Ok, I apologize in advance - I am very new to tcpdump so not sure if I am getting the information needed out of this, please let me know if I need to refine the way data is retrieved and/or stored to ensure the necessary data and format is achieved.
Todays crash log was however a bit different in that the crash was not immediately following an HTTP request.
Here is the end snippet of the tcpdump text output: (With some lines with my embedded ZWay password censored out)
Code: Select all
17:39:58.142866 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42162 > 192.168.1.3.1025: Flags [.], cksum 0xc94a (correct), seq 131, ack 90, win 29200, length 0
0x0000: 4500 0028 0000 4000 4006 b6b9 c0a8 01c3 E..(..@.@.......
0x0010: c0a8 0103 a4b2 0401 e6b7 2fd1 60d1 d054 ........../.`..T
0x0020: 5010 7210 c94a 0000 P.r..J..
17:39:58.977056 IP (tos 0x0, ttl 64, id 38202, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.195.42166 > 192.168.1.3.1025: Flags [S], cksum 0x8445 (incorrect -> 0x47cd), seq 2309655229, win 29200, options [mss 1460,sackOK,TS val 4013448627 ecr 0,nop,wsc ale 7], length 0
0x0000: 4500 003c 953a 4000 4006 216b c0a8 01c3 E..<.:@.@.!k....
0x0010: c0a8 0103 a4b6 0401 89aa 8abd 0000 0000 ................
0x0020: a002 7210 8445 0000 0204 05b4 0402 080a ..r..E..........
0x0030: ef38 5db3 0000 0000 0103 0307 .8].........
17:39:58.982106 IP (tos 0x0, ttl 255, id 51949, offset 0, flags [none], proto TCP (6), length 44)
192.168.1.3.1025 > 192.168.1.195.42166: Flags [S.], cksum 0x0d29 (correct), seq 1624365000, ack 2309655230, win 4380, options [mss 1460], length 0
0x0000: 4500 002c caed 0000 ff06 6cc7 c0a8 0103 E..,......l.....
0x0010: c0a8 01c3 0401 a4b6 60d1 d7c8 89aa 8abe ........`.......
0x0020: 6012 111c 0d29 0000 0204 05b4 0000 `....)........
17:39:58.982274 IP (tos 0x0, ttl 64, id 38203, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42166 > 192.168.1.3.1025: Flags [.], cksum 0x8431 (incorrect -> 0xc3f1), seq 1, ack 1, win 29200, length 0
0x0000: 4500 0028 953b 4000 4006 217e c0a8 01c3 E..(.;@.@.!~....
0x0010: c0a8 0103 a4b6 0401 89aa 8abe 60d1 d7c9 ............`...
0x0020: 5010 7210 8431 0000 P.r..1..
17:39:58.982652 IP (tos 0x0, ttl 64, id 38204, offset 0, flags [DF], proto TCP (6), length 172)
192.168.1.195.42166 > 192.168.1.3.1025: Flags [P.], cksum 0x84b5 (incorrect -> 0xfde7), seq 1:133, ack 1, win 29200, length 132
0x0000: 4500 00ac 953c 4000 4006 20f9 c0a8 01c3 E....<@.@.......
0x0010: c0a8 0103 a4b6 0401 89aa 8abe 60d1 d7c9 ............`...
0x0020: 5018 7210 84b5 0000 4745 5420 2f5a 5761 P.r.....GET./ZWa
0x0030: 7665 3f43 6d64 3d43 4263 6b26 4465 763d ve?Cmd=CBck&Dev=
0x0040: 5a57 6179 5644 6576 5f7a 7761 795f 362d ZWayVDev_zway_6-
0x0050: 312d 3530 2d32 264c 6576 3d30 2e36 2048 1-50-2&Lev=0.6.H
0x0060: 5454 502f 312e 310d 0a48 6f73 743a 2031 TTP/1.1..Host:.1
0x0070: 3932 2e31 3638 2e31 2e33 3a31 3032 350d 92.168.1.3:1025.
0x0080: 0a55 7365 722d 4167 656e 743a 2058 4d4c .User-Agent:.XML
0x0090: 4874 7470 5265 7175 6573 740d 0a41 6363 HttpRequest..Acc
0x00a0: 6570 743a 202a 2f2a 0d0a 0d0a ept:.*/*....
17:39:58.996894 IP (tos 0x0, ttl 255, id 51950, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.1025 > 192.168.1.195.42166: Flags [.], cksum 0x24e6 (correct), seq 1, ack 133, win 4248, length 0
0x0000: 4500 0028 caee 0000 ff06 6cca c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 0401 a4b6 60d1 d7c9 89aa 8b42 ........`......B
0x0020: 5010 1098 24e6 0000 8abe 60d1 d7c9 P...$.....`...
17:39:59.243622 IP (tos 0x0, ttl 255, id 51951, offset 0, flags [none], proto TCP (6), length 128)
192.168.1.3.1025 > 192.168.1.195.42166: Flags [P.], cksum 0x106a (correct), seq 1:89, ack 133, win 4380, length 88
0x0000: 4500 0080 caef 0000 ff06 6c71 c0a8 0103 E.........lq....
0x0010: c0a8 01c3 0401 a4b6 60d1 d7c9 89aa 8b42 ........`......B
0x0020: 5018 111c 106a 0000 4854 5450 2f31 2e31 P....j..HTTP/1.1
0x0030: 2032 3030 204f 4b0d 0a43 6f6e 7465 6e74 .200.OK..Content
0x0040: 2d6c 656e 6774 683a 2036 0d0a 436f 6e6e -length:.6..Conn
0x0050: 6563 7469 6f6e 3a20 636c 6f73 650d 0a43 ection:.close..C
0x0060: 6f6e 7465 6e74 2d74 7970 653a 2074 6578 ontent-type:.tex
0x0070: 742f 6874 6d6c 0d0a 0d0a 3230 3020 4f4b t/html....200.OK
17:39:59.243724 IP (tos 0x0, ttl 64, id 38205, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42166 > 192.168.1.3.1025: Flags [.], cksum 0x8431 (incorrect -> 0xc315), seq 133, ack 89, win 29200, length 0
0x0000: 4500 0028 953d 4000 4006 217c c0a8 01c3 E..(.=@.@.!|....
0x0010: c0a8 0103 a4b6 0401 89aa 8b42 60d1 d821 ...........B`..!
0x0020: 5010 7210 8431 0000 P.r..1..
17:39:59.244181 IP (tos 0x0, ttl 64, id 38206, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42166 > 192.168.1.3.1025: Flags [F.], cksum 0x8431 (incorrect -> 0xc314), seq 133, ack 89, win 29200, length 0
0x0000: 4500 0028 953e 4000 4006 217b c0a8 01c3 E..(.>@.@.!{....
0x0010: c0a8 0103 a4b6 0401 89aa 8b42 60d1 d821 ...........B`..!
0x0020: 5011 7210 8431 0000 P.r..1..
17:39:59.253029 IP (tos 0x0, ttl 255, id 51952, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.1025 > 192.168.1.195.42166: Flags [.], cksum 0x2409 (correct), seq 89, ack 134, win 4380, length 0
0x0000: 4500 0028 caf0 0000 ff06 6cc8 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 0401 a4b6 60d1 d821 89aa 8b43 ........`..!...C
0x0020: 5010 111c 2409 0000 8b42 60d1 d821 P...$....B`..!
17:39:59.261212 IP (tos 0x0, ttl 255, id 51953, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.1025 > 192.168.1.195.42166: Flags [F.], cksum 0x2408 (correct), seq 89, ack 134, win 4380, length 0
0x0000: 4500 0028 caf1 0000 ff06 6cc7 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 0401 a4b6 60d1 d821 89aa 8b43 ........`..!...C
0x0020: 5011 111c 2408 0000 8b42 60d1 d821 P...$....B`..!
17:39:59.261297 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42166 > 192.168.1.3.1025: Flags [.], cksum 0xc313 (correct), seq 134, ack 90, win 29200, length 0
0x0000: 4500 0028 0000 4000 4006 b6b9 c0a8 01c3 E..(..@.@.......
0x0010: c0a8 0103 a4b6 0401 89aa 8b43 60d1 d822 ...........C`.."
0x0020: 5010 7210 c313 0000 P.r.....
17:40:00.411681 IP (tos 0x0, ttl 64, id 1611, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.195.42168 > 192.168.1.3.1025: Flags [S], cksum 0x8445 (incorrect -> 0x2a20), seq 102508125, win 29200, options [mss 1460,sackOK,TS val 4013450061 ecr 0,nop,wsca le 7], length 0
0x0000: 4500 003c 064b 4000 4006 b05a c0a8 01c3 E..<.K@.@..Z....
0x0010: c0a8 0103 a4b8 0401 061c 265d 0000 0000 ..........&]....
0x0020: a002 7210 8445 0000 0204 05b4 0402 080a ..r..E..........
0x0030: ef38 634d 0000 0000 0103 0307 .8cM........
17:40:00.417120 IP (tos 0x0, ttl 255, id 51954, offset 0, flags [none], proto TCP (6), length 44)
192.168.1.3.1025 > 192.168.1.195.42168: Flags [S.], cksum 0xf12e (correct), seq 1624365999, ack 102508126, win 4380, options [mss 1460], length 0
0x0000: 4500 002c caf2 0000 ff06 6cc2 c0a8 0103 E..,......l.....
0x0010: c0a8 01c3 0401 a4b8 60d1 dbaf 061c 265e ........`.....&^
0x0020: 6012 111c f12e 0000 0204 05b4 0000 `.............
17:40:00.417285 IP (tos 0x0, ttl 64, id 1612, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42168 > 192.168.1.3.1025: Flags [.], cksum 0x8431 (incorrect -> 0xa7f7), seq 1, ack 1, win 29200, length 0
0x0000: 4500 0028 064c 4000 4006 b06d c0a8 01c3 E..(.L@.@..m....
0x0010: c0a8 0103 a4b8 0401 061c 265e 60d1 dbb0 ..........&^`...
0x0020: 5010 7210 8431 0000 P.r..1..
17:40:00.417927 IP (tos 0x0, ttl 64, id 1613, offset 0, flags [DF], proto TCP (6), length 172)
192.168.1.195.42168 > 192.168.1.3.1025: Flags [P.], cksum 0x84b5 (incorrect -> 0x7bd8), seq 1:133, ack 1, win 29200, length 132
0x0000: 4500 00ac 064d 4000 4006 afe8 c0a8 01c3 E....M@.@.......
0x0010: c0a8 0103 a4b8 0401 061c 265e 60d1 dbb0 ..........&^`...
0x0020: 5018 7210 84b5 0000 4745 5420 2f5a 5761 P.r.....GET./ZWa
0x0030: 7665 3f43 6d64 3d43 4263 6b26 4465 763d ve?Cmd=CBck&Dev=
0x0040: 5a57 6179 5644 6576 5f7a 7761 795f 3131 ZWayVDev_zway_11
0x0050: 2d31 2d34 382d 3126 4c65 763d 6f6e 2048 -1-48-1&Lev=on.H
0x0060: 5454 502f 312e 310d 0a48 6f73 743a 2031 TTP/1.1..Host:.1
0x0070: 3932 2e31 3638 2e31 2e33 3a31 3032 350d 92.168.1.3:1025.
0x0080: 0a55 7365 722d 4167 656e 743a 2058 4d4c .User-Agent:.XML
0x0090: 4874 7470 5265 7175 6573 740d 0a41 6363 HttpRequest..Acc
0x00a0: 6570 743a 202a 2f2a 0d0a 0d0a ept:.*/*....
17:40:00.436900 IP (tos 0x0, ttl 255, id 51955, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.1025 > 192.168.1.195.42168: Flags [.], cksum 0x08ec (correct), seq 1, ack 133, win 4248, length 0
0x0000: 4500 0028 caf3 0000 ff06 6cc5 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 0401 a4b8 60d1 dbb0 061c 26e2 ........`.....&.
0x0020: 5010 1098 08ec 0000 265e 60d1 dbb0 P.......&^`...
17:40:00.464251 IP (tos 0x0, ttl 255, id 51956, offset 0, flags [none], proto TCP (6), length 128)
192.168.1.3.1025 > 192.168.1.195.42168: Flags [P.], cksum 0xf46f (correct), seq 1:89, ack 133, win 4380, length 88
0x0000: 4500 0080 caf4 0000 ff06 6c6c c0a8 0103 E.........ll....
0x0010: c0a8 01c3 0401 a4b8 60d1 dbb0 061c 26e2 ........`.....&.
0x0020: 5018 111c f46f 0000 4854 5450 2f31 2e31 P....o..HTTP/1.1
0x0030: 2032 3030 204f 4b0d 0a43 6f6e 7465 6e74 .200.OK..Content
0x0040: 2d6c 656e 6774 683a 2036 0d0a 436f 6e6e -length:.6..Conn
0x0050: 6563 7469 6f6e 3a20 636c 6f73 650d 0a43 ection:.close..C
0x0060: 6f6e 7465 6e74 2d74 7970 653a 2074 6578 ontent-type:.tex
0x0070: 742f 6874 6d6c 0d0a 0d0a 3230 3020 4f4b t/html....200.OK
17:40:00.464377 IP (tos 0x0, ttl 64, id 1614, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42168 > 192.168.1.3.1025: Flags [.], cksum 0x8431 (incorrect -> 0xa71b), seq 133, ack 89, win 29200, length 0
0x0000: 4500 0028 064e 4000 4006 b06b c0a8 01c3 E..(.N@.@..k....
0x0010: c0a8 0103 a4b8 0401 061c 26e2 60d1 dc08 ..........&.`...
0x0020: 5010 7210 8431 0000 P.r..1..
17:40:00.465437 IP (tos 0x0, ttl 64, id 1615, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42168 > 192.168.1.3.1025: Flags [F.], cksum 0x8431 (incorrect -> 0xa71a), seq 133, ack 89, win 29200, length 0
0x0000: 4500 0028 064f 4000 4006 b06a c0a8 01c3 E..(.O@.@..j....
0x0010: c0a8 0103 a4b8 0401 061c 26e2 60d1 dc08 ..........&.`...
0x0020: 5011 7210 8431 0000 P.r..1..
17:40:00.473605 IP (tos 0x0, ttl 255, id 51957, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.1025 > 192.168.1.195.42168: Flags [.], cksum 0x080f (correct), seq 89, ack 134, win 4380, length 0
0x0000: 4500 0028 caf5 0000 ff06 6cc3 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 0401 a4b8 60d1 dc08 061c 26e3 ........`.....&.
0x0020: 5010 111c 080f 0000 26e2 60d1 dc08 P.......&.`...
17:40:00.481899 IP (tos 0x0, ttl 255, id 51958, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.1025 > 192.168.1.195.42168: Flags [F.], cksum 0x080e (correct), seq 89, ack 134, win 4380, length 0
0x0000: 4500 0028 caf6 0000 ff06 6cc2 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 0401 a4b8 60d1 dc08 061c 26e3 ........`.....&.
0x0020: 5011 111c 080e 0000 26e2 60d1 dc08 P.......&.`...
17:40:00.481985 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.42168 > 192.168.1.3.1025: Flags [.], cksum 0xa719 (correct), seq 134, ack 90, win 29200, length 0
0x0000: 4500 0028 0000 4000 4006 b6b9 c0a8 01c3 E..(..@.@.......
0x0010: c0a8 0103 a4b8 0401 061c 26e3 60d1 dc09 ..........&.`...
0x0020: 5010 7210 a719 0000 P.r.....
17:40:00.686025 IP (tos 0x0, ttl 255, id 51959, offset 0, flags [none], proto TCP (6), length 44)
192.168.1.3.4161 > 192.168.1.195.8083: Flags [S], cksum 0x92b7 (correct), seq 1624366998, win 4380, options [mss 1460], length 0
0x0000: 4500 002c caf7 0000 ff06 6cbd c0a8 0103 E..,......l.....
0x0010: c0a8 01c3 1041 1f93 60d1 df96 0000 0000 .....A..`.......
0x0020: 6002 111c 92b7 0000 0204 05b4 dc08 `.............
17:40:00.686119 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
192.168.1.195.8083 > 192.168.1.3.4161: Flags [S.], cksum 0x8435 (incorrect -> 0x2240), seq 3456188784, ack 1624366999, win 29200, options [mss 1460], length 0
0x0000: 4500 002c 0000 4000 4006 b6b5 c0a8 01c3 E..,..@.@.......
0x0010: c0a8 0103 1f93 1041 ce01 4170 60d1 df97 .......A..Ap`...
0x0020: 6012 7210 8435 0000 0204 05b4 `.r..5......
17:40:00.687004 IP (tos 0x0, ttl 255, id 51960, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.4161 > 192.168.1.195.8083: Flags [.], cksum 0x9af1 (correct), seq 1, ack 1, win 4380, length 0
0x0000: 4500 0028 caf8 0000 ff06 6cc0 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 1041 1f93 60d1 df97 ce01 4171 .....A..`.....Aq
0x0020: 5010 111c 9af1 0000 4171 60d1 df97 P.......Aq`...
17:40:00.698082 IP (tos 0x0, ttl 255, id 51961, offset 0, flags [none], proto TCP (6), length 240)
192.168.1.3.4161 > 192.168.1.195.8083: Flags [P.], cksum 0x8920 (correct), seq 1:201, ack 1, win 4380, length 200
0x0000: 4500 00f0 caf9 0000 ff06 6bf7 c0a8 0103 E.........k.....
0x0010: c0a8 01c3 1041 1f93 60d1 df97 ce01 4171 .....A..`.....Aq
0x0020: 5018 111c 8920 0000 4745 5420 2f5a 4175 P.......GET./ZAu
0x0030: 746f 6d61 7469 6f6e 2f61 7069 2f76 312f tomation/api/v1/
0x0040: 6465 7669 6365 733f 7369 6e63 653d 3135 devices?since=15
0x0050: 3739 3533 3833 3935 2048 5454 502f 312e 79538395.HTTP/1.
0x0060: 300d 0a41 7574 686f 7269 7a61 7469 6f6e 0..Authorization
0x0070: (Censored)
0x0080: (Censored)
0x0090: (Censored)
0x00a0: 3136 382e 312e 3139 350d 0a41 6363 6570 168.1.195..Accep
0x00b0: 743a 202a 2f2a 0d0a 5573 6572 2d41 6765 t:.*/*..User-Age
0x00c0: 6e74 3a20 4d6f 7a69 6c6c 612f 322e 3020 nt:.Mozilla/2.0.
0x00d0: 2863 6f6d 7061 7469 626c 653b 2047 5a57 (compatible;.GZW
0x00e0: 2d43 6c69 656e 7420 302e 3229 0d0a 0d0a -Client.0.2)....
17:40:00.698123 IP (tos 0x0, ttl 64, id 24899, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.8083 > 192.168.1.3.4161: Flags [.], cksum 0x8431 (incorrect -> 0x3605), seq 1, ack 201, win 30016, length 0
0x0000: 4500 0028 6143 4000 4006 5576 c0a8 01c3 E..(aC@.@.Uv....
0x0010: c0a8 0103 1f93 1041 ce01 4171 60d1 e05f .......A..Aq`.._
0x0020: 5010 7540 8431 0000 P.u@.1..
17:40:06.704250 IP (tos 0x0, ttl 255, id 51962, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.4161 > 192.168.1.195.8083: Flags [F.], cksum 0x9a28 (correct), seq 201, ack 1, win 4380, length 0
0x0000: 4500 0028 cafa 0000 ff06 6cbe c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 1041 1f93 60d1 e05f ce01 4171 .....A..`.._..Aq
0x0020: 5011 111c 9a28 0000 0000 0000 0000 P....(........
17:40:06.744473 IP (tos 0x0, ttl 64, id 24900, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.8083 > 192.168.1.3.4161: Flags [.], cksum 0x8431 (incorrect -> 0x3604), seq 1, ack 202, win 30016, length 0
0x0000: 4500 0028 6144 4000 4006 5575 c0a8 01c3 E..(aD@.@.Uu....
0x0010: c0a8 0103 1f93 1041 ce01 4171 60d1 e060 .......A..Aq`..`
0x0020: 5010 7540 8431 0000 P.u@.1..
17:40:07.636397 IP (tos 0x0, ttl 255, id 51963, offset 0, flags [none], proto TCP (6), length 44)
192.168.1.3.4162 > 192.168.1.195.8083: Flags [S], cksum 0x8ecf (correct), seq 1624367997, win 4380, options [mss 1460], length 0
0x0000: 4500 002c cafb 0000 ff06 6cb9 c0a8 0103 E..,......l.....
0x0010: c0a8 01c3 1042 1f93 60d1 e37d 0000 0000 .....B..`..}....
0x0020: 6002 111c 8ecf 0000 0204 05b4 e060 `............`
17:40:07.636542 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
192.168.1.195.8083 > 192.168.1.3.4162: Flags [S.], cksum 0x8435 (incorrect -> 0x6506), seq 4101297230, ack 1624367998, win 29200, options [mss 1460], length 0
0x0000: 4500 002c 0000 4000 4006 b6b5 c0a8 01c3 E..,..@.@.......
0x0010: c0a8 0103 1f93 1042 f474 d44e 60d1 e37e .......B.t.N`..~
0x0020: 6012 7210 8435 0000 0204 05b4 `.r..5......
17:40:07.642029 IP (tos 0x0, ttl 255, id 51964, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.4162 > 192.168.1.195.8083: Flags [.], cksum 0xddb7 (correct), seq 1, ack 1, win 4380, length 0
0x0000: 4500 0028 cafc 0000 ff06 6cbc c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 1042 1f93 60d1 e37e f474 d44f .....B..`..~.t.O
0x0020: 5010 111c ddb7 0000 d44f 60d1 e37e P........O`..~
17:40:07.657884 IP (tos 0x0, ttl 255, id 51965, offset 0, flags [none], proto TCP (6), length 256)
192.168.1.3.4162 > 192.168.1.195.8083: Flags [P.], cksum 0xb436 (correct), seq 1:217, ack 1, win 4380, length 216
0x0000: 4500 0100 cafd 0000 ff06 6be3 c0a8 0103 E.........k.....
0x0010: c0a8 01c3 1042 1f93 60d1 e37e f474 d44f .....B..`..~.t.O
0x0020: 5018 111c b436 0000 4745 5420 2f5a 4175 P....6..GET./ZAu
0x0030: 746f 6d61 7469 6f6e 2f61 7069 2f76 312f tomation/api/v1/
0x0040: 6465 7669 6365 732f 5a57 6179 5644 6576 devices/ZWayVDev
0x0050: 5f7a 7761 795f 322d 302d 3337 2f63 6f6d _zway_2-0-37/com
0x0060: 6d61 6e64 2f6f 6666 2048 5454 502f 312e mand/off.HTTP/1.
0x0070: 300d 0a41 7574 686f 7269 7a61 7469 6f6e 0..Authorization
0x0080: (Censored)
0x0090: (Censored)
0x00a0: (Censored)
0x00b0: 3136 382e 312e 3139 350d 0a41 6363 6570 168.1.195..Accep
0x00c0: 743a 202a 2f2a 0d0a 5573 6572 2d41 6765 t:.*/*..User-Age
0x00d0: 6e74 3a20 4d6f 7a69 6c6c 612f 322e 3020 nt:.Mozilla/2.0.
0x00e0: 2863 6f6d 7061 7469 626c 653b 2047 5a57 (compatible;.GZW
0x00f0: 2d43 6c69 656e 7420 302e 3229 0d0a 0d0a -Client.0.2)....
17:40:07.657928 IP (tos 0x0, ttl 64, id 63142, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.8083 > 192.168.1.3.4162: Flags [.], cksum 0x8431 (incorrect -> 0x78bb), seq 1, ack 217, win 30016, length 0
0x0000: 4500 0028 f6a6 4000 4006 c012 c0a8 01c3 E..(..@.@.......
0x0010: c0a8 0103 1f93 1042 f474 d44f 60d1 e456 .......B.t.O`..V
0x0020: 5010 7540 8431 0000 P.u@.1..
17:40:13.664261 IP (tos 0x0, ttl 255, id 51966, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.4162 > 192.168.1.195.8083: Flags [F.], cksum 0xdcde (correct), seq 217, ack 1, win 4380, length 0
0x0000: 4500 0028 cafe 0000 ff06 6cba c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 1042 1f93 60d1 e456 f474 d44f .....B..`..V.t.O
0x0020: 5011 111c dcde 0000 c8b1 4b41 4e4e P.........KANN
17:40:13.704473 IP (tos 0x0, ttl 64, id 63143, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.8083 > 192.168.1.3.4162: Flags [.], cksum 0x8431 (incorrect -> 0x78ba), seq 1, ack 218, win 30016, length 0
0x0000: 4500 0028 f6a7 4000 4006 c011 c0a8 01c3 E..(..@.@.......
0x0010: c0a8 0103 1f93 1042 f474 d44f 60d1 e457 .......B.t.O`..W
0x0020: 5010 7540 8431 0000 P.u@.1..
17:40:17.786398 IP (tos 0x0, ttl 255, id 51967, offset 0, flags [none], proto TCP (6), length 44)
192.168.1.3.4163 > 192.168.1.195.8083: Flags [S], cksum 0x8ae7 (correct), seq 1624368996, win 4380, options [mss 1460], length 0
0x0000: 4500 002c caff 0000 ff06 6cb5 c0a8 0103 E..,......l.....
0x0010: c0a8 01c3 1043 1f93 60d1 e764 0000 0000 .....C..`..d....
0x0020: 6002 111c 8ae7 0000 0204 05b4 0000 `.............
17:40:17.786544 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
192.168.1.195.8083 > 192.168.1.3.4163: Flags [S.], cksum 0x8435 (incorrect -> 0xfddf), seq 1755169636, ack 1624368997, win 29200, options [mss 1460], length 0
0x0000: 4500 002c 0000 4000 4006 b6b5 c0a8 01c3 E..,..@.@.......
0x0010: c0a8 0103 1f93 1043 689d c364 60d1 e765 .......Ch..d`..e
0x0020: 6012 7210 8435 0000 0204 05b4 `.r..5......
17:40:17.797945 IP (tos 0x0, ttl 255, id 51968, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.4163 > 192.168.1.195.8083: Flags [.], cksum 0x7691 (correct), seq 1, ack 1, win 4380, length 0
0x0000: 4500 0028 cb00 0000 ff06 6cb8 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 1043 1f93 60d1 e765 689d c365 .....C..`..eh..e
0x0020: 5010 111c 7691 0000 c365 60d1 e765 P...v....e`..e
17:40:17.812552 IP (tos 0x0, ttl 255, id 51969, offset 0, flags [none], proto TCP (6), length 223)
192.168.1.3.4163 > 192.168.1.195.8083: Flags [P.], cksum 0xc718 (correct), seq 1:184, ack 1, win 4380, length 183
0x0000: 4500 00df cb01 0000 ff06 6c00 c0a8 0103 E.........l.....
0x0010: c0a8 01c3 1043 1f93 60d1 e765 689d c365 .....C..`..eh..e
0x0020: 5018 111c c718 0000 4745 5420 2f5a 4175 P.......GET./ZAu
0x0030: 746f 6d61 7469 6f6e 2f61 7069 2f76 312f tomation/api/v1/
0x0040: 6465 7669 6365 7320 4854 5450 2f31 2e30 devices.HTTP/1.0
0x0050: 0d0a 4175 7468 6f72 697a 6174 696f 6e3a ..Authorization:
0x0060: (Censored)
0x0070: (Censored)
0x0080: (Censored)
0x0090: 3638 2e31 2e31 3935 0d0a 4163 6365 7074 68.1.195..Accept
0x00a0: 3a20 2a2f 2a0d 0a55 7365 722d 4167 656e :.*/*..User-Agen
0x00b0: 743a 204d 6f7a 696c 6c61 2f32 2e30 2028 t:.Mozilla/2.0.(
0x00c0: 636f 6d70 6174 6962 6c65 3b20 475a 572d compatible;.GZW-
0x00d0: 436c 6965 6e74 2030 2e32 290d 0a0d 0a Client.0.2)....
17:40:17.812593 IP (tos 0x0, ttl 64, id 58756, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.8083 > 192.168.1.3.4163: Flags [.], cksum 0x8431 (incorrect -> 0x11b6), seq 1, ack 184, win 30016, length 0
0x0000: 4500 0028 e584 4000 4006 d134 c0a8 01c3 E..(..@.@..4....
0x0010: c0a8 0103 1f93 1043 689d c365 60d1 e81c .......Ch..e`...
0x0020: 5010 7540 8431 0000 P.u@.1..
17:40:23.824313 IP (tos 0x0, ttl 255, id 51970, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.4163 > 192.168.1.195.8083: Flags [F.], cksum 0x75d9 (correct), seq 184, ack 1, win 4380, length 0
0x0000: 4500 0028 cb02 0000 ff06 6cb6 c0a8 0103 E..(......l.....
0x0010: c0a8 01c3 1043 1f93 60d1 e81c 689d c365 .....C..`...h..e
0x0020: 5011 111c 75d9 0000 01b2 0000 0000 P...u.........
17:40:23.864474 IP (tos 0x0, ttl 64, id 58757, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.195.8083 > 192.168.1.3.4163: Flags [.], cksum 0x8431 (incorrect -> 0x11b5), seq 1, ack 185, win 30016, length 0
0x0000: 4500 0028 e585 4000 4006 d133 c0a8 01c3 E..(..@.@..3....
0x0010: c0a8 0103 1f93 1043 689d c365 60d1 e81d .......Ch..e`...
0x0020: 5010 7540 8431 0000 P.u@.1..
17:40:46.538395 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.3 tell 192.168.1.1, length 46
0x0000: 0001 0800 0604 0001 0021 91f6 e33f c0a8 .........!...?..
0x0010: 0101 0000 0000 0000 c0a8 0103 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
Hopefully the collected data will be useful clues as to what is happening.