Below is the ethereal output of my splunk server my windows host IP is 10.20.30.191 .
tethereal -i any port 9997
Running as user "root" and group "root". This could be dangerous.
Capturing on Pseudo-device that captures on all interfaces
0.000000 172.16.10.4 -> 10.20.30.56 TCP 50761 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=2522376187 TSER=0 WS=2
3.019068 172.16.10.12 -> 10.20.30.56 TCP 44395 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951490862 TSER=0 WS=2
3.019953 172.16.10.12 -> 10.20.30.56 TCP 44396 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951490863 TSER=0 WS=2
3.020985 172.16.10.12 -> 10.20.30.56 TCP 44397 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951490864 TSER=0 WS=2
5.839795 172.16.10.6 -> 10.20.30.56 TCP 51269 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=2464781189 TSER=0 WS=7
6.018377 172.16.10.12 -> 10.20.30.56 TCP 44395 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951493862 TSER=0 WS=2
6.019417 172.16.10.12 -> 10.20.30.56 TCP 44396 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951493863 TSER=0 WS=2
6.020440 172.16.10.12 -> 10.20.30.56 TCP 44397 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951493864 TSER=0 WS=2
6.272273 172.16.10.8 -> 10.20.30.56 TCP 50072 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=401096443 TSER=0 WS=2
7.920443 172.16.10.5 -> 10.20.30.56 TCP 35892 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380
8.015665 172.16.10.12 -> 10.20.30.56 TCP 44400 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951495859 TSER=0 WS=2
8.840211 172.16.10.6 -> 10.20.30.56 TCP 51269 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=2464784190 TSER=0 WS=7
9.230324 10.20.30.191 -> 10.20.30.56 TCP 49521 > palace-6 [FIN, ACK] Seq=1 Ac k=1 Win=256 Len=0
9.230425 10.20.30.56 -> 10.20.30.191 TCP palace-6 > 49521 [FIN, ACK] Seq=1 Ac k=2 Win=229 Len=0
9.230545 10.20.30.191 -> 10.20.30.56 SMPP SMPP Cancel_sm
9.230551 10.20.30.56 -> 10.20.30.191 TCP palace-6 > 58418 [ACK] Seq=1 Ack=432 Win=1002 Len=0
9.230649 10.20.30.191 -> 10.20.30.56 TCP 49521 > palace-6 [ACK] Seq=2 Ack=2 W in=256 Len=0
9.230674 10.20.30.191 -> 10.20.30.56 TCP 49527 > palace-6 [SYN] Seq=0 Win=819 2 Len=0 MSS=1460 WS=8
9.230702 10.20.30.56 -> 10.20.30.191 TCP palace-6 > 49527 [SYN, ACK] Seq=0 Ac k=1 Win=14600 Len=0 MSS=1460 WS=6
9.230872 10.20.30.191 -> 10.20.30.56 TCP 49527 > palace-6 [ACK] Seq=1 Ack=1 W in=65536 Len=0
9.271718 172.16.10.8 -> 10.20.30.56 TCP 50072 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=401099443 TSER=0 WS=2
10.920291 172.16.10.5 -> 10.20.30.56 TCP 35892 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380
11.016066 172.16.10.12 -> 10.20.30.56 TCP 44400 > palace-6 [SYN] Seq=0 Win=584 0 Len=0 MSS=1380 TSV=951498859 TSER=0 WS=2
14.841321 172.16.10.6 -> 10.20.30.56 TCP 51269 > palace-6 [SYN] Seq=0 Win=5840 Le n=0 MSS=1380 TSV=2464790190 TSER=0 WS=7
15.228675 172.16.10.11 -> 10.20.30.56 TCP 55797 > palace-6 [SYN] Seq=0 Win=5840 Le n=0 MSS=1380 TSV=2524005403 TSER=0 WS=2
16.921152 172.16.10.5 -> 10.20.30.56 TCP 35892 > palace-6 [SYN] Seq=0 Win=5840 Le n=0 MSS=1380
18.228286 172.16.10.11 -> 10.20.30.56 TCP 55797 > palace-6 [SYN] Seq=0 Win=5840 Len=0 MSS=1380 TSV=2524008403 TSER=0 WS=2
21.000422 172.16.10.4 -> 10.20.30.56 TCP 50775 > palace-6 [SYN] Seq=0 Win=5840 Len=0 MSS=1380 TSV=2522397186 TSER=0 WS=2
24.000003 172.16.10.4 -> 10.20.30.56 TCP 50775 > palace-6 [SYN] Seq=0 Win=5840 Len=0 MSS=1380 TSV=2522400186 TSER=0 WS=2
24.228172 172.16.10.11 -> 10.20.30.56 TCP 55797 > palace-6 [SYN] Seq=0 Win=5840 Len=0 MSS=1380 TSV=2524014403 TSER=0 WS=2
^C30 packets captured.
Yes i am getting other events on my splunk server.
... View more