b E..]dT..+.POJ}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac3f 71c7 f73b ...@...V...?q..; 0x0020: 8018 00a6 8ba3 0000 0101 080a 497a 7daa ............Iz}. 0x0030: 0067 5903 3235 3020 322e 312e 3520 4f4b .gY.250.2.1.5.OK 0x0040: 2079 3239 7369 3931 3330 3431 3077 7279 .y29si9130410wry 0x0050: 2e31 3220 2d20 6773 6d74 700d 0a .12.-.gsmtp.. 08:51:45.373268 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 304, win 237, options [nop,nop,TS val 6773038 ecr 1232764330], length 0 0x0000: 4510 0034 a44a 4000 4006 bb71 0a20 0140 E..4.J@.@..q...@ 0x0010: 4a7d 851b b056 0019 71c7 f73b f8e5 ac68 J}...V..q..;...h 0x0020: 8010 00ed db1e 0000 0101 080a 0067 592e .............gY. 0x0030: 497a 7daa Iz}. 08:51:48.403058 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 67:73, ack 304, win 237, options [nop,nop,TS val 6773795 ecr 1232764330], length 6: SMTP: DATA 0x0000: 4510 003a a44b 4000 4006 bb6a 0a20 0140 E..:.K@.@..j...@ 0x0010: 4a7d 851b b056 0019 71c7 f73b f8e5 ac68 J}...V..q..;...h 0x0020: 8018 00ed db24 0000 0101 080a 0067 5c23 .....$.......g\# 0x0030: 497a 7daa 4441 5441 0d0a Iz}.DATA.. 08:51:48.416347 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 73, win 166, options [nop,nop,TS val 1232767373 ecr 6773795], length 0 0x0000: 4500 0034 6a86 0000 2b06 4a46 4a7d 851b E..4j...+.JFJ}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac68 71c7 f741 ...@...V...hq..A 0x0020: 8010 00a6 acc5 0000 0101 080a 497a 898d ............Iz.. 0x0030: 0067 5c23 .g\# 08:51:48.416747 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [P.], seq 304:346, ack 73, win 166, options [nop,nop,TS val 1232767373 ecr 6773795], length 42: SMTP: 354 Go ahead y29si9130410wry.12 - gsmtp 0x0000: 4500 005e 6a87 0000 2b06 4a1b 4a7d 851b E..^j...+.J.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac68 71c7 f741 ...@...V...hq..A 0x0020: 8018 00a6 8526 0000 0101 080a 497a 898d .....&......Iz.. 0x0030: 0067 5c23 3335 3420 2047 6f20 6168 6561 .g\#354..Go.ahea 0x0040: 6420 7932 3973 6939 3133 3034 3130 7772 d.y29si9130410wr 0x0050: 792e 3132 202d 2067 736d 7470 0d0a y.12.-.gsmtp.. 08:51:48.416758 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 346, win 237, options [nop,nop,TS val 6773799 ecr 1232767373], length 0 0x0000: 4510 0034 a44c 4000 4006 bb6f 0a20 0140 E..4.L@.@..o...@ 0x0010: 4a7d 851b b056 0019 71c7 f741 f8e5 ac92 J}...V..q..A.... 0x0020: 8010 00ed db1e 0000 0101 080a 0067 5c27 .............g\' 0x0030: 497a 898d Iz.. 08:51:52.043334 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 73:96, ack 346, win 237, options [nop,nop,TS val 6774705 ecr 1232767373], length 23: SMTP: From: <XXXX@infos.de> 0x0000: 4510 004b a44d 4000 4006 bb57 0a20 0140 E..K.M@.@..W...@ 0x0010: 4a7d 851b b056 0019 71c7 f741 f8e5 ac92 J}...V..q..A.... 0x0020: 8018 00ed db35 0000 0101 080a 0067 5fb1 .....5.......g_. 0x0030: 497a 898d 4672 6f6d 3a20 3c72 6f6c 6640 Iz..From:.<XXXX@ 0x0040: 696e 666f 732e 6465 3e0d 0a infos.de>.. 08:51:52.097399 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 96, win 166, options [nop,nop,TS val 1232771053 ecr 6774705], length 0 0x0000: 4500 0034 7132 0000 2b06 439a 4a7d 851b E..4q2..+.C.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac92 71c7 f758 ...@...V....q..X 0x0020: 8010 00a6 9a96 0000 0101 080a 497a 97ed ............Iz.. 0x0030: 0067 5fb1 .g_. 08:51:52.097420 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 96:753, ack 346, win 237, options [nop,nop,TS val 6774719 ecr 1232771053], length 657: SMTP: To: <XXXXXX@gmail.com> 0x0000: 4510 02c5 a44e 4000 4006 b8dc 0a20 0140 E....N@.@......@ 0x0010: 4a7d 851b b056 0019 71c7 f758 f8e5 ac92 J}...V..q..X.... 0x0020: 8018 00ed ddaf 0000 0101 080a 0067 5fbf .............g_. 0x0030: 497a 97ed 546f 3a20 3c67 6772 7765 6240 Iz..To:.<XXXXXX@ 0x0040: 676d 6169 6c2e 636f 6d3e 0d0a 5375 626a gmail.com>..Subj 0x0050: 6563 743a 2074 6170 206d 650d 0a44 6174 ect:.tap.me..Dat 0x0060: 653a 2054 7565 2c20 3132 2053 6570 2032 e:.Tue,.12.Sep.2 0x0070: 3031 3720 3038 3a34 383a 3133 202b 3032 017.08:48:13.+02 0x0080: 3030 2028 4345 5354 290d 0a0d 0a2d 2d2d 00.(CEST)....--- 0x0090: 2d2d 4245 4749 4e20 5047 5020 4d45 5353 --BEGIN.PGP.MESS 0x00a0: 4147 452d 2d2d 2d2d 0d0a 5665 7273 696f AGE-----..Versio 0x00b0: 6e3a 2047 6e75 5047 2076 310d 0a0d 0a68 n:.GnuPG.v1....h 0x00c0: 5145 4d41 7777 3434 4774 6f65 6d38 4741 QEMAww44Gtoem8GA 0x00d0: 5167 4167 652f 4539 6657 5533 2f71 6849 QgAge/E9fWU3/qhI 0x00e0: 4974 4969 4244 7133 7a35 556a 5756 3272 ItIiBDq3z5UjWV2r 0x00f0: 3467 4638 5834 6c6b 6c32 3273 4946 670d 4gF8X4lkl22sIFg. 0x0100: 0a4d 4d73 6867 3552 6255 774a 536f 4468 .MMshg5RbUwJSoDh 0x0110: 5144 6c46 7843 3259 6a5a 714c 484d 2f58 QDlFxC2YjZqLHM/X 0x0120: 6753 616d 695a 6633 7459 7a65 7a47 726a gSamiZf3tYzezGrj 0x0130: 6f4a 6c50 7437 6561 764f 4435 554f 466f oJlPt7eavOD5UOFo 0x0140: 360d 0a69 3361 5858 4334 4a4c 5776 7945 6..i3aXXC4JLWvyE 0x0150: 6744 754b 3255 4e50 3530 7731 4946 4d7a gDuK2UNP50w1IFMz 0x0160: 6370 3748 7375 7839 4965 6333 7a61 4434 cp7Hsux9Iec3zaD4 0x0170: 4b78 5379 7341 365a 5833 707a 714a 4477 KxSysA6ZX3pzqJDw 0x0180: 6a64 660d 0a48 744e 3152 6477 6a76 7431 jdf..HtN1Rdwjvt1 0x0190: 5070 3178 7976 5049 385a 354f 686e 6a39 Pp1xyvPI8Z5Ohnj9 0x01a0: 474b 3771 552b 6546 4875 7443 7876 6648 GK7qU+eFHutCxvfH 0x01b0: 3753 7639 616d 6a46 6372 312f 444a 6371 7Sv9amjFcr1/DJcq 0x01c0: 3436 624f 4d0d 0a4c 7a43 3676 5952 7036 46bOM..LzC6vYRp6 0x01d0: 3465 7656 3857 4575 444b 7866 4857 3938 4evV8WEuDKxfHW98 0x01e0: 4975 2f49 6171 6e56 394b 3033 416f 6d64 Iu/IaqnV9K03Aomd 0x01f0: 364e 5679 5a4a 6d52 3479 6e70 4a49 4255 6NVyZJmR4ynpJIBU 0x0200: 3876 6a46 6e72 6b0d 0a37 6e69 3349 3866 8vjFnrk..7ni3I8f 0x0210: 496e 4851 717a 706d 6c57 344e 6f31 6c41 InHQqzpmlW4No1lA 0x0220: 7357 574d 5a6e 7546 3538 4e73 6255 3834 sWWMZnuF58NsbU84 0x0230: 6539 644a 4e41 5a32 4f2b 5147 5176 544f e9dJNAZ2O+QGQvTO 0x0240: 4549 7834 5a48 3758 770d 0a52 4749 3943 EIx4ZH7Xw..RGI9C 0x0250: 6f55 3342 7672 6552 4641 3362 7136 677a oU3BvreRFA3bq6gz 0x0260: 4c62 2b4c 314b 3666 6a48 7a63 6861 6930 Lb+L1K6fjHzchai0 0x0270: 6736 7978 524c 316d 7a4b 4e65 714a 704a g6yxRL1mzKNeqJpJ 0x0280: 3449 675a 4e6b 4e75 6477 780d 0a67 6442 4IgZNkNudwx..gdB 0x0290: 7264 7241 3979 4379 4f57 6377 6e73 7a73 rdrA9yCyOWcwnszs 0x02a0: 3d0d 0a3d 3532 506b 0d0a 2d2d 2d2d 2d45 =..=52Pk..-----E 0x02b0: 4e44 2050 4750 204d 4553 5341 4745 2d2d ND.PGP.MESSAGE-- 0x02c0: 2d2d 2d0d 0a ---.. 08:51:52.110850 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 753, win 171, options [nop,nop,TS val 1232771067 ecr 6774719], length 0 0x0000: 4500 0034 7135 0000 2b06 4397 4a7d 851b E..4q5..+.C.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac92 71c7 f9e9 ...@...V....q... 0x0020: 8010 00ab 97e4 0000 0101 080a 497a 97fb ............Iz.. 0x0030: 0067 5fbf .g_. 08:51:53.843710 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 753:756, ack 346, win 237, options [nop,nop,TS val 6775156 ecr 1232771067], length 3: SMTP: . 0x0000: 4510 0037 a44f 4000 4006 bb69 0a20 0140 E..7.O@.@..i...@ 0x0010: 4a7d 851b b056 0019 71c7 f9e9 f8e5 ac92 J}...V..q....... 0x0020: 8018 00ed db21 0000 0101 080a 0067 6174 .....!.......gat 0x0030: 497a 97fb 2e0d 0a Iz..... 08:51:53.856599 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 756, win 171, options [nop,nop,TS val 1232772813 ecr 6775156], length 0 0x0000: 4500 0034 7600 0000 2b06 3ecc 4a7d 851b E..4v...+.>.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac92 71c7 f9ec ...@...V....q... 0x0020: 8010 00ab 8f5a 0000 0101 080a 497a 9ecd .....Z......Iz.. 0x0030: 0067 6174 .gat 08:51:54.035157 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [P.], seq 346:398, ack 756, win 171, options [nop,nop,TS val 1232772991 ecr 6775156], length 52: SMTP: 250 2.0.0 OK 1505223474 y29si9130410wry.12 - gsmtp 0x0000: 4500 0068 763a 0000 2b06 3e5e 4a7d 851b E..hv:..+.>^J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ac92 71c7 f9ec ...@...V....q... 0x0020: 8018 00ab 1f6b 0000 0101 080a 497a 9f7f .....k......Iz.. 0x0030: 0067 6174 3235 3020 322e 302e 3020 4f4b .gat250.2.0.0.OK 0x0040: 2031 3530 3532 3233 3437 3420 7932 3973 .1505223474.y29s 0x0050: 6939 3133 3034 3130 7772 792e 3132 202d i9130410wry.12.- 0x0060: 2067 736d 7470 0d0a .gsmtp.. 08:51:54.035177 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 398, win 237, options [nop,nop,TS val 6775203 ecr 1232772991], length 0 0x0000: 4510 0034 a450 4000 4006 bb6b 0a20 0140 E..4.P@.@..k...@ 0x0010: 4a7d 851b b056 0019 71c7 f9ec f8e5 acc6 J}...V..q....... 0x0020: 8010 00ed db1e 0000 0101 080a 0067 61a3 .............ga. 0x0030: 497a 9f7f Iz.. 08:51:59.899074 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [P.], seq 756:762, ack 398, win 237, options [nop,nop,TS val 6776669 ecr 1232772991], length 6: SMTP: quit 0x0000: 4510 003a a451 4000 4006 bb64 0a20 0140 E..:.Q@.@..d...@ 0x0010: 4a7d 851b b056 0019 71c7 f9ec f8e5 acc6 J}...V..q....... 0x0020: 8018 00ed db24 0000 0101 080a 0067 675d .....$.......gg] 0x0030: 497a 9f7f 7175 6974 0d0a Iz..quit.. 08:51:59.912431 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 762, win 171, options [nop,nop,TS val 1232778869 ecr 6776669], length 0 0x0000: 4500 0034 8138 0000 2b06 3394 4a7d 851b E..4.8..+.3.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 acc6 71c7 f9f2 ...@...V....q... 0x0020: 8010 00ab 718f 0000 0101 080a 497a b675 ....q.......Iz.u 0x0030: 0067 675d .gg] 08:51:59.912445 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [P.], seq 398:455, ack 762, win 171, options [nop,nop,TS val 1232778869 ecr 6776669], length 57: SMTP: 221 2.0.0 closing connection y29si9130410wry.12 - gsmtp 0x0000: 4500 006d 8139 0000 2b06 335a 4a7d 851b E..m.9..+.3ZJ}.. 0x0010: 0a20 0140 0019 b056 f8e5 acc6 71c7 f9f2 ...@...V....q... 0x0020: 8018 00ab d6f1 0000 0101 080a 497a b675 ............Iz.u 0x0030: 0067 675d 3232 3120 322e 302e 3020 636c .gg]221.2.0.0.cl 0x0040: 6f73 696e 6720 636f 6e6e 6563 7469 6f6e osing.connection 0x0050: 2079 3239 7369 3931 3330 3431 3077 7279 .y29si9130410wry 0x0060: 2e31 3220 2d20 6773 6d74 700d 0a .12.-.gsmtp.. 08:51:59.912453 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [.], ack 455, win 237, options [nop,nop,TS val 6776673 ecr 1232778869], length 0 0x0000: 4510 0034 a452 4000 4006 bb69 0a20 0140 E..4.R@.@..i...@ 0x0010: 4a7d 851b b056 0019 71c7 f9f2 f8e5 acff J}...V..q....... 0x0020: 8010 00ed db1e 0000 0101 080a 0067 6761 .............gga 0x0030: 497a b675 Iz.u 08:51:59.912459 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [F.], seq 455, ack 762, win 171, options [nop,nop,TS val 1232778869 ecr 6776669], length 0 0x0000: 4500 0034 813a 0000 2b06 3392 4a7d 851b E..4.:..+.3.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 acff 71c7 f9f2 ...@...V....q... 0x0020: 8011 00ab 7155 0000 0101 080a 497a b675 ....qU......Iz.u 0x0030: 0067 675d .gg] 08:51:59.912495 IP 10.32.1.64.45142 > 74.125.133.27.25: Flags [F.], seq 762, ack 456, win 237, options [nop,nop,TS val 6776673 ecr 1232778869], length 0 0x0000: 4510 0034 a453 4000 4006 bb68 0a20 0140 E..4.S@.@..h...@ 0x0010: 4a7d 851b b056 0019 71c7 f9f2 f8e5 ad00 J}...V..q....... 0x0020: 8011 00ed db1e 0000 0101 080a 0067 6761 .............gga 0x0030: 497a b675 Iz.u 08:51:59.925306 IP 74.125.133.27.25 > 10.32.1.64.45142: Flags [.], ack 763, win 171, options [nop,nop,TS val 1232778882 ecr 6776673], length 0 0x0000: 4500 0034 8140 0000 2b06 338c 4a7d 851b E..4.@..+.3.J}.. 0x0010: 0a20 0140 0019 b056 f8e5 ad00 71c7 f9f3 ...@...V....q... 0x0020: 8010 00ab 7143 0000 0101 080a 497a b682 ....qC......Iz.. 0x0030: 0067 6761 .gga Appendix 3 21:24:09.578855 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [S], seq 1511189943, win 29200, options [mss 1460,sackOK,TS val 3504654 ecr 0,nop,wscale 7], length 0 0x0000: 4500 003c 97b9 4000 4006 9e9e 0a20 0140 E..<..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 edb7 0000 0000 @.......Z....... 0x0020: a002 7210 0493 0000 0204 05b4 0402 080a ..r............. 0x0030: 0035 7a0e 0000 0000 0103 0307 .5z......... 21:24:09.591950 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [S.], seq 3984949118, ack 1511189944, win 42408, options [mss 1380,sackOK,TS val 2131612024 ecr 3504654,nop,wscale 8], length 0 0x0000: 4500 003c c45b 0000 2b06 c6fc 40e9 b81b E..<.[..+...@... 0x0010: 0a20 0140 0019 c71e ed85 7f7e 5a12 edb8 ...@.......~Z... 0x0020: a012 a5a8 5761 0000 0204 0564 0402 080a ....Wa.....d.... 0x0030: 7f0d d178 0035 7a0e 0103 0308 ...x.5z..... 21:24:09.591981 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [.], ack 1, win 229, options [nop,nop,TS val 3504657 ecr 2131612024], length 0 0x0000: 4500 0034 97ba 4000 4006 9ea5 0a20 0140 E..4..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 edb8 ed85 7f7f @.......Z....... 0x0020: 8010 00e5 048b 0000 0101 080a 0035 7a11 .............5z. 0x0030: 7f0d d178 ...x 21:24:09.606438 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 1:52, ack 1, win 166, options [nop,nop,TS val 2131612039 ecr 3504657], length 51: SMTP: 220 mx.google.com ESMTP i13si6801402wre.7 - gsmtp 0x0000: 4500 0067 c464 0000 2b06 c6c8 40e9 b81b E..g.d..+...@... 0x0010: 0a20 0140 0019 c71e ed85 7f7f 5a12 edb8 ...@........Z... 0x0020: 8018 00a6 0db8 0000 0101 080a 7f0d d187 ................ 0x0030: 0035 7a11 3232 3020 6d78 2e67 6f6f 676c .5z.220.mx.googl 0x0040: 652e 636f 6d20 4553 4d54 5020 6931 3373 e.com.ESMTP.i13s 0x0050: 6936 3830 3134 3032 7772 652e 3720 2d20 i6801402wre.7.-. 0x0060: 6773 6d74 700d 0a gsmtp.. 21:24:09.606463 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [.], ack 52, win 229, options [nop,nop,TS val 3504661 ecr 2131612039], length 0 0x0000: 4500 0034 97bb 4000 4006 9ea4 0a20 0140 E..4..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 edb8 ed85 7fb2 @.......Z....... 0x0020: 8010 00e5 048b 0000 0101 080a 0035 7a15 .............5z. 0x0030: 7f0d d187 .... 21:24:09.606504 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 1:27, ack 52, win 229, options [nop,nop,TS val 3504661 ecr 2131612039], length 26: SMTP: EHLO rolf-Latitude-E5550 0x0000: 4500 004e 97bc 4000 4006 9e89 0a20 0140 E..N..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 edb8 ed85 7fb2 @.......Z....... 0x0020: 8018 00e5 04a5 0000 0101 080a 0035 7a15 .............5z. 0x0030: 7f0d d187 4548 4c4f 2072 6f6c 662d 4c61 ....EHLO.rolf-La 0x0040: 7469 7475 6465 2d45 3535 3530 0d0a titude-E5550.. 21:24:09.619619 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [.], ack 27, win 166, options [nop,nop,TS val 2131612052 ecr 3504661], length 0 0x0000: 4500 0034 c468 0000 2b06 c6f7 40e9 b81b E..4.h..+...@... 0x0010: 0a20 0140 0019 c71e ed85 7fb2 5a12 edd2 ...@........Z... 0x0020: 8010 00a6 2a71 0000 0101 080a 7f0d d194 ....*q.......... 0x0030: 0035 7a15 .5z. 21:24:09.622181 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 52:221, ack 27, win 166, options [nop,nop,TS val 2131612055 ecr 3504661], length 169: SMTP: 250-mx.google.com at your service, [212.89.128.XX] 0x0000: 4500 00dd c46b 0000 2b06 c64b 40e9 b81b E....k..+..K@... 0x0010: 0a20 0140 0019 c71e ed85 7fb2 5a12 edd2 ...@........Z... 0x0020: 8018 00a6 f846 0000 0101 080a 7f0d d197 .....F.......... 0x0030: 0035 7a15 3235 302d 6d78 2e67 6f6f 676c .5z.250-mx.googl 0x0040: 652e 636f 6d20 6174 2079 6f75 7220 7365 e.com.at.your.se 0x0050: 7276 6963 652c 205b 3231 322e 3839 2e31 rvice,.[212.89.1 0x0060: 3238 2e36 365d 0d0a 3235 302d 5349 5a45 28.XX]..250-SIZE 0x0070: 2031 3537 3238 3634 3030 0d0a 3235 302d .157286400..250- 0x0080: 3842 4954 4d49 4d45 0d0a 3235 302d 5354 8BITMIME..250-ST 0x0090: 4152 5454 4c53 0d0a 3235 302d 454e 4841 ARTTLS..250-ENHA 0x00a0: 4e43 4544 5354 4154 5553 434f 4445 530d NCEDSTATUSCODES. 0x00b0: 0a32 3530 2d50 4950 454c 494e 494e 470d .250-PIPELINING. 0x00c0: 0a32 3530 2d43 4855 4e4b 494e 470d 0a32 .250-CHUNKING..2 0x00d0: 3530 2053 4d54 5055 5446 380d 0a 50.SMTPUTF8.. 21:24:09.622253 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 27:37, ack 221, win 237, options [nop,nop,TS val 3504665 ecr 2131612055], length 10: SMTP: STARTTLS 0x0000: 4500 003e 97bd 4000 4006 9e98 0a20 0140 E..>..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 edd2 ed85 805b @.......Z......[ 0x0020: 8018 00ed 0495 0000 0101 080a 0035 7a19 .............5z. 0x0030: 7f0d d197 5354 4152 5454 4c53 0d0a ....STARTTLS.. 21:24:09.635404 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 221:251, ack 37, win 166, options [nop,nop,TS val 2131612068 ecr 3504665], length 30: SMTP: 220 2.0.0 Ready to start TLS 0x0000: 4500 0052 c471 0000 2b06 c6d0 40e9 b81b E..R.q..+...@... 0x0010: 0a20 0140 0019 c71e ed85 805b 5a12 eddc ...@.......[Z... 0x0020: 8018 00a6 1261 0000 0101 080a 7f0d d1a4 .....a.......... 0x0030: 0035 7a19 3232 3020 322e 302e 3020 5265 .5z.220.2.0.0.Re 0x0040: 6164 7920 746f 2073 7461 7274 2054 4c53 ady.to.start.TLS 0x0050: 0d0a .. 21:24:09.644593 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 37:269, ack 251, win 237, options [nop,nop,TS val 3504670 ecr 2131612068], length 232: SMTP 0x0000: 4500 011c 97be 4000 4006 9db9 0a20 0140 E.....@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 eddc ed85 8079 @.......Z......y 0x0020: 8018 00ed 0573 0000 0101 080a 0035 7a1e .....s.......5z. 0x0030: 7f0d d1a4 1603 0100 e301 0000 df03 0359 ...............Y 0x0040: b6aa 6104 fc67 ac61 1ea1 6f46 9b76 251a ..a..g.a..oF.v%. 0x0050: 1556 fa66 65a4 e7d7 25b8 21ab bfc2 eb00 .V.fe...%.!..... 0x0060: 006c c02b c02c c086 c087 c009 c023 c00a .l.+.,.......#.. 0x0070: c024 c072 c073 c0ac c0ad c008 c02f c030 .$.r.s......./.0 0x0080: c08a c08b c013 c027 c014 c028 c076 c077 .......'...(.v.w 0x0090: c012 009c 009d c07a c07b 002f 003c 0035 .......z.{./.<.5 0x00a0: 003d 0041 00ba 0084 00c0 c09c c09d 000a .=.A............ 0x00b0: 009e 009f c07c c07d 0033 0067 0039 006b .....|.}.3.g.9.k 0x00c0: 0045 00be 0088 00c4 c09e c09f 0016 0100 .E.............. 0x00d0: 004a 0017 0000 0016 0000 0005 0005 0100 .J.............. 0x00e0: 0000 00ff 0100 0100 0023 0000 000a 000c .........#...... 0x00f0: 000a 0017 0018 0019 0015 0013 000b 0002 ................ 0x0100: 0100 000d 0016 0014 0401 0403 0501 0503 ................ 0x0110: 0601 0603 0301 0303 0201 0203 ............ 21:24:09.659430 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [.], seq 251:3087, ack 269, win 170, options [nop,nop,TS val 2131612091 ecr 3504670], length 2836: SMTP 0x0000: 4500 0b48 c480 0000 2b06 bbcb 40e9 b81b E..H....+...@... 0x0010: 0a20 0140 0019 c71e ed85 8079 5a12 eec4 ...@.......yZ... 0x0020: 8010 00aa 0f9f 0000 0101 080a 7f0d d1bb ................ 0x0030: 0035 7a1e 1603 0300 3f02 0000 3b03 0359 .5z.....?...;..Y 0x0040: b6aa 990b 282f 4e13 8500 0614 36cb 2f18 ....(/N.....6./. 0x0050: 6870 0aa0 7738 7cec 9604 88fc 730d 3000 hp..w8|.....s.0. 0x0060: c02f 0000 13ff 0100 0100 0017 0000 0023 ./.............# 0x0070: 0000 000b 0002 0100 1603 030e 620b 000e ............b... 0x0080: 5e00 0e5b 0006 a530 8206 a130 8205 89a0 ^..[...0...0.... 0x0090: 0302 0102 0208 3f4c a01f 9324 ef34 300d ......?L...$.40. 0x00a0: 0609 2a86 4886 f70d 0101 0b05 0030 4931 ..*.H........0I1 0x00b0: 0b30 0906 0355 0406 1302 5553 3113 3011 .0...U....US1.0. 0x00c0: 0603 5504 0a13 0a47 6f6f 676c 6520 496e ..U....Google.In 0x00d0: 6331 2530 2306 0355 0403 131c 476f 6f67 c1%0#..U....Goog 0x00e0: 6c65 2049 6e74 6572 6e65 7420 4175 7468 le.Internet.Auth 0x00f0: 6f72 6974 7920 4732 301e 170d 3137 3039 ority.G20...1709 0x0100: 3031 3130 3038 3435 5a17 0d31 3731 3132 01100845Z..17112 0x0110: 3430 3934 3130 305a 3067 310b 3009 0603 4094100Z0g1.0... 0x0120: 5504 0613 0255 5331 1330 1106 0355 0408 U....US1.0...U.. 0x0130: 0c0a 4361 6c69 666f 726e 6961 3116 3014 ..California1.0. 0x0140: 0603 5504 070c 0d4d 6f75 6e74 6169 6e20 ..U....Mountain. 0x0150: 5669 6577 3113 3011 0603 5504 0a0c 0a47 View1.0...U....G 0x0160: 6f6f 676c 6520 496e 6331 1630 1406 0355 oogle.Inc1.0...U 0x0170: 0403 0c0d 6d78 2e67 6f6f 676c 652e 636f ....mx.google.co 0x0180: 6d30 8201 2230 0d06 092a 8648 86f7 0d01 m0.."0...*.H.... 0x0190: 0101 0500 0382 010f 0030 8201 0a02 8201 .........0...... 0x01a0: 0100 cd74 4906 5684 4cea c9bb 9414 f9d3 ...tI.V.L....... 0x01b0: 83bd 2619 36e1 9d45 9e3f cf69 2804 8b72 ..&.6..E.?.i(..r 0x01c0: ab42 0c8d 2b78 c8b0 bfbf 6e01 85bc 96d1 .B..+x....n..... 0x01d0: dc8b 5437 a2bf df06 ddbb 1922 33bb 627a ..T7......."3.bz 0x01e0: 5d13 5c98 9173 4dba e744 00b9 117e 78cf ].\..sM..D...~x. 0x01f0: f755 9cf4 0f5b 65d6 2abe 4a72 cb28 7762 .U...[e.*.Jr.(wb 0x0200: ec4b 850d 3fcc 2fcd ad94 bad2 0ea3 f281 .K..?./......... 0x0210: a34d a171 0ea9 e852 6f40 626a 4673 25a9 .M.q...Ro@bjFs%. 0x0220: c7b5 5913 5f0a 6313 445c 4bec 68a5 e0b4 ..Y._.c.D\K.h... 0x0230: 7732 c1c0 ca80 566f e483 0241 e1ff 02b9 w2....Vo...A.... 0x0240: b4f3 0939 b68c c221 b4b8 7a9e 9012 5907 ...9...!..z...Y. 0x0250: 15bc d180 d5ab 3ec1 dddb 35fc 1889 8611 ......>...5..... 0x0260: 3dcd 3d64 e9f4 e094 8be3 8c68 d9d4 aab1 =.=d.......h.... 0x0270: 6ec0 99db efb7 9b4b 72a1 65e4 0aa5 67c8 n......Kr.e...g. 0x0280: 2b1a 345b b41b 50e6 39c3 c2f0 fc97 fb14 +.4[..P.9....... 0x0290: 9db1 175e a4f0 31f6 402c 0749 8da1 a19b ...^..1.@,.I.... 0x02a0: 39c9 0203 0100 01a3 8203 6d30 8203 6930 9.........m0..i0 0x02b0: 1d06 0355 1d25 0416 3014 0608 2b06 0105 ...U.%..0...+... 0x02c0: 0507 0301 0608 2b06 0105 0507 0302 3082 ......+.......0. 0x02d0: 0239 0603 551d 1104 8202 3030 8202 2c82 .9..U.....00..,. 0x02e0: 0d6d 782e 676f 6f67 6c65 2e63 6f6d 8217 .mx.google.com.. 0x02f0: 616c 7431 2e61 7370 6d78 2e6c 2e67 6f6f alt1.aspmx.l.goo 0x0300: 676c 652e 636f 6d82 1f61 6c74 312e 676d gle.com..alt1.gm 0x0310: 6169 6c2d 736d 7470 2d69 6e2e 6c2e 676f ail-smtp-in.l.go 0x0320: 6f67 6c65 2e63 6f6d 821d 616c 7431 2e67 ogle.com..alt1.g 0x0330: 6d72 2d73 6d74 702d 696e 2e6c 2e67 6f6f mr-smtp-in.l.goo 0x0340: 676c 652e 636f 6d82 1761 6c74 322e 6173 gle.com..alt2.as 0x0350: 706d 782e 6c2e 676f 6f67 6c65 2e63 6f6d pmx.l.google.com 0x0360: 821f 616c 7432 2e67 6d61 696c 2d73 6d74 ..alt2.gmail-smt 0x0370: 702d 696e 2e6c 2e67 6f6f 676c 652e 636f p-in.l.google.co 0x0380: 6d82 1d61 6c74 322e 676d 722d 736d 7470 m..alt2.gmr-smtp 0x0390: 2d69 6e2e 6c2e 676f 6f67 6c65 2e63 6f6d -in.l.google.com 0x03a0: 8217 616c 7433 2e61 7370 6d78 2e6c 2e67 ..alt3.aspmx.l.g 0x03b0: 6f6f 676c 652e 636f 6d82 1f61 6c74 332e oogle.com..alt3. 0x03c0: 676d 6169 6c2d 736d 7470 2d69 6e2e 6c2e gmail-smtp-in.l. 0x03d0: 676f 6f67 6c65 2e63 6f6d 821d 616c 7433 google.com..alt3 0x03e0: 2e67 6d72 2d73 6d74 702d 696e 2e6c 2e67 .gmr-smtp-in.l.g 0x03f0: 6f6f 676c 652e 636f 6d82 1761 6c74 342e oogle.com..alt4. 0x0400: 6173 706d 782e 6c2e 676f 6f67 6c65 2e63 aspmx.l.google.c 0x0410: 6f6d 821f 616c 7434 2e67 6d61 696c 2d73 om..alt4.gmail-s 0x0420: 6d74 702d 696e 2e6c 2e67 6f6f 676c 652e mtp-in.l.google. 0x0430: 636f 6d82 1d61 6c74 342e 676d 722d 736d com..alt4.gmr-sm 0x0440: 7470 2d69 6e2e 6c2e 676f 6f67 6c65 2e63 tp-in.l.google.c 0x0450: 6f6d 8212 6173 706d 782e 6c2e 676f 6f67 om..aspmx.l.goog 0x0460: 6c65 2e63 6f6d 8215 6173 706d 7832 2e67 le.com..aspmx2.g 0x0470: 6f6f 676c 656d 6169 6c2e 636f 6d82 1561 ooglemail.com..a 0x0480: 7370 6d78 332e 676f 6f67 6c65 6d61 696c spmx3.googlemail 0x0490: 2e63 6f6d 8215 6173 706d 7834 2e67 6f6f .com..aspmx4.goo 0x04a0: 676c 656d 6169 6c2e 636f 6d82 1561 7370 glemail.com..asp 0x04b0: 6d78 352e 676f 6f67 6c65 6d61 696c 2e63 mx5.googlemail.c 0x04c0: 6f6d 821a 676d 6169 6c2d 736d 7470 2d69 om..gmail-smtp-i 0x04d0: 6e2e 6c2e 676f 6f67 6c65 2e63 6f6d 8211 n.l.google.com.. 0x04e0: 676d 722d 6d78 2e67 6f6f 676c 652e 636f gmr-mx.google.co 0x04f0: 6d82 1867 6d72 2d73 6d74 702d 696e 2e6c m..gmr-smtp-in.l 0x0500: 2e67 6f6f 676c 652e 636f 6d30 6806 082b .google.com0h..+ 0x0510: 0601 0505 0701 0104 5c30 5a30 2b06 082b ........\0Z0+..+ 0x0520: 0601 0505 0730 0286 1f68 7474 703a 2f2f .....0...http:// 0x0530: 706b 692e 676f 6f67 6c65 2e63 6f6d 2f47 pki.google.com/G 0x0540: 4941 4732 2e63 7274 302b 0608 2b06 0105 IAG2.crt0+..+... 0x0550: 0507 3001 861f 6874 7470 3a2f 2f63 6c69 ..0...http://cli 0x0560: 656e 7473 312e 676f 6f67 6c65 2e63 6f6d ents1.google.com 0x0570: 2f6f 6373 7030 1d06 0355 1d0e 0416 0414 /ocsp0...U...... 0x0580: 1713 7bee 0365 b8ba 3998 7ab4 9016 a29d ..{..e..9.z..... 0x0590: 2297 4020 300c 0603 551d 1301 01ff 0402 ".@.0...U....... 0x05a0: 3000 301f 0603 551d 2304 1830 1680 144a 0.0...U.#..0...J 0x05b0: dd06 161b bcf6 68b5 76f5 81b6 bb62 1aba ......h.v....b.. 0x05c0: 5a81 2f30 2106 0355 1d20 041a 3018 300c Z./0!..U....0.0. 0x05d0: 060a 2b06 0104 01d6 7902 0501 3008 0606 ..+.....y...0... 0x05e0: 6781 0c01 0202 3030 0603 551d 1f04 2930 g.....00..U...)0 0x05f0: 2730 25a0 23a0 2186 1f68 7474 703a 2f2f '0%.#.!..http:// 0x0600: 706b 692e 676f 6f67 6c65 2e63 6f6d 2f47 pki.google.com/G 0x0610: 4941 4732 2e63 726c 300d 0609 2a86 4886 IAG2.crl0...*.H. 0x0620: f70d 0101 0b05 0003 8201 0100 8e94 cd0b ................ 0x0630: adca c447 cb77 7820 78c1 59e2 eacf 844c ...G.wx.x.Y....L 0x0640: 91da aca5 2794 4bd2 6888 48c1 6f19 f6e8 ....'.K.h.H.o... 0x0650: 9418 26d8 b5dc ff0f 4497 de20 ae01 77e8 ..&.....D.....w. 0x0660: 16a4 3202 26e4 94ce 991d 84b7 c8f7 50e8 ..2.&.........P. 0x0670: 1124 405f dedf 9b7b d0dd a847 3fcd 7b6d .$@_...{...G?.{m 0x0680: d38d b001 d69a e86a 3495 4814 6c2d 3a45 .......j4.H.l-:E 0x0690: 641a d4d6 935d 47a2 51c1 b18b 14ab 6cda d....]G.Q.....l. 0x06a0: 528a 7027 43a6 50d2 f9c4 2a2a fc71 dc91 R.p'C.P...**.q.. 0x06b0: 7386 3e4d a656 b7b0 3837 5f44 d8bd dcc9 s.>M.V..87_D.... 0x06c0: 191b 873b 74f8 1860 8d14 facf 2f74 7b72 ...;t..`..../t{r 0x06d0: 49d4 e1df 6822 41c1 8d80 9565 f305 78dd I...h"A....e..x. 0x06e0: 17e8 adf7 7be1 bf48 cc63 b509 6d57 83ab ....{..H.c..mW.. 0x06f0: dce1 59b4 97fb 0c20 5899 af87 04a4 8129 ..Y.....X......) 0x0700: e1a1 e65f 411e f249 9c57 d7b8 1b1e c00b ..._A..I.W...... 0x0710: 4437 2d56 ff0d d336 f94a c214 463d 83fa D7-V...6.J..F=.. 0x0720: db36 a691 3dd7 28db b379 f83d 0004 2c30 .6..=.(..y.=..,0 0x0730: 8204 2830 8203 10a0 0302 0102 0210 0100 ..(0............ 0x0740: 2125 88b0 fa59 a777 ef05 7b66 27df 300d !%...Y.w..{f'.0. 0x0750: 0609 2a86 4886 f70d 0101 0b05 0030 4231 ..*.H........0B1 0x0760: 0b30 0906 0355 0406 1302 5553 3116 3014 .0...U....US1.0. 0x0770: 0603 5504 0a13 0d47 656f 5472 7573 7420 ..U....GeoTrust. 0x0780: 496e 632e 311b 3019 0603 5504 0313 1247 Inc.1.0...U....G 0x0790: 656f 5472 7573 7420 476c 6f62 616c 2043 eoTrust.Global.C 0x07a0: 4130 1e17 0d31 3730 3532 3231 3133 3233 A0...17052211323 0x07b0: 375a 170d 3138 3132 3331 3233 3539 3539 7Z..181231235959 0x07c0: 5a30 4931 0b30 0906 0355 0406 1302 5553 Z0I1.0...U....US 0x07d0: 3113 3011 0603 5504 0a13 0a47 6f6f 676c 1.0...U....Googl 0x07e0: 6520 496e 6331 2530 2306 0355 0403 131c e.Inc1%0#..U.... 0x07f0: 476f 6f67 6c65 2049 6e74 6572 6e65 7420 Google.Internet. 0x0800: 4175 7468 6f72 6974 7920 4732 3082 0122 Authority.G20.." 0x0810: 300d 0609 2a86 4886 f70d 0101 0105 0003 0...*.H......... 0x0820: 8201 0f00 3082 010a 0282 0101 009c 2a04 ....0.........*. 0x0830: 775c d850 913a 06a3 82e0 d850 48bc 893f w\.P.:.....PH..? 0x0840: f119 701a 8846 7ee0 8fc5 f189 ce21 ee5a ..p..F~......!.Z 0x0850: fe61 0db7 3244 89a0 740b 534f 55a4 ce82 .a..2D..t.SOU... 0x0860: 6295 eeeb 595f c6e1 0580 12c4 5e94 3fbc b...Y_......^.?. 0x0870: 5b48 38f4 53f7 24e6 fb91 e915 c4cf f453 [H8.S.$........S 0x0880: 0df4 4afc 9f54 de7d bea0 6b6f 87c0 d050 ..J..T.}..ko...P 0x0890: 1f28 3003 40da 0873 516c 7fff 3a3c a737 .(0.@..sQl..:<.7 0x08a0: 068e bd4b 1104 eb7d 24de e6f9 fc31 71fb ...K...}$....1q. 0x08b0: 94d5 60f3 2e4a af42 d2cb eac4 6a1a b2cc ..`..J.B....j... 0x08c0: 53dd 154b 8b1f c819 611f cd9d a83e 632b S..K....a....>c+ 0x08d0: 8435 6965 84c8 19c5 4622 f853 95be e380 .5ie....F".S.... 0x08e0: 4a10 c62a ecba 9720 11c7 3999 1004 a0f0 J..*......9..... 0x08f0: 617a 9525 8c4e 5275 e2b6 ed08 ca14 fcce az.%.NRu........ 0x0900: 226a b34e cf46 0397 9703 7ec0 b1de 7baf "j.N.F....~...{. 0x0910: 4533 cfba 3e71 b7de f425 25c2 0d35 899d E3..>q...%%..5.. 0x0920: 9dfb 0e11 7989 1e37 c5af 8e72 6902 0301 ....y..7...ri... 0x0930: 0001 a382 0111 3082 010d 301f 0603 551d ......0...0...U. 0x0940: 2304 1830 1680 14c0 7a98 688d 89fb ab05 #..0....z.h..... 0x0950: 640c 117d aa7d 65b8 cacc 4e30 1d06 0355 d..}.}e...N0...U 0x0960: 1d0e 0416 0414 4add 0616 1bbc f668 b576 ......J......h.v 0x0970: f581 b6bb 621a ba5a 812f 300e 0603 551d ....b..Z./0...U. 0x0980: 0f01 01ff 0404 0302 0106 302e 0608 2b06 ..........0...+. 0x0990: 0105 0507 0101 0422 3020 301e 0608 2b06 ......."0.0...+. 0x09a0: 0105 0507 3001 8612 6874 7470 3a2f 2f67 ....0...http://g 0x09b0: 2e73 796d 6364 2e63 6f6d 3012 0603 551d .symcd.com0...U. 0x09c0: 1301 01ff 0408 3006 0101 ff02 0100 3035 ......0.......05 0x09d0: 0603 551d 1f04 2e30 2c30 2aa0 28a0 2686 ..U....0,0*.(.&. 0x09e0: 2468 7474 703a 2f2f 672e 7379 6d63 622e $http://g.symcb. 0x09f0: 636f 6d2f 6372 6c73 2f67 7467 6c6f 6261 com/crls/gtgloba 0x0a00: 6c2e 6372 6c30 2106 0355 1d20 041a 3018 l.crl0!..U....0. 0x0a10: 300c 060a 2b06 0104 01d6 7902 0501 3008 0...+.....y...0. 0x0a20: 0606 6781 0c01 0202 301d 0603 551d 2504 ..g.....0...U.%. 0x0a30: 1630 1406 082b 0601 0505 0703 0106 082b .0...+.........+ 0x0a40: 0601 0505 0703 0230 0d06 092a 8648 86f7 .......0...*.H.. 0x0a50: 0d01 010b 0500 0382 0101 00ca 49e5 acd7 ............I... 0x0a60: 6464 775b be71 facf f41e 23c7 9a69 6354 ddw[.q....#..icT 0x0a70: 5feb 4cd6 1928 2364 668e 1cc7 8780 645f _.L..(#df.....d_ 0x0a80: 048b 26af 98df 0a70 bcbc 193d ee7b 33a9 ..&....p...=.{3. 0x0a90: 7fbd f405 d470 bb05 2679 ea9a c798 b907 .....p..&y...... 0x0aa0: 1965 34cc 3ce9 3fc5 01fa 6f0c 7edb 7a70 .e4.<.?...o.~.zp 0x0ab0: 5c4c fe2d 00f0 cabe 2d8e b4a8 80fb 0113 \L.-....-....... 0x0ac0: 88cb 9c3f e5bb 77ca 3a67 36f3 ced5 2702 ...?..w.:g6...'. 0x0ad0: 7243 a0bd 6e02 f147 0571 3e01 59e9 119e rC..n..G.q>.Y... 0x0ae0: 1af3 840f 80a6 a278 352f b6c7 a27f 177c .......x5/.....| 0x0af0: e18b 56ae ee67 8851 2730 60a5 6252 c337 ..V..g.Q'0`.bR.7 0x0b00: d53b ea85 2a01 3887 a2cf 70ad a47a c9c4 .;..*.8...p..z.. 0x0b10: e7ca c5da bc23 32f2 fe18 c27b e0df 3b2f .....#2....{..;/ 0x0b20: d4d0 10e6 964c fb44 b721 640d b900 9430 .....L.D.!d....0 0x0b30: 1226 8758 9839 0538 0fcc 8248 0c0a 4766 .&.X.9.8...H..Gf 0x0b40: eebf b45f c4ff 70a8 ..._..p. 21:24:09.659469 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [.], ack 3087, win 281, options [nop,nop,TS val 3504674 ecr 2131612091], length 0 0x0000: 4500 0034 97bf 4000 4006 9ea0 0a20 0140 E..4..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 eec4 ed85 8b8d @.......Z....... 0x0020: 8010 0119 048b 0000 0101 080a 0035 7a22 .............5z" 0x0030: 7f0d d1bb .... 21:24:09.659622 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 3087:4353, ack 269, win 170, options [nop,nop,TS val 2131612091 ecr 3504670], length 1266: SMTP 0x0000: 4500 0526 c482 0000 2b06 c1eb 40e9 b81b E..&....+...@... 0x0010: 0a20 0140 0019 c71e ed85 8b8d 5a12 eec4 ...@........Z... 0x0020: 8018 00aa f88b 0000 0101 080a 7f0d d1bb ................ 0x0030: 0035 7a1e e17f 8b79 2bb8 6532 a3b9 b731 .5z....y+.e2...1 0x0040: e90a f5f6 1f32 dc00 0381 3082 037d 3082 .....2....0..}0. 0x0050: 02e6 a003 0201 0202 0312 bbe6 300d 0609 ............0... 0x0060: 2a86 4886 f70d 0101 0505 0030 4e31 0b30 *.H........0N1.0 0x0070: 0906 0355 0406 1302 5553 3110 300e 0603 ...U....US1.0... 0x0080: 5504 0a13 0745 7175 6966 6178 312d 302b U....Equifax1-0+ 0x0090: 0603 5504 0b13 2445 7175 6966 6178 2053 ..U...$Equifax.S 0x00a0: 6563 7572 6520 4365 7274 6966 6963 6174 ecure.Certificat 0x00b0: 6520 4175 7468 6f72 6974 7930 1e17 0d30 e.Authority0...0 0x00c0: 3230 3532 3130 3430 3030 305a 170d 3138 20521040000Z..18 0x00d0: 3038 3231 3034 3030 3030 5a30 4231 0b30 0821040000Z0B1.0 0x00e0: 0906 0355 0406 1302 5553 3116 3014 0603 ...U....US1.0... 0x00f0: 5504 0a13 0d47 656f 5472 7573 7420 496e U....GeoTrust.In 0x0100: 632e 311b 3019 0603 5504 0313 1247 656f c.1.0...U....Geo 0x0110: 5472 7573 7420 476c 6f62 616c 2043 4130 Trust.Global.CA0 0x0120: 8201 2230 0d06 092a 8648 86f7 0d01 0101 .."0...*.H...... 0x0130: 0500 0382 010f 0030 8201 0a02 8201 0100 .......0........ 0x0140: dacc 1863 30fd f417 231a 567e 5bdf 3c6c ...c0...#.V~[.<l 0x0150: 38e4 71b7 7891 d4bc a1d8 4cf8 a843 b603 8.q.x.....L..C.. 0x0160: e94d 2107 0888 da58 2f66 3929 bd05 788b .M!....X/f9)..x. 0x0170: 9d38 e805 b76a 7e71 a4e6 c460 a6b0 ef80 .8...j~q...`.... 0x0180: e489 280f 9e25 d6ed 83f3 ada6 91c7 98c9 ..(..%.......... 0x0190: 4218 3514 9dad 9846 922e 4fca f187 43c1 B.5....F..O...C. 0x01a0: 1695 572d 50ef 892d 807a 57ad f2ee 5f6b ..W-P..-.zW..._k 0x01b0: d200 8db9 14f8 1415 35d9 c046 a37b 72c8 ........5..F.{r. 0x01c0: 91bf c955 2bcd d097 3e9c 2664 ccdf ce83 ...U+...>.&d.... 0x01d0: 1971 ca4e e6d4 d57b a919 cd55 dec8 ecd2 .q.N...{...U.... 0x01e0: 5e38 53e5 5c4f 8c2d fe50 2336 fc66 e6cb ^8S.\O.-.P#6.f.. 0x01f0: 8ea4 3919 00b7 9502 3991 0b0e fe38 2ed1 ..9.....9....8.. 0x0200: 1d05 9af6 4d3e 6f0f 071d af2c 1e8f 6039 ....M>o....,..`9 0x0210: e2fa 3653 1339 d45e 262b db3d a814 bd32 ..6S.9.^&+.=...2 0x0220: eb18 0328 5204 71e5 ab33 3de1 38bb 0736 ...(R.q..3=.8..6 0x0230: 8462 9c79 ea16 30f4 5fc0 2be8 716b e4f9 .b.y..0._.+.qk.. 0x0240: 0203 0100 01a3 81f0 3081 ed30 1f06 0355 ........0..0...U 0x0250: 1d23 0418 3016 8014 48e6 68f9 2bd2 b295 .#..0...H.h.+... 0x0260: d747 d823 2010 4f33 9890 9fd4 301d 0603 .G.#..O3....0... 0x0270: 551d 0e04 1604 14c0 7a98 688d 89fb ab05 U.......z.h..... 0x0280: 640c 117d aa7d 65b8 cacc 4e30 0f06 0355 d..}.}e...N0...U 0x0290: 1d13 0101 ff04 0530 0301 01ff 300e 0603 .......0....0... 0x02a0: 551d 0f01 01ff 0404 0302 0106 303a 0603 U...........0:.. 0x02b0: 551d 1f04 3330 3130 2fa0 2da0 2b86 2968 U...3010/.-.+.)h 0x02c0: 7474 703a 2f2f 6372 6c2e 6765 6f74 7275 ttp://crl.geotru 0x02d0: 7374 2e63 6f6d 2f63 726c 732f 7365 6375 st.com/crls/secu 0x02e0: 7265 6361 2e63 726c 304e 0603 551d 2004 reca.crl0N..U... 0x02f0: 4730 4530 4306 0455 1d20 0030 3b30 3906 G0E0C..U...0;09. 0x0300: 082b 0601 0505 0702 0116 2d68 7474 7073 .+........-https 0x0310: 3a2f 2f77 7777 2e67 656f 7472 7573 742e ://www.geotrust. 0x0320: 636f 6d2f 7265 736f 7572 6365 732f 7265 com/resources/re 0x0330: 706f 7369 746f 7279 300d 0609 2a86 4886 pository0...*.H. 0x0340: f70d 0101 0505 0003 8181 0076 e112 6e4e ...........v..nN 0x0350: 4b16 1286 3006 b281 08cf f008 c7c7 717e K...0.........q~ 0x0360: 66ee c2ed d43b 1fff f0f0 c84e d643 38b0 f....;.....N.C8. 0x0370: b930 7d18 d055 83a2 6acb 3611 9ce8 4866 .0}..U..j.6...Hf 0x0380: a36d 7fb8 13d4 47fe 8b5a 5c73 fcae d91b .m....G..Z\s.... 0x0390: 3219 38ab 9734 14aa 96d2 eba3 1c14 0849 2.8..4.........I 0x03a0: b6bb e591 ef83 36eb 1d56 6fca dabc 7363 ......6..Vo...sc 0x03b0: 90e4 7f7b 3e22 cb3d 07ed 5f38 749c e303 ...{>".=.._8t... 0x03c0: 504e a1af 98ee 61f2 843f 1216 0303 014d PN....a..?.....M 0x03d0: 0c00 0149 0300 1741 041d 39e7 b464 d70d ...I...A..9..d.. 0x03e0: 2c6c 68a9 9ff8 ff88 d81b 7bfe bc7e b46b ,lh.......{..~.k 0x03f0: 16c9 0cc5 4ef3 004f 4fa8 e263 33ca 1d3c ....N..OO..c3..< 0x0400: e8e7 1b21 ff4d 8883 c58e 8dca d43e d6cf ...!.M.......>.. 0x0410: 8d18 e164 47fe 0680 3904 0101 006d 0d99 ...dG...9....m.. 0x0420: d21c 2fb4 43b8 193b b630 b740 07dd 660e ../.C..;.0.@..f. 0x0430: a669 2c16 685c 336a 8cf3 9e04 e0af fc73 .i,.h\3j.......s 0x0440: 2e92 46f6 4bfc 38f1 f72c e8d5 1e86 3887 ..F.K.8..,....8. 0x0450: 54ee 3468 2a36 650e 67c2 cd3a cc2d c687 T.4h*6e.g..:.-.. 0x0460: 8cd4 4347 62b9 6fea bab6 72cc afd3 f6be ..CGb.o...r..... 0x0470: 1f19 7e1d c232 b288 74bc a9c8 8704 44e2 ..~..2..t.....D. 0x0480: 670b 3be6 e23a c1da 3d45 e991 9088 c225 g.;..:..=E.....% 0x0490: 4de7 f7b4 cb61 326a bf8d f7e6 5253 bd26 M....a2j....RS.& 0x04a0: dc7c b286 7bbc 964d ca75 4e58 a0e8 6404 .|..{..M.uNX..d. 0x04b0: 76c5 6128 b2c4 6f6e 736e 04b1 111f 8fe0 v.a(..onsn...... 0x04c0: 7b29 d3f3 9ff9 bb0f e9e2 c58b be7c 7f2b {)...........|.+ 0x04d0: 803c dd01 45b4 c721 f5ee 8667 4a88 59b5 .<..E..!...gJ.Y. 0x04e0: bdc1 7c77 3f65 c1e6 fd60 841a 6839 6915 ..|w?e...`..h9i. 0x04f0: 0583 300b 638f 8928 5dda 7b96 dfaf 304c ..0.c..(].{...0L 0x0500: e390 c94a 6deb db7f a33d fde5 2fa9 1866 ...Jm....=../..f 0x0510: 6967 c833 d854 e736 7dd4 27f2 0e16 0303 ig.3.T.6}.'..... 0x0520: 0004 0e00 0000 ...... 21:24:09.661930 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 269:395, ack 4353, win 304, options [nop,nop,TS val 3504675 ecr 2131612091], length 126: SMTP 0x0000: 4500 00b2 97c0 4000 4006 9e21 0a20 0140 E.....@.@..!...@ 0x0010: 40e9 b81b c71e 0019 5a12 eec4 ed85 907f @.......Z....... 0x0020: 8018 0130 0509 0000 0101 080a 0035 7a23 ...0.........5z# 0x0030: 7f0d d1bb 1603 0300 4610 0000 4241 04d8 ........F...BA.. 0x0040: 65c1 d4b7 d7b9 6ef8 e92b 5c02 27ed 863f e.....n..+\.'..? 0x0050: 6625 787b cad3 b552 6197 ae11 b0e5 15fd f%x{...Ra....... 0x0060: d19e b6bb 8b35 7ff1 1007 b89e d205 b200 .....5.......... 0x0070: 6d65 76b7 74b4 0b34 c92e 518e b284 6914 mev.t..4..Q...i. 0x0080: 0303 0001 0116 0303 0028 0000 0000 0000 .........(...... 0x0090: 0000 eb64 89b7 251b 0934 3831 8fad df3c ...d..%..481...< 0x00a0: 4e88 1150 7996 a021 0866 60ad b8d4 7055 N..Py..!.f`...pU 0x00b0: e70e .. 21:24:09.674943 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 4353:4637, ack 395, win 170, options [nop,nop,TS val 2131612107 ecr 3504675], length 284: SMTP 0x0000: 4500 0150 c48f 0000 2b06 c5b4 40e9 b81b E..P....+...@... 0x0010: 0a20 0140 0019 c71e ed85 907f 5a12 ef42 ...@........Z..B 0x0020: 8018 00aa 45f8 0000 0101 080a 7f0d d1cb ....E........... 0x0030: 0035 7a23 1603 0300 e404 0000 e000 0189 .5z#............ 0x0040: c000 da00 d71d 83f2 7c45 c882 7413 0a36 ........|E..t..6 0x0050: 659a 75ea 0373 a581 a5c4 848a 6086 53bb e.u..s......`.S. 0x0060: 1581 b776 d089 0251 e8d9 801c df02 ebf2 ...v...Q........ 0x0070: 79f4 73f1 5b52 a694 78ab 6e4a 16c7 be24 y.s.[R..x.nJ...$ 0x0080: a6a0 189b 6fcf 685c b281 a5ae ff47 175a ....o.h\.....G.Z 0x0090: 50a6 afa6 7a9c e7b1 94d8 f92e b811 8a8d P...z........... 0x00a0: d67f ee2b de9b f220 2de3 4e71 424a 1e04 ...+....-.NqBJ.. 0x00b0: 0270 c48c 915d b520 4ace 7275 2d55 5f57 .p...]..J.ru-U_W 0x00c0: be00 7af9 8631 d298 859d f852 332f e856 ..z..1.....R3/.V 0x00d0: 6a57 682e b726 9b95 08d0 51b7 d5da 9e59 jWh..&....Q....Y 0x00e0: 251c 6dfb 838d 62dd ffc3 581c 836d dc64 %.m...b...X..m.d 0x00f0: d282 b3e6 7e75 8e33 5d35 f306 8b83 85c7 ....~u.3]5...... 0x0100: c9e9 173b 356c 4d98 e54f 6d4e b56c 5b5b ...;5lM..OmN.l[[ 0x0110: 2d39 0522 1d78 d1ab ba51 99a6 7a14 0303 -9.".x...Q..z... 0x0120: 0001 0116 0303 0028 0000 0000 0000 0000 .......(........ 0x0130: cba3 3808 a404 85f1 29c1 13dd 0a1a fee2 ..8.....)....... 0x0140: 11c7 fde4 c2d4 8e54 107d 384b c9f6 6973 .......T.}8K..is 21:24:09.677301 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 395:450, ack 4637, win 326, options [nop,nop,TS val 3504678 ecr 2131612107], length 55: SMTP 0x0000: 4500 006b 97c1 4000 4006 9e67 0a20 0140 E..k..@.@..g...@ 0x0010: 40e9 b81b c71e 0019 5a12 ef42 ed85 919b @.......Z..B.... 0x0020: 8018 0146 04c2 0000 0101 080a 0035 7a26 ...F.........5z& 0x0030: 7f0d d1cb 1703 0300 3200 0000 0000 0000 ........2....... 0x0040: 014b bee3 7aa8 ea1f 7e6d b678 e513 ce35 .K..z...~m.x...5 0x0050: 99ab 1083 5592 7c60 c81e 56ae 95e4 1d92 ....U.|`..V..... 0x0060: 0538 3278 754e 6e28 f30c e4 .82xuNn(... 21:24:09.690607 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 4637:4821, ack 450, win 170, options [nop,nop,TS val 2131612123 ecr 3504678], length 184: SMTP 0x0000: 4500 00ec c49c 0000 2b06 c60b 40e9 b81b E.......+...@... 0x0010: 0a20 0140 0019 c71e ed85 919b 5a12 ef79 ...@........Z..y 0x0020: 8018 00aa 9b47 0000 0101 080a 7f0d d1db .....G.......... 0x0030: 0035 7a26 1703 0300 b300 0000 0000 0000 .5z&............ 0x0040: 018f fb68 7a25 4ccf 2072 b912 676e 2674 ...hz%L..r..gn&t 0x0050: 9365 d5ff 2c0f eee3 ebaa 3ae3 03ff 84d4 .e..,.....:..... 0x0060: 1052 6dde 275b f26c 5a27 7e0b a351 e157 .Rm.'[.lZ'~..Q.W 0x0070: 1f3f 546e c1e0 a1bc 2394 ffbf 9e3c bdce .?Tn....#....<.. 0x0080: 217c 00e9 eca6 2016 ac76 a4ab f1e5 c629 !|.......v.....) 0x0090: 296f 8aeb a853 b21f 6dd9 32e4 e056 fbc4 )o...S..m.2..V.. 0x00a0: 7136 1101 6b21 1bca 12f0 5c92 aaf8 f9af q6..k!....\..... 0x00b0: 5bf0 4a8b df45 6751 a9d5 23cd 4cc1 9889 [.J..EgQ..#.L... 0x00c0: 28ba 63ce d0af 758c 8ce6 3f3d 9211 3984 (.c...u...?=..9. 0x00d0: a157 fd2b 2940 a0f6 f6a6 a489 5393 2a00 .W.+)@......S.*. 0x00e0: 007a e00c 1a4d a3e2 9dee 58ff .z...M....X. 21:24:09.690692 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 450:550, ack 4821, win 348, options [nop,nop,TS val 3504682 ecr 2131612123], length 100: SMTP 0x0000: 4500 0098 97c2 4000 4006 9e39 0a20 0140 E.....@.@..9...@ 0x0010: 40e9 b81b c71e 0019 5a12 ef79 ed85 9253 @.......Z..y...S 0x0020: 8018 015c 04ef 0000 0101 080a 0035 7a2a ...\.........5z* 0x0030: 7f0d d1db 1703 0300 5f00 0000 0000 0000 ........_....... 0x0040: 02c1 e306 d6a4 3895 ddae 6725 20b5 8941 ......8...g%...A 0x0050: 1acd 5866 e321 95fb b043 5e1b 2a52 dd47 ..Xf.!...C^.*R.G 0x0060: f088 b31f f2ec 68dd 4af4 c34f 6399 9378 ......h.J..Oc..x 0x0070: 829b cbcc d701 37e6 b544 3d3d d855 cdd2 ......7..D==.U.. 0x0080: 8de0 264f 74c3 a8e9 8749 7c18 0e37 62a7 ..&Ot....I|..7b. 0x0090: 9a69 e5d5 d817 11a0 .i...... 21:24:09.703688 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 4821:4890, ack 550, win 170, options [nop,nop,TS val 2131612136 ecr 3504682], length 69: SMTP 0x0000: 4500 0079 c4a9 0000 2b06 c671 40e9 b81b E..y....+..q@... 0x0010: 0a20 0140 0019 c71e ed85 9253 5a12 efdd ...@.......SZ... 0x0020: 8018 00aa f722 0000 0101 080a 7f0d d1e8 .....".......... 0x0030: 0035 7a2a 1703 0300 4000 0000 0000 0000 .5z*....@....... 0x0040: 0281 b66d e628 7596 9040 c0b3 ecb3 4ec0 ...m.(u..@....N. 0x0050: 5215 61a2 e104 4693 cb7b fbd4 1fcd 1d80 R.a...F..{...... 0x0060: e2f5 00da 8365 45c1 f964 9e0a a2d0 19d3 .....eE..d...... 0x0070: ea4a df12 1333 5c45 09 .J...3\E. 21:24:09.741467 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [.], ack 4890, win 348, options [nop,nop,TS val 3504695 ecr 2131612136], length 0 0x0000: 4500 0034 97c3 4000 4006 9e9c 0a20 0140 E..4..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 efdd ed85 9298 @.......Z....... 0x0020: 8010 015c 048b 0000 0101 080a 0035 7a37 ...\.........5z7 0x0030: 7f0d d1e8 .... 21:24:09.965413 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 4890:4959, ack 550, win 170, options [nop,nop,TS val 2131612398 ecr 3504695], length 69: SMTP 0x0000: 4500 0079 c535 0000 2b06 c5e5 40e9 b81b E..y.5..+...@... 0x0010: 0a20 0140 0019 c71e ed85 9298 5a12 efdd ...@........Z... 0x0020: 8018 00aa 80a3 0000 0101 080a 7f0d d2ee ................ 0x0030: 0035 7a37 1703 0300 4000 0000 0000 0000 .5z7....@....... 0x0040: 03fd 9919 1f78 a702 f6a4 b05e e986 41b2 .....x.....^..A. 0x0050: 3646 9136 935c 984f 996e c6ba 2ad0 9d24 6F.6.\.O.n..*..$ 0x0060: 8a1f a6fc 92c3 0b19 81b6 41a4 6fee a104 ..........A.o... 0x0070: c317 08c3 a70c acc8 25 ........% 21:24:09.965440 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [.], ack 4959, win 348, options [nop,nop,TS val 3504751 ecr 2131612398], length 0 0x0000: 4500 0034 97c4 4000 4006 9e9b 0a20 0140 E..4..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 efdd ed85 92dd @.......Z....... 0x0020: 8010 015c 048b 0000 0101 080a 0035 7a6f ...\.........5zo 0x0030: 7f0d d2ee .... 21:24:09.965442 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 4959:5029, ack 550, win 170, options [nop,nop,TS val 2131612398 ecr 3504695], length 70: SMTP 0x0000: 4500 007a c536 0000 2b06 c5e3 40e9 b81b E..z.6..+...@... 0x0010: 0a20 0140 0019 c71e ed85 92dd 5a12 efdd ...@........Z... 0x0020: 8018 00aa b2bf 0000 0101 080a 7f0d d2ee ................ 0x0030: 0035 7a37 1703 0300 4100 0000 0000 0000 .5z7....A....... 0x0040: 0484 a860 06ef 2ced 51d0 da7d 569e 316e ...`..,.Q..}V.1n 0x0050: 3617 a738 e327 8f8c 5c06 9b13 cbac 0e58 6..8.'..\......X 0x0060: 60c0 7de2 efc9 0b15 f1e9 5b97 148d 21a7 `.}.......[...!. 0x0070: ed92 ee79 1a2c c34b 38af ...y.,.K8. 21:24:09.965444 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [.], ack 5029, win 348, options [nop,nop,TS val 3504751 ecr 2131612398], length 0 0x0000: 4500 0034 97c5 4000 4006 9e9a 0a20 0140 E..4..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 efdd ed85 9323 @.......Z......# 0x0020: 8010 015c 048b 0000 0101 080a 0035 7a6f ...\.........5zo 0x0030: 7f0d d2ee .... 21:24:09.965524 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 550:912, ack 5029, win 348, options [nop,nop,TS val 3504751 ecr 2131612398], length 362: SMTP 0x0000: 4500 019e 97c6 4000 4006 9d2f 0a20 0140 E.....@.@../...@ 0x0010: 40e9 b81b c71e 0019 5a12 efdd ed85 9323 @.......Z......# 0x0020: 8018 015c 05f5 0000 0101 080a 0035 7a6f ...\.........5zo 0x0030: 7f0d d2ee 1703 0301 6500 0000 0000 0000 ........e....... 0x0040: 032b 5cdb 66ae 232b 31ec ca8f 1ec4 f476 .+\.f.#+1......v 0x0050: 6cc3 2319 7a65 b17a 964d 6cd0 871e 8097 l.#.ze.z.Ml..... 0x0060: eac3 e405 31a6 c4ba 72ea 3070 d7ac 49fe ....1...r.0p..I. 0x0070: 68c4 e5a9 7e05 f927 7c2c 6fc3 f85f a3d4 h...~..'|,o.._.. 0x0080: c14c 221d 8711 b7a4 07d9 cc5d 9332 8356 .L"........].2.V 0x0090: db88 f539 7803 3eb4 4d65 e9e8 6e50 fbf5 ...9x.>.Me..nP.. 0x00a0: 6933 d779 05cb 614e b147 73fd 84ee 15d9 i3.y..aN.Gs..... 0x00b0: 6e40 c9c6 fab8 050a cb0a e62e 225c e215 n@.........."\.. 0x00c0: 6c2b a9a9 d4e3 4dfc 2748 e6c6 36fd ef19 l+....M.'H..6... 0x00d0: 0676 7905 a2fa a1c2 0e8d bfd5 aa5e bcbb .vy..........^.. 0x00e0: cb04 3d02 a27f 529e 7cbf 7071 6b69 9177 ..=...R.|.pqki.w 0x00f0: 292e 290a 38a7 2010 7173 35b4 b096 4932 ).).8...qs5...I2 0x0100: efa7 8fc6 f444 fac8 fa5d 2597 fd26 993b .....D...]%..&.; 0x0110: ac0d 7675 194b 13cb b2a6 83cc d262 6b6e ..vu.K.......bkn 0x0120: 9f93 aae7 4c01 f2c0 471a c831 7276 8559 ....L...G..1rv.Y 0x0130: 2559 d16e 020f df65 9633 2664 e063 7f55 %Y.n...e.3&d.c.U 0x0140: 0f23 3f38 0dc0 7563 83b0 9b5a 9975 b702 .#?8..uc...Z.u.. 0x0150: 1ae3 c6a4 35e1 98ea d952 7252 807c 8c25 ....5....RrR.|.% 0x0160: e142 e95e 08b3 12b6 477a bdcc 02af 0dc8 .B.^....Gz...... 0x0170: 3734 c8b7 8f50 0bbd f5b1 58fc 1b6d 3df2 74...P....X..m=. 0x0180: d405 b717 c4cf 542a d5dc be10 9a31 6259 ......T*.....1bY 0x0190: a518 aca9 cb68 b54f 8edb f15a 3f87 .....h.O...Z?. 21:24:10.018261 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [.], ack 912, win 175, options [nop,nop,TS val 2131612451 ecr 3504751], length 0 0x0000: 4500 0034 c564 0000 2b06 c5fb 40e9 b81b E..4.d..+...@... 0x0010: 0a20 0140 0019 c71e ed85 9323 5a12 f147 ...@.......#Z..G 0x0020: 8010 00af 1199 0000 0101 080a 7f0d d323 ...............# 0x0030: 0035 7a6f .5zo 21:24:10.100784 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [P.], seq 5029:5109, ack 912, win 175, options [nop,nop,TS val 2131612533 ecr 3504751], length 80: SMTP 0x0000: 4500 0084 c57d 0000 2b06 c592 40e9 b81b E....}..+...@... 0x0010: 0a20 0140 0019 c71e ed85 9323 5a12 f147 ...@.......#Z..G 0x0020: 8018 00af b3ee 0000 0101 080a 7f0d d375 ...............u 0x0030: 0035 7a6f 1703 0300 4b00 0000 0000 0000 .5zo....K....... 0x0040: 05e7 8dde 3fa3 2820 4e0b ea77 8fdf 496d ....?.(.N..w..Im 0x0050: b473 8e6d 50df 24db 2979 a79a 7de9 09f3 .s.mP.$.)y..}... 0x0060: 9f95 8894 57d6 fbb1 9375 1c83 0d23 73b3 ....W....u...#s. 0x0070: 4727 b85c d8b8 5b13 c4ec 4671 6fe6 d011 G'.\..[...Fqo... 0x0080: 4dfe 5ff1 M._. 21:24:10.107097 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [P.], seq 912:947, ack 5109, win 348, options [nop,nop,TS val 3504786 ecr 2131612533], length 35: SMTP 0x0000: 4500 0057 97c7 4000 4006 9e75 0a20 0140 E..W..@.@..u...@ 0x0010: 40e9 b81b c71e 0019 5a12 f147 ed85 9373 @.......Z..G...s 0x0020: 8018 015c 04ae 0000 0101 080a 0035 7a92 ...\.........5z. 0x0030: 7f0d d375 1703 0300 1e00 0000 0000 0000 ...u............ 0x0040: 0415 de72 39c8 9672 0a53 8f74 72fd 3a82 ...r9..r.S.tr.:. 0x0050: 7fa1 c128 768d 8b ...(v.. 21:24:10.107123 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [FP.], seq 947:978, ack 5109, win 348, options [nop,nop,TS val 3504786 ecr 2131612533], length 31: SMTP 0x0000: 4500 0053 97c8 4000 4006 9e78 0a20 0140 E..S..@.@..x...@ 0x0010: 40e9 b81b c71e 0019 5a12 f16a ed85 9373 @.......Z..j...s 0x0020: 8019 015c 04aa 0000 0101 080a 0035 7a92 ...\.........5z. 0x0030: 7f0d d375 1503 0300 1a00 0000 0000 0000 ...u............ 0x0040: 0592 4b16 49be a5ef 24a3 816c 37f0 cc99 ..K.I...$..l7... 0x0050: 47c7 a0 G.. 21:24:10.119688 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [.], ack 947, win 175, options [nop,nop,TS val 2131612552 ecr 3504786], length 0 0x0000: 4500 0034 c58c 0000 2b06 c5d3 40e9 b81b E..4....+...@... 0x0010: 0a20 0140 0019 c71e ed85 9373 5a12 f16a ...@.......sZ..j 0x0020: 8010 00af 109e 0000 0101 080a 7f0d d388 ................ 0x0030: 0035 7a92 .5z. 21:24:10.119932 IP 64.233.184.27.25 > 10.32.1.64.50974: Flags [F.], seq 5109, ack 979, win 175, options [nop,nop,TS val 2131612553 ecr 3504786], length 0 0x0000: 4500 0034 c58d 0000 2b06 c5d2 40e9 b81b E..4....+...@... 0x0010: 0a20 0140 0019 c71e ed85 9373 5a12 f18a ...@.......sZ... 0x0020: 8011 00af 107c 0000 0101 080a 7f0d d389 .....|.......... 0x0030: 0035 7a92 .5z. 21:24:10.119946 IP 10.32.1.64.50974 > 64.233.184.27.25: Flags [.], ack 5110, win 348, options [nop,nop,TS val 3504789 ecr 2131612553], length 0 0x0000: 4500 0034 97c9 4000 4006 9e96 0a20 0140 E..4..@.@......@ 0x0010: 40e9 b81b c71e 0019 5a12 f18a ed85 9374 @.......Z......t 0x0020: 8010 015c 048b 0000 0101 080a 0035 7a95 ...\.........5z. 0x0030: 7f0d d389