DONC

network activity ~$ sudo tcpdump -A -v -s 4096 -i wlxf81a671ece37

21:57:02.377855 IP (tos 0x0, ttl 64, id 23972, offset 0, flags [DF],
proto TCP (6), length 221)
10.0.0.17.44816 > par10s22-in-f3.1e100.net.https: Flags [FP.], cksum
0x9c31 (correct), seq 0:169, ack 1, win 49, options [nop,nop,TS val
3930496 ecr 2973767648], length 169
E...].@.@.)H
....:.......4..5......1.1.....
.;...@......)........m`7{.......jL....6(.R/..........O....).........`..FA.....%.....u.`......e.sq.>r....).......
.....|.4....)..............&f..
Z............
.....h...Q....{...
21:57:02.889885 IP (tos 0x0, ttl 64, id 6903, offset 0, flags [DF],
proto TCP (6), length 122)
10.0.0.17.48698 > lb-192-30-253-125-iad.github.com.https: Flags
[FP.], cksum 0x9687 (correct), seq 0:70, ack 1, win 31, options
[nop,nop,TS val 3930624 ecr 1164918894], length 70
E..z..@.@.W.
......}.:..
.....]C...........
.;..Eo@n...."...........u.....J.;@..y1.^..3...
.............Q.....C..8... lb-192-30-253-125-iad.github.com.https: Flags
[FP.], cksum 0xdc17 (correct), seq 0:70, ack 1, win 40, options
[nop,nop,TS val 3931200 ecr 1164921731], length 70
E..z.?@.@.U.
......}.......e.......(.......
.;.@EoK.....".......T..r..O..\Y.04.....@.....L.............Um.L..O... par21s07-in-f16.1e100.net.https: Flags [FP.],
cksum 0x764a (correct), seq 0:169, ack 1, win 46, options [nop,nop,TS
val 3931328 ecr 74644717], length 169
E...4/@.@.V.
....:...&.......k......vJ.....
.;...r......)........b.K.n...{..(........WU./8`.$.7
q.....)...........8q........b.#.~g..Aw.4....s.......)....... K..a..3I
`....X4..;.......B....1.............
b...q.j..k.... .=.
21:57:10.313928 IP (tos 0x0, ttl 64, id 23973, offset 0, flags [DF],
proto TCP (6), length 221)
10.0.0.17.44816 > par10s22-in-f3.1e100.net.https: Flags [FP.], cksum
0x9471 (correct), seq 0:169, ack 1, win 49, options [nop,nop,TS val
3932480 ecr 2973767648], length 169
E...].@.@.)G
....:.......4..5......1.q.....
.r....).......
.....|.4....)..............&f..
Z............
.....h...Q....{...
21:57:11.593905 IP (tos 0x0, ttl 64, id 21755, offset 0, flags [DF],
proto TCP (6), length 52)
10.0.0.17.42186 >
a92-122-218-154.deploy.static.akamaitechnologies.com.http: Flags [.],
cksum 0x14b5 (correct), ack 385, win 30, options [nop,nop,TS val 3932800
ecr 642804199], length 0
E..4T.@.@...
...\z.....P}......^...........
.
10.0.0.17.42186: Flags [.], cksum 0x1daa (correct), ack 297, win 235,
options [nop,nop,TS val 642814439 ecr 3920061], length 0
E..4:.@.9...\z..
....P.....^}..............
&P...;..
21:57:15.550438 IP (tos 0x0, ttl 64, id 43937, offset 0, flags [DF],
proto UDP (17), length 70)
10.0.0.17.39919 > 192.168.42.129.domain: 23050+ A?
detectportal.firefox.com. (42)
E..F..@.@...
.....*....5.2..Z
...........detectportal.firefox.com.....
21:57:15.550479 IP (tos 0x0, ttl 64, id 21756, offset 0, flags [DF],
proto TCP (6), length 348)
10.0.0.17.42186 >
a92-122-218-154.deploy.static.akamaitechnologies.com.http: Flags [P.],
cksum 0x6f9a (correct), seq 297:593, ack 385, win 30, options
[nop,nop,TS val 3933789 ecr 642814439], length 296: HTTP, length: 296
GET /success.txt HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Firefox/52.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Pragma: no-cache
DNT: 1
Connection: keep-alive

E..\T.@.@..z
...\z.....P}......^....o......
. 192.168.42.129.domain: 15540+ AAAA?
detectportal.firefox.com. (42)
E..F..@.@...
.....*....5.2.
10.0.0.17.42186: Flags [P.], cksum 0x57a9 (correct), seq 385:769, ack
593, win 243, options [nop,nop,TS val 642818399 ecr 3933789], length
384: HTTP, length: 384
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 8
Last-Modified: Mon, 15 May 2017 18:04:40 GMT
ETag: "ae780585f49b94ce1444eb7d28906123"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Id: _FtgY1-T-kfVXLSO3B2t52umHVZS5PLbceq7zvjgR8Y0sebHfJxRiA