Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.

Limit device access to specific domains and IPs

Hi,

I’m using XG for a week now on my home network after switching from UTM which I used for 13years. I’m pleasantly surprised how nice XG is, in my case it’s much faster than UTM was but I’m still learning the new logic.
Right now I would like to limit the internet access of my home devices /NAS, Smart TV, Receiver, etc./ to the necessary domains and I’m having problems doing that.
On UTM I used web filtering, with a default block everything filter action, I watched the live log while for example trying the watch a clip on Youtube on my Smart TV and allowed the domains it needed to work.

On XG I tried to achieve the same with firewall rules but for some reason I can’t get it working. I created a rule like this:


Name: Device block
Action: Drop
Source zone: Home Lan
Source devices: Chromecast, Denon X2300, Samsung SmartTv, NAS, etc.
Destination zone: WAN
Destination networks and services: Any

Then I added an exclusion

Source zone: Home Lan
Source devices: Chromecast, Denon X2300, Samsung SmartTv, NAS, etc.
Destination zone: WAN
Destination networks: added the same URLs I used on UTM as FQDN hosts

What happens is that on the TV the Youtube app starts up, I can see the clips, I can browse and search but if I try to watch a video I only receive a black loading screen and nothing happens. Basically, it’s the same if I try to cast a movie from Plex on my Synology NAS to Chromecast /it’s used with a non-smart TV/, I just got a black screen. If I turn the rule off everything works.
I tried the live log on the admin page but it doesn’t seem very live to me, I tried to use Packet capture where I could find some traffic going to the TV but there where no blocks just consumed packets.

What could be the problem here? Is there a way to dig more deeply in the logs? I tried tail on some logs on the advanced shell but found only static entries.

Thanks in advance

  • Hi,

    the XG is different to the UTM in firewall rule setup and policies.

    You do not need your top rule because if an IP addresses does not match any that are in the rule they will be blocked by default. Did you enable logging in your rule?

    I would recommend not to use ANY as a service group, but use specific services or range of services.

    Ian

  • In reply to rfcat_vk:

    Thanks for the response. The drop rule was made because I have another allow rule for the Home Lan zone under this one which allows all devices a WAN connection. The reason for that is that this zone includes multiple other devices /laptops, tablets, phones/ I don’t want to block. Or is there an other way to achieve this?

    Logging is enabled

  • In reply to C F:

    Hi,

    your basic allow rule would be

    Source LAN -> list of devices you want to allow out -> destination WAN -> FQDN list -> port ranges -> log.

    Assumes you are using the WEB proxy and assuming you are using V18?

    Then you need to create web exceptions in the WEB -> Exceptions tab, but remember that these exceptions apply to all firewall rules or alternatively you can create web policy and apply it to this rule but you will need use http enabled.

    Ian

  • In reply to rfcat_vk:

    Hi,

    I’m running v18 and I’m using custom web policies also app filter. I tested both and they are working. The reason why I need a default allow ANY devices rule is because I don’t have all the connected hosts set in XG so these unset hosts’s internet access would be blocked.
    Why do I need a WEB Exception? I only want to limit the internet access of some devices in a zone and I don’t see how this could help.

    Now I created two rules, one to allow the traffic from the devices to the FQDN group and below that an ANY block. It is still not working just the Youtube loading screen appears, no violations in the live log.

  • In reply to C F:

    Hi,

    we are flying blind without seeing all your firewall rules.

    You will need an exception to get facebook to work. Something like this.

    Ian

  • In reply to rfcat_vk:

    As I wrote, the firewall logs showed no errors. But now it seems to be working. What I did: just rebooted the server..


    Actually this is the second time since I’m using XG that something like this happened to me, on the first day I made some changes to the email scanning in the rule which controls my PC’s connection and after that I couldn’t access the internet. I reverted the changes  - which were not related to internet access – but nothing.
    In the policy tester I saw the drop and that no rules were applied, while the rule was there it was active and it was working before. I couldn’t figure out what the problem was so after an hour of playing in a desperate move I deleted the rule and recreated it with the exact same settings. Suddenly everything was back to normal.

  • In reply to C F:

    It seems I was too fast, some videos are working but most are not.

    The top two rules in the Traffic to WAN group look like this now:

    1. Name: Device Allow
    Action: Accept
    Source zone: Home LAN
    Source devices: Chromecast, Denon X2300, Samsung SmartTv, NAS
    Destination zone: WAN
    Destination networks: The FQDN hosts that worked in UTM
    Services: ANY

    2. Name: Device block
    Action: Drop
    Source zone: Home LAN
    Source devices: Chromecast, Denon X2300, Samsung SmartTv, NAS
    Destination zone: WAN
    Destination networks:ANY
    Services: ANY

    I see two strange things in the live log, first a lot of Invalid traffic entries coming from the TV’s IP I’m trying to play Youtube videos.




    The second one:

    11 is the Device block rule . How can this rule be Allowed and Denied if it’s a basic drop rule? And why is no Out interface for some requests?


  • In reply to C F:

    Can you capture the packets from a couple devices and post them here.

     

    https://community.sophos.com/kb/en-us/127647

  • In reply to C F:

    Hi,

    rule 11 lookalike it is using the HTTP proxy and does not have drop traffic enabled that is why you don't see the outgoing port. Rule effectiveness is depent where on the rule search path eg a block rule has to be higher up the rule search path.

    The others are a mix of broadcast traffic which is not passed by the firewall and rule 0 drops are either timed out connections or connection attempts with no matching rules.

    Ian

  • In reply to Badrobot:

    This was captured when I wanted to start a video and got stuck at the loading screen:


    11:46:56.212329 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 427707:429125, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1418
    11:46:56.212333 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [P.], seq 429125:430523, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1398
    11:46:56.212416 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 455278:456696, ack 11361, win 329, options [nop,nop,TS val 1933710957 ecr 2765143], length 1418
    11:46:56.212420 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 456696:458114, ack 11361, win 329, options [nop,nop,TS val 1933710957 ecr 2765143], length 1418
    11:46:56.212423 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [P.], seq 458114:459517, ack 11361, win 329, options [nop,nop,TS val 1933710957 ecr 2765143], length 1403
    11:46:56.212427 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [P.], seq 222082:223495, ack 7176, win 296, options [nop,nop,TS val 3532900955 ecr 2765143], length 1413
    11:46:56.212462 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 223495:224913, ack 7176, win 296, options [nop,nop,TS val 3532900955 ecr 2765143], length 1418
    11:46:56.212514 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [P.], seq 224913:226321, ack 7176, win 296, options [nop,nop,TS val 3532900955 ecr 2765143], length 1408
    11:46:56.212519 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 430523:431941, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1418
    11:46:56.212524 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 431941:433359, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1418
    11:46:56.212526 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 433359:434777, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1418
    11:46:56.212530 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 434777:436195, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1418
    11:46:56.212532 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 436195:437613, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1418
    11:46:56.212562 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [P.], seq 437613:439001, ack 11361, win 329, options [nop,nop,TS val 2169697813 ecr 2765143], length 1388
    11:46:56.212568 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 794666:796084, ack 18659, win 385, options [nop,nop,TS val 1933710958 ecr 2765142], length 1418
    11:46:56.212572 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 796084:797502, ack 18659, win 385, options [nop,nop,TS val 1933710958 ecr 2765142], length 1418
    11:46:56.212576 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 797502:798920, ack 18659, win 385, options [nop,nop,TS val 1933710958 ecr 2765142], length 1418
    11:46:56.212609 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [P.], seq 798920:800318, ack 18659, win 385, options [nop,nop,TS val 1933710958 ecr 2765142], length 1398
    11:46:56.212615 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 226321:227739, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212619 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [P.], seq 227739:229147, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1408
    11:46:56.212622 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 459517:460935, ack 11361, win 329, options [nop,nop,TS val 1933710958 ecr 2765143], length 1418
    11:46:56.212659 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 460935:462353, ack 11361, win 329, options [nop,nop,TS val 1933710958 ecr 2765143], length 1418
    11:46:56.212664 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 462353:463771, ack 11361, win 329, options [nop,nop,TS val 1933710958 ecr 2765143], length 1418
    11:46:56.212668 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 463771:465189, ack 11361, win 329, options [nop,nop,TS val 1933710958 ecr 2765143], length 1418
    11:46:56.212673 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 465189:466607, ack 11361, win 329, options [nop,nop,TS val 1933710958 ecr 2765143], length 1418
    11:46:56.212706 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [.], seq 466607:468025, ack 11361, win 329, options [nop,nop,TS val 1933710958 ecr 2765143], length 1418
    11:46:56.212711 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39904: Flags [P.], seq 468025:469360, ack 11361, win 329, options [nop,nop,TS val 1933710958 ecr 2765143], length 1335
    11:46:56.212715 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 229147:230565, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212719 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 230565:231983, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212759 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [P.], seq 231983:233386, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1403
    11:46:56.212806 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 439001:440419, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.212855 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 440419:441837, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.212859 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 441837:443255, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.212861 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [P.], seq 443255:444653, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1398
    11:46:56.212865 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [P.], seq 141275:142688, ack 5502, win 283, options [nop,nop,TS val 2824626117 ecr 2765143], length 1413
    11:46:56.212869 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 233386:234804, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212905 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 234804:236222, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212910 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 236222:237640, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212913 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 237640:239058, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212917 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 239058:240476, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.212920 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [P.], seq 240476:241864, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1388
    11:46:56.212952 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 142688:144106, ack 5502, win 283, options [nop,nop,TS val 2824626117 ecr 2765143], length 1418
    11:46:56.212957 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [P.], seq 144106:145514, ack 5502, win 283, options [nop,nop,TS val 2824626117 ecr 2765143], length 1408
    11:46:56.212960 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 499294:500712, ack 13637, win 346, options [nop,nop,TS val 1933710958 ecr 2765142], length 1418
    11:46:56.212964 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 500712:502130, ack 13637, win 346, options [nop,nop,TS val 1933710958 ecr 2765142], length 1418
    11:46:56.213000 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 502130:503548, ack 13637, win 346, options [nop,nop,TS val 1933710958 ecr 2765142], length 1418
    11:46:56.213006 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [P.], seq 503548:504946, ack 13637, win 346, options [nop,nop,TS val 1933710958 ecr 2765142], length 1398
    11:46:56.213009 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 444653:446071, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213013 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 446071:447489, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213049 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 447489:448907, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213054 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [P.], seq 448907:450305, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1398
    11:46:56.213058 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [P.], seq 145514:146927, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1413
    11:46:56.213062 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 146927:148345, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213097 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [P.], seq 148345:149753, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1408
    11:46:56.213148 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 241864:243282, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.213198 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 243282:244700, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.213201 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [P.], seq 244700:246103, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1403
    11:46:56.213203 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 149753:151171, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213206 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 151171:152589, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213208 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 152589:154007, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213211 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [P.], seq 154007:155405, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1398
    11:46:56.213222 Port3, IN: IP 192.168.20.70.39909 > 172.217.18.86.443: Flags [.], ack 794666, win 327, options [nop,nop,TS val 2765144 ecr 1933710956], length 0
    11:46:56.213226 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 496468, win 327, options [nop,nop,TS val 2765144 ecr 1933710956], length 0
    11:46:56.213245 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 450305:451723, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213249 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 451723:453141, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213253 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 453141:454559, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213257 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 454559:455977, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213295 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 455977:457395, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213299 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 457395:458813, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1418
    11:46:56.213303 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 458813:460174, ack 11361, win 329, options [nop,nop,TS val 2169697814 ecr 2765143], length 1361
    11:46:56.213306 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 246103:247521, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.213352 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 247521:248939, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.213357 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 248939:250357, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.213360 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [.], seq 250357:251775, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 1418
    11:46:56.213365 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39903: Flags [P.], seq 251775:252112, ack 7176, win 296, options [nop,nop,TS val 3532900956 ecr 2765143], length 337
    11:46:56.213440 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 155405:156823, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213445 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 156823:158241, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213494 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 158241:159659, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213500 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 159659:161077, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213504 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 161077:162495, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213509 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 162495:163913, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213513 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 163913:165331, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213516 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 165331:166749, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1418
    11:46:56.213545 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [P.], seq 166749:168122, ack 5502, win 283, options [nop,nop,TS val 2824626118 ecr 2765143], length 1373
    11:46:56.213963 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 168122:169540, ack 5502, win 283, options [nop,nop,TS val 2824626119 ecr 2765143], length 1418
    11:46:56.214013 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 169540:170958, ack 5502, win 283, options [nop,nop,TS val 2824626119 ecr 2765143], length 1418
    11:46:56.214017 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 170958:172376, ack 5502, win 283, options [nop,nop,TS val 2824626119 ecr 2765143], length 1418
    11:46:56.214019 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [.], seq 172376:173794, ack 5502, win 283, options [nop,nop,TS val 2824626119 ecr 2765143], length 1418
    11:46:56.214021 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39902: Flags [P.], seq 173794:174467, ack 5502, win 283, options [nop,nop,TS val 2824626119 ecr 2765143], length 673
    11:46:56.214066 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 669994:671412, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214072 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 671412:672830, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214075 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 672830:674248, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214079 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 674248:675666, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214083 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 675666:677084, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214118 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 677084:678502, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214123 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 678502:679920, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214127 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 679920:681338, ack 16148, win 365, options [nop,nop,TS val 3532900957 ecr 2765142], length 1418
    11:46:56.214409 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 662934, win 292, options [nop,nop,TS val 2765144 ecr 3532900955], length 0
    11:46:56.214464 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 664352, win 285, options [nop,nop,TS val 2765144 ecr 3532900955], length 0
    11:46:56.215101 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 504946:506364, ack 13637, win 346, options [nop,nop,TS val 1933710960 ecr 2765142], length 1418
    11:46:56.215154 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 506364:507782, ack 13637, win 346, options [nop,nop,TS val 1933710960 ecr 2765142], length 1418
    11:46:56.215157 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 507782:509200, ack 13637, win 346, options [nop,nop,TS val 1933710960 ecr 2765142], length 1418
    11:46:56.215160 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 509200:510618, ack 13637, win 346, options [nop,nop,TS val 1933710960 ecr 2765142], length 1418
    11:46:56.215163 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 510618:512036, ack 13637, win 346, options [nop,nop,TS val 1933710960 ecr 2765142], length 1418
    11:46:56.215166 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 512036:513454, ack 13637, win 346, options [nop,nop,TS val 1933710960 ecr 2765142], length 1418
    11:46:56.215207 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 513454:514872, ack 13637, win 346, options [nop,nop,TS val 1933710960 ecr 2765142], length 1418
    11:46:56.215530 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 800318:801736, ack 18659, win 385, options [nop,nop,TS val 1933710961 ecr 2765142], length 1418
    11:46:56.215583 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 801736:803154, ack 18659, win 385, options [nop,nop,TS val 1933710961 ecr 2765142], length 1418
    11:46:56.215587 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 803154:804572, ack 18659, win 385, options [nop,nop,TS val 1933710961 ecr 2765142], length 1418
    11:46:56.215589 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 804572:805990, ack 18659, win 385, options [nop,nop,TS val 1933710961 ecr 2765142], length 1418
    11:46:56.215592 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 805990:807408, ack 18659, win 385, options [nop,nop,TS val 1933710961 ecr 2765142], length 1418
    11:46:56.215594 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 807408:808826, ack 18659, win 385, options [nop,nop,TS val 1933710961 ecr 2765142], length 1418
    11:46:56.215638 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 808826:810244, ack 18659, win 385, options [nop,nop,TS val 1933710961 ecr 2765142], length 1418
    11:46:56.215660 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 665770, win 278, options [nop,nop,TS val 2765144 ecr 3532900955], length 0
    11:46:56.216843 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 667188, win 271, options [nop,nop,TS val 2765144 ecr 3532900955], length 0
    11:46:56.217314 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 681338:682756, ack 16148, win 365, options [nop,nop,TS val 3532900960 ecr 2765142], length 1418
    11:46:56.217370 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 682756:684174, ack 16148, win 365, options [nop,nop,TS val 3532900960 ecr 2765142], length 1418
    11:46:56.217374 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 684174:685592, ack 16148, win 365, options [nop,nop,TS val 3532900960 ecr 2765142], length 1418
    11:46:56.217376 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 685592:687010, ack 16148, win 365, options [nop,nop,TS val 3532900960 ecr 2765142], length 1418
    11:46:56.218041 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 668606, win 264, options [nop,nop,TS val 2765144 ecr 3532900955], length 0
    11:46:56.219038 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 514872:516290, ack 13637, win 346, options [nop,nop,TS val 1933710964 ecr 2765142], length 1418
    11:46:56.219092 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 516290:517708, ack 13637, win 346, options [nop,nop,TS val 1933710964 ecr 2765142], length 1418
    11:46:56.219096 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 517708:519126, ack 13637, win 346, options [nop,nop,TS val 1933710964 ecr 2765142], length 1418
    11:46:56.219098 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 519126:520544, ack 13637, win 346, options [nop,nop,TS val 1933710964 ecr 2765142], length 1418
    11:46:56.219102 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 520544:521962, ack 13637, win 346, options [nop,nop,TS val 1933710964 ecr 2765142], length 1418
    11:46:56.219104 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 521962:523380, ack 13637, win 346, options [nop,nop,TS val 1933710964 ecr 2765142], length 1418
    11:46:56.219217 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 669994, win 257, options [nop,nop,TS val 2765144 ecr 3532900955], length 0
    11:46:56.219373 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39923: Flags [P.], seq 600724:601988, ack 20333, win 398, options [nop,nop,TS val 2169697820 ecr 2765143], length 1264
    11:46:56.220423 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 497886, win 320, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.220479 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 499294, win 313, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.220698 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 810244:811662, ack 18659, win 385, options [nop,nop,TS val 1933710966 ecr 2765143], length 1418
    11:46:56.220756 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 811662:813080, ack 18659, win 385, options [nop,nop,TS val 1933710966 ecr 2765143], length 1418
    11:46:56.220759 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 813080:814498, ack 18659, win 385, options [nop,nop,TS val 1933710966 ecr 2765143], length 1418
    11:46:56.220806 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [.], seq 814498:815916, ack 18659, win 385, options [nop,nop,TS val 1933710966 ecr 2765143], length 1418
    11:46:56.220812 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39909: Flags [P.], seq 815916:816410, ack 18659, win 385, options [nop,nop,TS val 1933710966 ecr 2765143], length 494
    11:46:56.221679 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 443974, win 331, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.222854 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 445392, win 327, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.224055 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 446800, win 320, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.224064 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 419219, win 331, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.224068 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 420632, win 327, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.224113 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 422050, win 320, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.224157 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 423458, win 313, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.225210 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 448213, win 313, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.225217 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 449631, win 306, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.225219 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 460174:461592, ack 11361, win 329, options [nop,nop,TS val 2169697826 ecr 2765144], length 1418
    11:46:56.225221 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 451039, win 299, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.225266 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 424871, win 306, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.225272 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 452457, win 292, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.225275 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 453875, win 285, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.225276 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 461592:462488, ack 11361, win 329, options [nop,nop,TS val 2169697826 ecr 2765144], length 896
    11:46:56.225279 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 455278, win 278, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.225282 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 426289, win 299, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.225286 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 427707, win 292, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.226292 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 462488:463906, ack 11361, win 329, options [nop,nop,TS val 2169697827 ecr 2765144], length 1418
    11:46:56.226296 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 463906:464039, ack 11361, win 329, options [nop,nop,TS val 2169697827 ecr 2765144], length 133
    11:46:56.226425 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 429125, win 285, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.226431 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 430523, win 278, options [nop,nop,TS val 2765144 ecr 2169697813], length 0
    11:46:56.226480 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 456696, win 271, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.226486 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 458114, win 264, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.226490 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 459517, win 257, options [nop,nop,TS val 2765144 ecr 1933710957], length 0
    11:46:56.226493 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 223495, win 331, options [nop,nop,TS val 2765144 ecr 3532900955], length 0
    11:46:56.226497 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 224913, win 327, options [nop,nop,TS val 2765145 ecr 3532900955], length 0
    11:46:56.226501 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 226321, win 320, options [nop,nop,TS val 2765145 ecr 3532900955], length 0
    11:46:56.226505 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 431941, win 271, options [nop,nop,TS val 2765145 ecr 2169697813], length 0
    11:46:56.226508 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 433359, win 264, options [nop,nop,TS val 2765145 ecr 2169697813], length 0
    11:46:56.226512 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 434777, win 257, options [nop,nop,TS val 2765145 ecr 2169697813], length 0
    11:46:56.226515 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 436195, win 250, options [nop,nop,TS val 2765145 ecr 2169697813], length 0
    11:46:56.226523 Port3, IN: IP 192.168.20.70.39909 > 172.217.18.86.443: Flags [.], ack 796084, win 320, options [nop,nop,TS val 2765145 ecr 1933710958], length 0
    11:46:56.226530 Port3, IN: IP 192.168.20.70.39909 > 172.217.18.86.443: Flags [.], ack 798920, win 306, options [nop,nop,TS val 2765145 ecr 1933710958], length 0
    11:46:56.227633 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 227739, win 313, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227640 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 229147, win 306, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227643 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 460935, win 250, options [nop,nop,TS val 2765145 ecr 1933710958], length 0
    11:46:56.227647 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 462353, win 243, options [nop,nop,TS val 2765145 ecr 1933710958], length 0
    11:46:56.227650 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 230565, win 299, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227671 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 231983, win 292, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227676 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 233386, win 285, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227680 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 142688, win 331, options [nop,nop,TS val 2765145 ecr 2824626117], length 0
    11:46:56.227683 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 234804, win 278, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227687 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 236222, win 271, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227690 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 237640, win 264, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227693 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 239058, win 257, options [nop,nop,TS val 2765145 ecr 3532900956], length 0
    11:46:56.227697 Port3, IN: IP 192.168.20.70.39903 > 172.217.18.86.443: Flags [.], ack 240476, win 250, options [nop,nop,TS val 2765146 ecr 3532900956], length 0
    11:46:56.227707 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 145514, win 320, options [nop,nop,TS val 2765146 ecr 2824626117], length 0
    11:46:56.227716 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 503548, win 292, options [nop,nop,TS val 2765146 ecr 1933710958], length 0
    11:46:56.228090 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 464039:465457, ack 11361, win 329, options [nop,nop,TS val 2169697829 ecr 2765144], length 1418
    11:46:56.228093 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 465457:465605, ack 11361, win 329, options [nop,nop,TS val 2169697829 ecr 2765144], length 148
    11:46:56.228823 Port3, IN: IP 192.168.20.70.39923 > 172.217.18.86.443: Flags [.], ack 601988, win 207, options [nop,nop,TS val 2765146 ecr 2169697810], length 0
    11:46:56.228830 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 504946, win 285, options [nop,nop,TS val 2765146 ecr 1933710958], length 0
    11:46:56.228833 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 146927, win 313, options [nop,nop,TS val 2765146 ecr 2824626118], length 0
    11:46:56.228892 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 148345, win 306, options [nop,nop,TS val 2765146 ecr 2824626118], length 0
    11:46:56.228899 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 149753, win 299, options [nop,nop,TS val 2765146 ecr 2824626118], length 0
    11:46:56.228903 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 151171, win 292, options [nop,nop,TS val 2765146 ecr 2824626118], length 0
    11:46:56.228906 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 152589, win 285, options [nop,nop,TS val 2765146 ecr 2824626118], length 0
    11:46:56.228909 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 154007, win 278, options [nop,nop,TS val 2765146 ecr 2824626118], length 0
    11:46:56.228913 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 155405, win 271, options [nop,nop,TS val 2765146 ecr 2824626118], length 0
    11:46:56.228916 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 460174, win 130, options [nop,nop,TS val 2765146 ecr 2169697813], length 0
    11:46:56.228920 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 156823, win 264, options [nop,nop,TS val 2765147 ecr 2824626118], length 0
    11:46:56.228924 Port3, IN: IP 192.168.20.70.39904 > 172.217.18.86.443: Flags [.], ack 469360, win 207, options [nop,nop,TS val 2765147 ecr 1933710958], length 0
    11:46:56.228928 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 158241, win 257, options [nop,nop,TS val 2765147 ecr 2824626118], length 0
    11:46:56.228932 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 159659, win 250, options [nop,nop,TS val 2765147 ecr 2824626118], length 0
    11:46:56.228945 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 671412, win 264, options [nop,nop,TS val 2765147 ecr 3532900957], length 0
    11:46:56.228955 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 507782, win 271, options [nop,nop,TS val 2765147 ecr 1933710960], length 0
    11:46:56.228965 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 512036, win 250, options [nop,nop,TS val 2765147 ecr 1933710960], length 0
    11:46:56.228975 Port3, IN: IP 192.168.20.70.39909 > 172.217.18.86.443: Flags [.], ack 803154, win 285, options [nop,nop,TS val 2765147 ecr 1933710961], length 0
    11:46:56.228985 Port3, IN: IP 192.168.20.70.39909 > 172.217.18.86.443: Flags [.], ack 807408, win 264, options [nop,nop,TS val 2765147 ecr 1933710961], length 0
    11:46:56.229524 Port3, IN: IP 192.168.20.70.39923 > 172.217.18.86.443: Flags [.], ack 601988, win 207, options [nop,nop,TS val 2765148 ecr 2169697820,nop,nop,sack 1 {600724:601988}], length 0
    11:46:56.229942 Port3, IN: IP 192.168.20.70.39909 > 172.217.18.86.443: Flags [.], ack 814498, win 229, options [nop,nop,TS val 2765148 ecr 1933710966], length 0
    11:46:56.230019 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 465605:467023, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1418
    11:46:56.230107 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 467023:468441, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1418
    11:46:56.230122 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 687010, win 187, options [nop,nop,TS val 2765148 ecr 3532900957], length 0
    11:46:56.230166 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 468441:469859, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1418
    11:46:56.230172 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 469859:471277, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1418
    11:46:56.230176 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 471277:472695, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1418
    11:46:56.230180 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 472695:474113, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1418
    11:46:56.230212 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 474113:475531, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1418
    11:46:56.230262 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 475531:476814, ack 11361, win 329, options [nop,nop,TS val 2169697831 ecr 2765146], length 1283
    11:46:56.230316 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 523380, win 193, options [nop,nop,TS val 2765148 ecr 1933710960], length 0
    11:46:56.230504 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 465457, win 95, options [nop,nop,TS val 2765148 ecr 2169697826], length 0
    11:46:56.231170 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 687010:688428, ack 16148, win 365, options [nop,nop,TS val 3532900974 ecr 2765148], length 1418
    11:46:56.231193 Port3, IN: IP 192.168.20.70.39902 > 172.217.18.86.443: Flags [.], ack 174467, win 172, options [nop,nop,TS val 2765148 ecr 2824626119], length 0
    11:46:56.231220 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 688428:689846, ack 16148, win 365, options [nop,nop,TS val 3532900974 ecr 2765148], length 1418
    11:46:56.231225 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [.], seq 689846:691264, ack 16148, win 365, options [nop,nop,TS val 3532900974 ecr 2765148], length 1418
    11:46:56.231352 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 523380:524798, ack 13637, win 346, options [nop,nop,TS val 1933710976 ecr 2765148], length 1418
    11:46:56.231571 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 524798:526216, ack 13637, win 346, options [nop,nop,TS val 1933710977 ecr 2765148], length 1418
    11:46:56.231621 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 526216:527634, ack 13637, win 346, options [nop,nop,TS val 1933710977 ecr 2765148], length 1418
    11:46:56.231684 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39908: Flags [P.], seq 691264:691738, ack 16148, win 365, options [nop,nop,TS val 3532900975 ecr 2765148], length 474
    11:46:56.232480 Port3, IN: IP 192.168.20.70.39909 > 172.217.18.86.443: Flags [.], ack 816410, win 215, options [nop,nop,TS val 2765149 ecr 1933710966], length 0
    11:46:56.232667 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 691738, win 159, options [nop,nop,TS val 2765149 ecr 3532900974], length 0
    11:46:56.232751 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 527634:529052, ack 13637, win 346, options [nop,nop,TS val 1933710978 ecr 2765148], length 1418
    11:46:56.232848 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 527634, win 172, options [nop,nop,TS val 2765149 ecr 1933710976], length 0
    11:46:56.233028 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 476814, win 32, options [nop,nop,TS val 2765149 ecr 2169697829], length 0
    11:46:56.234107 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 476814:478232, ack 11361, win 329, options [nop,nop,TS val 2169697835 ecr 2765149], length 1418
    11:46:56.234162 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 478232:479650, ack 11361, win 329, options [nop,nop,TS val 2169697835 ecr 2765149], length 1418
    11:46:56.234166 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 479650:480910, ack 11361, win 329, options [nop,nop,TS val 2169697835 ecr 2765149], length 1260
    11:46:56.234213 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [.], seq 529052:530470, ack 13637, win 346, options [nop,nop,TS val 1933710979 ecr 2765149], length 1418
    11:46:56.234218 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39907: Flags [P.], seq 530470:531089, ack 13637, win 346, options [nop,nop,TS val 1933710979 ecr 2765149], length 619
    11:46:56.236097 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 531089, win 151, options [nop,nop,TS val 2765150 ecr 1933710978], length 0
    11:46:56.236294 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 480910, win 0, options [nop,nop,TS val 2765150 ecr 2169697835], length 0
    11:46:56.267483 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 480910, win 137, options [nop,nop,TS val 2765157 ecr 2169697835], length 0
    11:46:56.269152 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 480910:482328, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.269209 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 482328:483746, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.269215 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 483746:485164, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.269220 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 485164:486582, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.269717 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 486582:488000, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.269760 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 488000:489418, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.269766 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 489418:490836, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.269770 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 490836:492254, ack 11361, win 329, options [nop,nop,TS val 2169697870 ecr 2765157], length 1418
    11:46:56.270221 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 489418, win 95, options [nop,nop,TS val 2765158 ecr 2169697870], length 0
    11:46:56.270729 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 492254:492788, ack 11361, win 329, options [nop,nop,TS val 2169697872 ecr 2765157], length 534
    11:46:56.270852 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 492788:494206, ack 11361, win 329, options [nop,nop,TS val 2169697872 ecr 2765157], length 1418
    11:46:56.270909 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 494206:495624, ack 11361, win 329, options [nop,nop,TS val 2169697872 ecr 2765157], length 1418
    11:46:56.270913 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [.], seq 495624:497042, ack 11361, win 329, options [nop,nop,TS val 2169697872 ecr 2765157], length 1418
    11:46:56.270915 Port3, OUT: IP 172.217.18.86.443 > 192.168.20.70.39905: Flags [P.], seq 497042:497264, ack 11361, win 329, options [nop,nop,TS val 2169697872 ecr 2765157], length 222
    11:46:56.272244 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 497264, win 46, options [nop,nop,TS val 2765159 ecr 2169697870], length 0
    11:46:56.276608 Port3, IN: IP 192.168.20.70.39907 > 172.217.18.86.443: Flags [.], ack 531089, win 331, options [nop,nop,TS val 2765160 ecr 1933710978], length 0
    11:46:56.277042 Port3, IN: IP 192.168.20.70.39908 > 172.217.18.86.443: Flags [.], ack 691738, win 331, options [nop,nop,TS val 2765160 ecr 3532900974], length 0
    11:46:56.280670 Port3, IN: IP 192.168.20.70.39905 > 172.217.18.86.443: Flags [.], ack 497264, win 172, options [nop,nop,TS val 2765161 ecr 2169697870], length 0
    11:46:56.429581 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:46:56.456218 Port3, IN: IP 192.168.20.70.42229 > 77.234.90.142.443: Flags [.], seq 12875:14295, ack 2819676, win 771, options [nop,nop,TS val 2765205 ecr 3642209434], length 1420
    11:46:56.456335 Port3, IN: IP 192.168.20.70.42230 > 77.234.90.142.443: Flags [.], seq 9249:10669, ack 1043718, win 1254, options [nop,nop,TS val 2765205 ecr 3642208119], length 1420
    11:46:57.588325 Port3, IN: IP 192.168.20.70.44542 > 77.234.90.204.443: Flags [.], seq 14528:15948, ack 4000846, win 1329, options [nop,nop,TS val 2765488 ecr 3591202094], length 1420
    11:46:57.928940 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:46:57.928960 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:46:58.124366 Port3, IN: IP 192.168.20.70.42229 > 77.234.90.142.443: Flags [.], seq 12875:14295, ack 2819676, win 771, options [nop,nop,TS val 2765622 ecr 3642209434], length 1420
    11:46:58.124456 Port3, IN: IP 192.168.20.70.42230 > 77.234.90.142.443: Flags [.], seq 9249:10669, ack 1043718, win 1254, options [nop,nop,TS val 2765622 ecr 3642208119], length 1420
    11:46:58.433622 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:46:59.965497 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:46:59.965517 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:46:59.995590 Port3, IN: IP 192.168.20.70.38418 > 192.168.20.255.15600: UDP, length 35
    11:47:00.438140 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:01.428410 Port3, IN: IP 192.168.20.70.34236 > 77.234.90.141.443: Flags [F.], seq 9169, ack 991208, win 771, options [nop,nop,TS val 2766448 ecr 2041325864], length 0
    11:47:01.460559 Port3, IN: IP 192.168.20.70.42229 > 77.234.90.142.443: Flags [.], seq 12875:14295, ack 2819676, win 771, options [nop,nop,TS val 2766456 ecr 3642209434], length 1420
    11:47:01.460673 Port3, IN: IP 192.168.20.70.42230 > 77.234.90.142.443: Flags [.], seq 9249:10669, ack 1043718, win 1254, options [nop,nop,TS val 2766456 ecr 3642208119], length 1420
    11:47:01.989606 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:47:01.989620 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:47:02.163503 Port3, IN: IP 192.168.20.70.57874 > 192.168.20.1.53: 61130+ A? r3---sn-c0q7lnly.googlevideo.com. (50)
    11:47:02.167966 Port3, OUT: IP 192.168.20.1.53 > 192.168.20.70.57874: 61130 2/0/0 CNAME r3.sn-c0q7lnly.googlevideo.com., A 74.125.154.8 (95)
    11:47:02.169453 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags Sleep, seq 1787939143, win 14600, options [mss 1460,sackOK,TS val 2766633 ecr 0,nop,wscale 7], length 0
    11:47:02.169506 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [S.], seq 466420424, ack 1787939144, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    11:47:02.169786 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [.], ack 1, win 115, length 0
    11:47:02.186747 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [P.], seq 1:159, ack 1, win 115, length 158
    11:47:02.186767 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [.], ack 159, win 237, length 0
    11:47:02.188763 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [.], seq 1:1461, ack 159, win 237, length 1460
    11:47:02.188772 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [.], seq 1461:2921, ack 159, win 237, length 1460
    11:47:02.188775 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [P.], seq 2921:3474, ack 159, win 237, length 553
    11:47:02.189176 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [.], ack 1461, win 137, length 0
    11:47:02.189291 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [.], ack 3474, win 169, length 0
    11:47:02.315146 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [P.], seq 159:426, ack 3474, win 169, length 267
    11:47:02.358954 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [.], ack 426, win 245, length 0
    11:47:02.359346 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [P.], seq 426:517, ack 3474, win 169, length 91
    11:47:02.359355 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [.], ack 517, win 245, length 0
    11:47:02.359475 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [P.], seq 3474:3565, ack 517, win 245, length 91
    11:47:02.359653 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [.], ack 3565, win 169, length 0
    11:47:02.372118 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [F.], seq 517, ack 3565, win 169, length 0
    11:47:02.372160 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [P.], seq 3565:3634, ack 518, win 245, length 69
    11:47:02.372193 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37098: Flags [F.], seq 3634, ack 518, win 245, length 0
    11:47:02.372512 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [R], seq 1787939661, win 0, length 0
    11:47:02.372565 Port3, IN: IP 192.168.20.70.37098 > 74.125.154.8.443: Flags [R], seq 1787939661, win 0, length 0
    11:47:02.441844 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:03.412702 Port3, IN: IP 192.168.20.70.44495 > 77.234.90.204.443: Flags [.], seq 21604:23024, ack 3201111, win 1284, options [nop,nop,TS val 2766944 ecr 3591183435], length 1420
    11:47:03.604554 Port3, IN: IP 192.168.20.70.36676 > 77.234.90.144.443: Flags [F.], seq 12795, ack 3046253, win 1005, options [nop,nop,TS val 2766992 ecr 4092314291], length 0
    11:47:04.021123 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:47:04.021134 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:47:04.444256 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:04.666907 Port3, IN: IP 192.168.20.70.51705 > 216.58.214.206.443: Flags [.], seq 336282:337650, ack 481173, win 532, options [nop,nop,TS val 2767257 ecr 112108632], length 1368
    11:47:04.666920 Port3, IN: IP 192.168.20.70.51705 > 216.58.214.206.443: Flags [P.], seq 337650:337951, ack 481173, win 532, options [nop,nop,TS val 2767257 ecr 112108632], length 301
    11:47:04.668766 Port3, OUT: IP 216.58.214.206.443 > 192.168.20.70.51705: Flags [.], ack 337650, win 1050, options [nop,nop,TS val 112117098 ecr 2767257], length 0
    11:47:04.668772 Port3, OUT: IP 216.58.214.206.443 > 192.168.20.70.51705: Flags [.], ack 337951, win 1049, options [nop,nop,TS val 112117098 ecr 2767257], length 0
    11:47:04.691375 Port3, OUT: IP 216.58.214.206.443 > 192.168.20.70.51705: Flags [P.], seq 481173:481818, ack 337951, win 1050, options [nop,nop,TS val 112117120 ecr 2767257], length 645
    11:47:04.691756 Port3, IN: IP 192.168.20.70.51705 > 216.58.214.206.443: Flags [.], ack 481818, win 532, options [nop,nop,TS val 2767263 ecr 112117120], length 0
    11:47:05.763210 Port3, IN: IP 192.168.20.70.42229 > 77.234.90.142.443: Flags [F.], seq 14640, ack 2819676, win 771, options [nop,nop,TS val 2767531 ecr 3642209434], length 0
    11:47:05.787463 Port3, IN: IP 192.168.20.70.42230 > 77.234.90.142.443: Flags [F.], seq 10934, ack 1043718, win 1254, options [nop,nop,TS val 2767537 ecr 3642208119], length 0
    11:47:05.803579 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags Sleep, seq 69226718, win 14600, options [mss 1460,sackOK,TS val 2767541 ecr 0,nop,wscale 7], length 0
    11:47:05.803649 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [S.], seq 950863163, ack 69226719, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    11:47:05.804037 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [.], ack 1, win 115, length 0
    11:47:05.818302 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [P.], seq 1:159, ack 1, win 115, length 158
    11:47:05.818323 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [.], ack 159, win 237, length 0
    11:47:05.818911 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags Sleep, seq 971858976, win 14600, options [mss 1460,sackOK,TS val 2767545 ecr 0,nop,wscale 7], length 0
    11:47:05.818988 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [S.], seq 59246946, ack 971858977, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    11:47:05.819225 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [.], ack 1, win 115, length 0
    11:47:05.820184 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [.], seq 1:1461, ack 159, win 237, length 1460
    11:47:05.820192 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [.], seq 1461:2921, ack 159, win 237, length 1460
    11:47:05.820198 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [P.], seq 2921:3474, ack 159, win 237, length 553
    11:47:05.820591 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [.], ack 1461, win 137, length 0
    11:47:05.820746 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [.], ack 3474, win 169, length 0
    11:47:05.833151 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [P.], seq 1:159, ack 1, win 115, length 158
    11:47:05.833170 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [.], ack 159, win 237, length 0
    11:47:05.835707 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [.], seq 1:1461, ack 159, win 237, length 1460
    11:47:05.835714 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [.], seq 1461:2921, ack 159, win 237, length 1460
    11:47:05.835718 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [P.], seq 2921:3474, ack 159, win 237, length 553
    11:47:05.836156 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [.], ack 1461, win 137, length 0
    11:47:05.836271 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [.], ack 3474, win 169, length 0
    11:47:05.968386 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [P.], seq 159:426, ack 3474, win 169, length 267
    11:47:05.996981 Port3, IN: IP 192.168.20.70.50711 > 192.168.20.255.15600: UDP, length 35
    11:47:06.014937 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [.], ack 426, win 245, length 0
    11:47:06.015283 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [P.], seq 426:517, ack 3474, win 169, length 91
    11:47:06.015293 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [.], ack 517, win 245, length 0
    11:47:06.015420 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [P.], seq 3474:3565, ack 517, win 245, length 91
    11:47:06.015594 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [.], ack 3565, win 169, length 0
    11:47:06.053464 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:47:06.053474 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:47:06.099981 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [P.], seq 159:426, ack 3474, win 169, length 267
    11:47:06.115071 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [F.], seq 517, ack 3565, win 169, length 0
    11:47:06.115125 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [P.], seq 3565:3634, ack 518, win 245, length 69
    11:47:06.115169 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37099: Flags [F.], seq 3634, ack 518, win 245, length 0
    11:47:06.115543 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [R], seq 69227236, win 0, length 0
    11:47:06.115588 Port3, IN: IP 192.168.20.70.37099 > 74.125.154.8.443: Flags [R], seq 69227236, win 0, length 0
    11:47:06.142935 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [.], ack 426, win 245, length 0
    11:47:06.143338 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [P.], seq 426:517, ack 3474, win 169, length 91
    11:47:06.143344 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [.], ack 517, win 245, length 0
    11:47:06.143471 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [P.], seq 3474:3565, ack 517, win 245, length 91
    11:47:06.143657 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [.], ack 3565, win 169, length 0
    11:47:06.158054 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [F.], seq 517, ack 3565, win 169, length 0
    11:47:06.158086 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [P.], seq 3565:3634, ack 518, win 245, length 69
    11:47:06.158116 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37100: Flags [F.], seq 3634, ack 518, win 245, length 0
    11:47:06.158470 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [R], seq 971859494, win 0, length 0
    11:47:06.158523 Port3, IN: IP 192.168.20.70.37100 > 74.125.154.8.443: Flags [R], seq 971859494, win 0, length 0
    11:47:06.172176 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags Sleep, seq 1684490406, win 14600, options [mss 1460,sackOK,TS val 2767633 ecr 0,nop,wscale 7], length 0
    11:47:06.172234 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [S.], seq 3157832412, ack 1684490407, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    11:47:06.172666 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [.], ack 1, win 115, length 0
    11:47:06.187257 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [P.], seq 1:159, ack 1, win 115, length 158
    11:47:06.187276 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [.], ack 159, win 237, length 0
    11:47:06.189102 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [.], seq 1:1461, ack 159, win 237, length 1460
    11:47:06.189111 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [.], seq 1461:2921, ack 159, win 237, length 1460
    11:47:06.189114 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [P.], seq 2921:3474, ack 159, win 237, length 553
    11:47:06.189507 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [.], ack 1461, win 137, length 0
    11:47:06.189628 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [.], ack 3474, win 169, length 0
    11:47:06.320393 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [P.], seq 159:426, ack 3474, win 169, length 267
    11:47:06.362936 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [.], ack 426, win 245, length 0
    11:47:06.363258 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [P.], seq 426:517, ack 3474, win 169, length 91
    11:47:06.363268 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [.], ack 517, win 245, length 0
    11:47:06.363372 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [P.], seq 3474:3565, ack 517, win 245, length 91
    11:47:06.363551 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [.], ack 3565, win 169, length 0
    11:47:06.376865 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [F.], seq 517, ack 3565, win 169, length 0
    11:47:06.376899 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [P.], seq 3565:3634, ack 518, win 245, length 69
    11:47:06.376929 Port3, OUT: IP 74.125.154.8.443 > 192.168.20.70.37101: Flags [F.], seq 3634, ack 518, win 245, length 0
    11:47:06.377273 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [R], seq 1684490924, win 0, length 0
    11:47:06.377327 Port3, IN: IP 192.168.20.70.37101 > 74.125.154.8.443: Flags [R], seq 1684490924, win 0, length 0
    11:47:06.449143 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:08.078266 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:47:08.078278 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:47:08.133016 Port3, IN: IP 192.168.20.70.42229 > 77.234.90.142.443: Flags [.], seq 12875:14295, ack 2819676, win 771, options [nop,nop,TS val 2768124 ecr 3642209434], length 1420
    11:47:08.133107 Port3, IN: IP 192.168.20.70.42230 > 77.234.90.142.443: Flags [.], seq 9249:10669, ack 1043718, win 1254, options [nop,nop,TS val 2768124 ecr 3642208119], length 1420
    11:47:08.451422 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:10.102314 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:47:10.102329 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:47:10.454346 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:11.998377 Port3, IN: IP 192.168.20.70.52104 > 192.168.20.255.15600: UDP, length 35
    11:47:12.125790 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:47:12.125804 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:47:12.456916 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:14.178639 Port3, IN: ARP, Request who-has 192.168.20.1 tell 192.168.20.70, length 46
    11:47:14.178651 Port3, OUT: ARP, Reply 192.168.20.1 is-at 40:62:31:03:da:76, length 28
    11:47:14.460301 Port3, IN: IP 192.168.20.70.8001 > 224.0.0.7.8001: UDP, length 184
    11:47:14.667840 Port3, IN: IP 192.168.20.70.51705 > 216.58.214.206.443: Flags [.], seq 337951:339319, ack 481818, win 532, options [nop,nop,TS val 2769757 ecr 112117120], length 1368
    11:47:14.667930 Port3, IN: IP 192.168.20.70.51705 > 216.58.214.206.443: Flags [P.], seq 339319:340500, ack 481818, win 532, options [nop,nop,TS val 2769757 ecr 112117120], length 1181
    11:47:14.669830 Port3, OUT: IP 216.58.214.206.443 > 192.168.20.70.51705: Flags [.], ack 340500, win 1046, options [nop,nop,TS val 112127098 ecr 2769757], length 0
    11:47:14.670268 Port3, IN: IP 192.168.20.70.51705 > 216.58.214.206.443: Flags [P.], seq 340500:341657, ack 481818, win 532, options [nop,nop,TS val 2769758 ecr 112127098], length 1157
    11:47:14.676644 Port3, OUT: IP 216.58.214.206.443 > 192.168.20.70.51705: Flags [.], ack 341657, win 1050, options [nop,nop,TS val 112127105 ecr 2769758], length 0
    11:47:14.711710 Port3, OUT: IP 216.58.214.206.443 > 192.168.20.70.51705: Flags [P.], seq 481818:482559, ack 341657, win 1050, options [nop,nop,TS val 112127140 ecr 2769758], length 741
    11:47:14.712081 Port3, IN: IP 192.168.20.70.51705 > 216.58.214.206.443: Flags [.], ack 482559, win 532, options [nop,nop,TS val 2769768 ecr 112127140], length 0
    11:47:15.007845 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags Sleep, seq 3085255640, win 14600, options [mss 1460,sackOK,TS val 2769842 ecr 0,nop,wscale 7], length 0
    11:47:15.007916 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [S.], seq 3021500099, ack 3085255641, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    11:47:15.008229 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags [.], ack 1, win 115, length 0
    11:47:15.008642 Port3, IN: IP 192.168.20.70.42263 > 77.234.90.142.443: Flags Sleep, seq 316818036, win 14600, options [mss 1460,sackOK,TS val 2769842 ecr 0,nop,wscale 7], length 0
    11:47:15.008681 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42263: Flags [S.], seq 53226660, ack 316818037, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    11:47:15.008891 Port3, IN: IP 192.168.20.70.42263 > 77.234.90.142.443: Flags [.], ack 1, win 115, length 0
    11:47:15.025863 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags [P.], seq 1:162, ack 1, win 115, length 161
    11:47:15.025884 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [.], ack 162, win 237, length 0
    11:47:15.027779 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [.], seq 1:1461, ack 162, win 237, length 1460
    11:47:15.027788 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [.], seq 1461:2921, ack 162, win 237, length 1460
    11:47:15.027792 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [P.], seq 2921:3481, ack 162, win 237, length 560
    11:47:15.028235 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags [.], ack 1461, win 137, length 0
    11:47:15.028314 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags [.], ack 3481, win 169, length 0
    11:47:15.040672 Port3, IN: IP 192.168.20.70.42263 > 77.234.90.142.443: Flags [P.], seq 1:162, ack 1, win 115, length 161
    11:47:15.040689 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42263: Flags [.], ack 162, win 237, length 0
    11:47:15.042385 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42263: Flags [.], seq 1:1461, ack 162, win 237, length 1460
    11:47:15.042393 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42263: Flags [.], seq 1461:2921, ack 162, win 237, length 1460
    11:47:15.042396 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42263: Flags [P.], seq 2921:3481, ack 162, win 237, length 560
    11:47:15.042817 Port3, IN: IP 192.168.20.70.42263 > 77.234.90.142.443: Flags [.], ack 1461, win 137, length 0
    11:47:15.042915 Port3, IN: IP 192.168.20.70.42263 > 77.234.90.142.443: Flags [.], ack 3481, win 169, length 0
    11:47:15.172634 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags [P.], seq 162:429, ack 3481, win 169, length 267
    11:47:15.214941 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [.], ack 429, win 245, length 0
    11:47:15.215287 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags [P.], seq 429:520, ack 3481, win 169, length 91
    11:47:15.215297 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [.], ack 520, win 245, length 0
    11:47:15.215419 Port3, OUT: IP 77.234.90.142.443 > 192.168.20.70.42262: Flags [P.], seq 3481:3572, ack 520, win 245, length 91
    11:47:15.215591 Port3, IN: IP 192.168.20.70.42262 > 77.234.90.142.443: Flags [.], ack 3572, win 169, length 0

  • In reply to rfcat_vk:

    Hmm, HTTP proxy isn't even enabled. I'm trying to understand the logic here, how can a traffic be allowed and denied by one simple drop rule? 

  • In reply to C F:

    Hi,

    if you aren't using the proxy then you are using SSL/TLS inspection.

     

    Please  post a copy gf your rule, not what you think is says, but a screenshot and of where it sits in your rule list.

    Ian

  • In reply to C F:

    Hi

    thank you for those details. Where does the group sit in your firewall rule listing?

    There is nothing obviously wrong that I can see, so that points to a problem with other rules/configuration confusing the XG processing.

    Ian

  • In reply to rfcat_vk:

    If i understand your Problem, your concerns are, Log viewer shows traffic, which should be not allowed by Rule 7, but shows Rule 7 as "Allowed" anyways.

    That is a tricky issue right now in the Log Viewer (database) itself.

    As XG has two different mechanism to allow/deny traffic, you can allow traffic going "Through" and going "to" XG. 

    One is Firewall, you can deny and allow traffic via Firewall rule going through XG (LAN-WAN).

    The Other is Device Access, you can allow Traffic going to XG (LAN to LAN Interface). 

     

    As XG is aware of the Sessions, most likely a session could be going to XG, but build up another session. 

    For example: Transparent Web Filtering is a Proxy. Hence you are "actually" communicate with XG LAN Interface, as XG will use a Proxy on LAN Port. 

    The Connection will be: Client - WAN, but actually you have two different sessions: Client to LAN Interface (Port 443). WAN Interface to Server (Port 443). 

     

    Therefore we are now in the tricky spot. As you deny the Traffic from Client to Server (LAN to Server), but allow LAN to Proxy Interface. 

    This transparent Proxy will actually perform a redirect of the Port from 443 to 3128 (internally). 

    So we are sitting there and do not know, what to do. As the session is actually allowed (TCP) by the Proxy (Device Access) but on the other site not allowed for the actual session.

    So we are allowing the Client to communicate to the proxy, as you allowed this in the Device Access page, but the Proxy will deny the request anyway (as Firewall Rule).

    Hence: TCP is allowed, Application based is deny. 

     

    Hope this makes sense?