I need help to interprete this pcap file. The connection goes through a fortigate 1200D firewall to call an API over the internet. There is natting going on too!
1 Like
Hi Polz, the only thing unusual here is what the Wireshark expert has identified: there are packets missing from this capture, but they reached their destination. At packet 1618 the server closes the session with Seq 5467, and in 1619 the Ack is 5468 (+1 to Ack the FIN). The time difference is short, implying that the client is not waiting for the 1162 bytes apparently transmitted between packets 1617 and 1618 (difference in Seq values). That would be the reply to the API query in 1616.