I started with reverse engineering and using the IDA disassembler tool.
I wrote some programs in C++, made an .exe and reversed it in IDA to "hack" my own programs.
Now I wanted to do the same with a python program. As a start a made this simple program:
inp = input("What is your name?\n")
print("Hi", inp)
Then I built an .exe using:
pyinstaller main.py
Loaded it into IDA and searched for strings. IDA gives me a lot of strings but "What is your name" is not in its list. Why is that?
Yes, pyinstaller builds an executable but it is not a "normal" executable. Your Python code is actually in a compressed archive.
$ readelf -S main
There are 30 section headers, starting at offset 0x1ad400:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 00000000000002a8 000002a8
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 00000000000002c4 000002c4
0000000000000020 0000000000000000 A 0 0 4
[ 3] .note.gnu.bu[...] NOTE 00000000000002e4 000002e4
0000000000000024 0000000000000000 A 0 0 4
[ 4] .gnu.hash GNU_HASH 0000000000000308 00000308
0000000000000034 0000000000000000 A 5 0 8
[ 5] .dynsym DYNSYM 0000000000000340 00000340
00000000000007b0 0000000000000018 A 6 1 8
[ 6] .dynstr STRTAB 0000000000000af0 00000af0
0000000000000348 0000000000000000 A 0 0 1
[ 7] .gnu.version VERSYM 0000000000000e38 00000e38
00000000000000a4 0000000000000002 A 5 0 2
[ 8] .gnu.version_r VERNEED 0000000000000ee0 00000ee0
00000000000000a0 0000000000000000 A 6 3 8
[ 9] .rela.dyn RELA 0000000000000f80 00000f80
0000000000000198 0000000000000018 A 5 0 8
[10] .rela.plt RELA 0000000000001118 00001118
00000000000006d8 0000000000000018 AI 5 24 8
[11] .init PROGBITS 0000000000002000 00002000
0000000000000017 0000000000000000 AX 0 0 4
[12] .plt PROGBITS 0000000000002020 00002020
00000000000004a0 0000000000000010 AX 0 0 16
[13] .plt.got PROGBITS 00000000000024c0 000024c0
0000000000000008 0000000000000008 AX 0 0 8
[14] .text PROGBITS 00000000000024d0 000024d0
0000000000003f21 0000000000000000 AX 0 0 16
[15] .fini PROGBITS 00000000000063f4 000063f4
0000000000000009 0000000000000000 AX 0 0 4
[16] .rodata PROGBITS 0000000000007000 00007000
0000000000001618 0000000000000000 A 0 0 8
[17] .eh_frame_hdr PROGBITS 0000000000008618 00008618
000000000000025c 0000000000000000 A 0 0 4
[18] .eh_frame PROGBITS 0000000000008878 00008878
0000000000000e90 0000000000000000 A 0 0 8
[19] .init_array INIT_ARRAY 000000000000ad70 00009d70
0000000000000008 0000000000000008 WA 0 0 8
[20] .fini_array FINI_ARRAY 000000000000ad78 00009d78
0000000000000008 0000000000000008 WA 0 0 8
[21] .data.rel.ro PROGBITS 000000000000ad80 00009d80
0000000000000040 0000000000000000 WA 0 0 32
[22] .dynamic DYNAMIC 000000000000adc0 00009dc0
0000000000000210 0000000000000010 WA 6 0 8
[23] .got PROGBITS 000000000000afd0 00009fd0
0000000000000028 0000000000000008 WA 0 0 8
[24] .got.plt PROGBITS 000000000000b000 0000a000
0000000000000260 0000000000000008 WA 0 0 8
[25] .data PROGBITS 000000000000b260 0000a260
0000000000000010 0000000000000000 WA 0 0 8
[26] .bss NOBITS 000000000000b280 0000a270
00000000000172c0 0000000000000000 WA 0 0 32
[27] .comment PROGBITS 0000000000000000 0000a270
000000000000001c 0000000000000001 MS 0 0 1
[28] pydata PROGBITS 0000000000000000 0000a28c
00000000001a3066 0000000000000000 0 0 1
[29] .shstrtab STRTAB 0000000000000000 001ad2f2
000000000000010b 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
$
Note the pydata section!
You can use archive_viewer.py to view the archives in main:
$ python archive_viewer.py main
pos, length, uncompressed, iscompressed, type, name
[(0, 215, 285, 1, 'm', 'struct'),
(215, 1059, 1792, 1, 'm', 'pyimod01_os_path'),
(1274, 4080, 8938, 1, 'm', 'pyimod02_archive'),
(5354, 5518, 13005, 1, 'm', 'pyimod03_importers'),
(10872, 1825, 4051, 1, 's', 'pyiboot01_bootstrap'),
(12697, 1161, 2135, 1, 's', 'pyi_rth_multiprocessing'),
(13858, 125, 143, 1, 's', 'main'),
(13983, 1701919, 1701919, 0, 'z', 'PYZ-00.pyz')]
? x main
to filename? main.x
? q
$ xxd main.x
00000000: e300 0000 0000 0000 0000 0000 0000 0000 ................
00000010: 0003 0000 0040 0000 0073 1600 0000 6500 .....#...s....e.
00000020: 6400 8301 5a01 6502 6401 6501 8302 0100 d...Z.e.d.e.....
00000030: 6402 5300 2903 7a13 5768 6174 2069 7320 d.S.).z.What is
00000040: 796f 7572 206e 616d 653f 0ada 0248 694e your name?...HiN
00000050: 2903 da05 696e 7075 74da 0369 6e70 da05 )...input..inp..
00000060: 7072 696e 74a9 0072 0500 0000 7205 0000 print..r....r...
00000070: 007a 076d 6169 6e2e 7079 da08 3c6d 6f64 .z.main.py..<mod
00000080: 756c 653e 0100 0000 7302 0000 0008 01 ule>....s......
$
As you can see from the above output the string you are looking for is stored in a compressed archive called main which in turn is part of the main executable build by pyinstaller.
I am trying to execute basic C code of calculating factorial in WebAssembly and when I am loading WASM file in Google Chrome ( 57.0.2987.98) I am getting
CompileError: WebAssembly.compile():
Wasm decoding failedResult = expected magic word 00 61 73 6d,
found 30 30 36 31 #+0`
C Code :
double fact(int i) {
long long n = 1;
for (;i > 0; i--) {
n *= i;
}
return (double)n;
}
WAST :
(module
(table 0 anyfunc)
(memory $0 1)
(export "memory" (memory $0))
(export "_Z4facti" (func $_Z4facti))
(func $_Z4facti (param $0 i32) (result f64)
(local $1 i64)
(local $2 i64)
(block $label$0
(br_if $label$0
(i32.lt_s
(get_local $0)
(i32.const 1)
)
)
(set_local $1
(i64.add
(i64.extend_s/i32
(get_local $0)
)
(i64.const 1)
)
)
(set_local $2
(i64.const 1)
)
(loop $label$1
(set_local $2
(i64.mul
(get_local $2)
(tee_local $1
(i64.add
(get_local $1)
(i64.const -1)
)
)
)
)
(br_if $label$1
(i64.gt_s
(get_local $1)
(i64.const 1)
)
)
)
(return
(f64.convert_s/i64
(get_local $2)
)
)
)
(f64.const 1)
)
)
WASM Compiled Code :
0061 736d 0100 0000 0186 8080 8000 0160
017f 017c 0382 8080 8000 0100 0484 8080
8000 0170 0000 0583 8080 8000 0100 0106
8180 8080 0000 0795 8080 8000 0206 6d65
6d6f 7279 0200 085f 5a34 6661 6374 6900
000a c380 8080 0001 bd80 8080 0001 027e
0240 2000 4101 480d 0020 00ac 4201 7c21
0142 0121 0203 4020 0220 0142 7f7c 2201
7e21 0220 0142 0155 0d00 0b20 02b9 0f0b
4400 0000 0000 00f0 3f0b
`
Code executed in Chrome :
async function load(){
let binary = await fetch('https://flinkhub.com/t.wasm');
let bytes = await binary.arrayBuffer();
console.log(bytes);
let module = await WebAssembly.compile(bytes);
let instance = await WebAssembly.Instance(module);
}
load().then(instance => console.log(instance.exports.fact(3)));
Can anyone help me out, I have been stuck on this for a whole day and not able to understand what is going wrong.
I used WebAssembly Explorer to to get the WAST and WASM code.
Using the WebAssembly Explorer's download capability you reference, I get the following file (as seen with hexdump):
0000000 00 61 73 6d 01 00 00 00 01 86 80 80 80 00 01 60
0000010 01 7f 01 7c 03 82 80 80 80 00 01 00 04 84 80 80
0000020 80 00 01 70 00 00 05 83 80 80 80 00 01 00 01 06
0000030 81 80 80 80 00 00 07 95 80 80 80 00 02 06 6d 65
0000040 6d 6f 72 79 02 00 08 5f 5a 34 66 61 63 74 69 00
0000050 00 0a c3 80 80 80 00 01 bd 80 80 80 00 01 02 7e
0000060 02 40 20 00 41 01 48 0d 00 20 00 ac 42 01 7c 21
0000070 01 42 01 21 02 03 40 20 02 20 01 42 7f 7c 22 01
0000080 7e 21 02 20 01 42 01 55 0d 00 0b 20 02 b9 0f 0b
0000090 44 00 00 00 00 00 00 f0 3f 0b
000009a
That's a valid .wasm binary which starts with the magic 00 61 73 6d a.k.a. \0asm. According to the error message you get, your file starts with 30 30 36 31 which isn't valid.
Double-check the .wasm file you have.
Decoding 30 30 36 31 as ASCII gives 0061 which seems to be your problem: you're loading the textual version of your hex file. Sure enough, the URL you provide (https://flinkhub.com/t.wasm) contains the following content as-is (I didn't hexdump it! It's ASCII):
0061 736d 0100 0000 0186 8080 8000 0160
017f 017c 0382 8080 8000 0100 0484 8080
8000 0170 0000 0583 8080 8000 0100 0106
8180 8080 0000 0795 8080 8000 0206 6d65
6d6f 7279 0200 085f 5a34 6661 6374 6900
000a c380 8080 0001 bd80 8080 0001 027e
0240 2000 4101 480d 0020 00ac 4201 7c21
0142 0121 0203 4020 0220 0142 7f7c 2201
7e21 0220 0142 0155 0d00 0b20 02b9 0f0b
4400 0000 0000 00f0 3f0b
I'm guessing you overwrote the file saved from the Explorer.
I solved this by setting GOARCH and GOOS environment variable correctly in zsh shell of mac before generating wasm object. Looks like go compiler does not recognize both these variables unless you explosively export them as a global variable in the parent shell. I simply exported both variables and run the compiler.
% export GOARCH=wasm
% export GOOS=js
% go build -o hello.wasm hello.go
I am not sure about your system, but I am using react and esbuild.wasm where while running the below code I was getting error.
const service = await esbuild.startService({
worker: true,
wasmURL: "/esbuild.wasm/esbuild.wasm"
})
esbuild.wasm is in my public folder along with node_module.
So I corrected the url which is wasmURL: "https://unpkg.com/esbuild-wasm#0.8.27/esbuild.wasm" and now it is working.
30 30 36 31 is the hex dump of the string "0061" which is the start of the hex dump of your wasm binary. Did you somehow fetch the textual hexdump instead of the actual binary?
In general, this error means that instead of the binary .wasm file your browser received something else. That can be a error page generated by the web server or the same .wasm but corrupted somehow. I recommend to open your browser Developer Tools, go to Network tab, Refresh the page and look at the .wasm resource request and response.
abort MySQLdb.
I know many process not use same connect, Because this will be a problem .
BUT, run the under code , mysql request is block , then many process start to query sql at the same time , the sql is "select sleep(10)" , They are one by one.
I not found code abort lock/mutux in MySQLdb/mysql.c , Why there is no problem ? I think there will be problems with same connection fd in general . But pass my test, only block io, problems not arise . Where is the lock ?
import time
import multiprocessing
import MySQLdb
db = MySQLdb.connect("127.0.0.1","root","123123","rui" )
def func(*args):
while 1:
cursor = db.cursor()
cursor.execute("select sleep(10)")
data = cursor.fetchall()
print len(data)
cursor.close()
print time.time()
time.sleep(0.1)
if __name__ == "__main__":
task = []
for i in range(20):
p = multiprocessing.Process(target = func, args = (i,))
p.start()
task.append(p)
for i in task:
i.join()
result log, we found each request interval is ten seconds.
1
1464325514.82
1
1464325524.83
1
1464325534.83
1
1464325544.83
1
1464325554.83
1
1464325564.83
1
1464325574.83
1
1464325584.83
1
1464325594.83
1
1464325604.83
1
1464325614.83
1
1464325624.83
tcpdump log:
we found each request interval is ten seconds two.
13:07:04.827304 IP localhost.44281 > localhost.mysql: Flags [.], ack 525510411, win 513, options [nop,nop,TS val 2590846552 ecr 2590846552], length 0
0x0000: 4508 0034 23ad 4000 4006 190d 7f00 0001 E..4#.#.#.......
0x0010: 7f00 0001 acf9 0cea fc09 7cf9 1f52 a70b ..........|..R..
0x0020: 8010 0201 ebe9 0000 0101 080a 9a6d 2e58 .............m.X
0x0030: 9a6d 2e58 .m.X
13:07:04.928106 IP localhost.44281 > localhost.mysql: Flags [P.], seq 0:21, ack 1, win 513, options [nop,nop,TS val 2590846653 ecr 2590846552], length 21
0x0000: 4508 0049 23ae 4000 4006 18f7 7f00 0001 E..I#.#.#.......
0x0010: 7f00 0001 acf9 0cea fc09 7cf9 1f52 a70b ..........|..R..
0x0020: 8018 0201 fe3d 0000 0101 080a 9a6d 2ebd .....=.......m..
0x0030: 9a6d 2e58 1100 0000 0373 656c 6563 7420 .m.X.....select.
0x0040: 736c 6565 7028 3130 29 sleep(10)
13:07:14.827526 IP localhost.44281 > localhost.mysql: Flags [.], ack 65, win 513, options [nop,nop,TS val 2590856553 ecr 2590856552], length 0
0x0000: 4508 0034 23af 4000 4006 190b 7f00 0001 E..4#.#.#.......
0x0010: 7f00 0001 acf9 0cea fc09 7d0e 1f52 a74b ..........}..R.K
0x0020: 8010 0201 9d73 0000 0101 080a 9a6d 5569 .....s.......mUi
0x0030: 9a6d 5568 .mUh
13:07:14.927960 IP localhost.44281 > localhost.mysql: Flags [P.], seq 21:42, ack 65, win 513, options [nop,nop,TS val 2590856653 ecr 2590856552], length 21
0x0000: 4508 0049 23b0 4000 4006 18f5 7f00 0001 E..I#.#.#.......
0x0010: 7f00 0001 acf9 0cea fc09 7d0e 1f52 a74b ..........}..R.K
0x0020: 8018 0201 fe3d 0000 0101 080a 9a6d 55cd .....=.......mU.
0x0030: 9a6d 5568 1100 0000 0373 656c 6563 7420 .mUh.....select.
0x0040: 736c 6565 7028 3130 29 sleep(10)
```
```
end.
It works contingency.
MySQL is request-rensponse protocol.
When two process sends query, it isn't mixed unless the query is large.
MySQL server (1) receive one query, (2) send response of (1), (3) receive next query, (4) send response of (3).
When first response was send from MySQL server, one of two processes receives it. Since response is small enough, it is received by atomic.
And next response is received by another process.
Try sending "SELECT 1+2" from one process and "SELECT 1+3" from another process. "1+2" may be 4 by chance and "SELECT 1+3" may be 3 by chance.
i am running tcpdump on my server to capture the traffic between my server (ServerA) and a remote server (ServerB). I do not know how to properly read output from tcpdump. Could someone point out if ServerB is acknowledging that the packets being sent from ServerA are actually being received by ServerB? Here is the tcpdump log:
2015-03-31 11:32:18.038284 IP (tos 0x0, ttl 64, id 30781, offset 0, flags [DF], proto TCP (6), length 60)
ServerA.14033 > ServerB.8004: Flags [S], cksum 0x02bd (correct), seq 337482636, win 14600, options [mss 1460,nop,nop,TS val 506588081 ecr 0,nop,wscale 7], length 0
0x0000: 4500 003c 783d 4000 4006 bae4 0a04 7a0e E.. ServerA.14033: Flags [S.], cksum 0x3b2a (correct), seq 1742982091, ack 337482637, win 4140, options [mss 1380,nop,wscale 0], length 0
0x0000: 4500 0030 5ff2 0000 f606 5d3b cefd b48a E..0_.....];....
0x0010: 0a04 7a0e 1f44 36d1 67e3 cbcb 141d 938d ..z..D6.g.......
0x0020: 7012 102c 3b2a 0000 0204 0564 0103 0300 p..,;*.....d....
2015-03-31 11:32:18.078622 IP (tos 0x0, ttl 64, id 30782, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x7657 (correct), seq 337482637, ack 1742982092, win 115, length 0
0x0000: 4500 0028 783e 4000 4006 baf7 0a04 7a0e E..(x>#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 938d 67e3 cbcc ....6..D....g...
0x0020: 5010 0073 7657 0000 P..svW..
2015-03-31 11:32:18.093197 IP (tos 0x0, ttl 64, id 30783, offset 0, flags [DF], proto TCP (6), length 208)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x085d (incorrect -> 0x43ad), seq 337482637:337482805, ack 1742982092, win 115, length 168
0x0000: 4500 00d0 783f 4000 4006 ba4e 0a04 7a0e E...x?#.#..N..z.
0x0010: cefd b48a 36d1 1f44 141d 938d 67e3 cbcc ....6..D....g...
0x0020: 5018 0073 085d 0000 1603 0100 a301 0000 P..s.]..........
0x0030: 9f03 0155 1abe 0244 8cef bc2f fbaf 01ba ...U...D.../....
0x0040: d77a de09 8698 1584 9755 7a91 e895 0636 .z.......Uz....6
0x0050: 5d53 bd00 0038 c00a c014 0035 c005 c00f ]S...8.....5....
0x0060: 0039 0038 c009 c013 002f c004 c00e 0033 .9.8...../.....3
0x0070: 0032 c007 c011 0005 c002 c00c c008 c012 .2..............
0x0080: 000a c003 c00d 0016 0013 0004 00ff 0100 ................
0x0090: 003e 000a 0034 0032 0017 0001 0003 0013 .>...4.2........
0x00a0: 0015 0006 0007 0009 000a 0018 000b 000c ................
0x00b0: 0019 000d 000e 000f 0010 0011 0002 0012 ................
0x00c0: 0004 0005 0014 0008 0016 000b 0002 0100 ................
....
...Cert Exchange
....
2015-03-31 11:32:18.152983 IP (tos 0x0, ttl 247, id 24608, offset 0, flags [none], proto TCP (6), length 225)
ServerB.8004 > ServerA.14033: Flags [P.], cksum 0x71b6 (correct), seq 1742986232:1742986417, ack 337482805, win 4308, length 185
0x0000: 4500 00e1 6020 0000 f706 5b5c cefd b48a E...`.....[\....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dbf8 141d 9435 ..z..D6.g......5
0x0020: 5018 10d4 71b6 0000 0105 0507 0303 0609 P...q...........
0x0030: 6086 4801 86f8 4204 0106 0a60 8648 0186 `.H...B....`.H..
0x0040: f845 0108 0130 0d06 092a 8648 86f7 0d01 .E...0...*.H....
0x0050: 0105 0500 0381 8100 1302 ddf8 e886 00f2 ................
0x0060: 5af8 f820 0c59 8862 07ce cef7 4ef9 bb59 Z....Y.b....N..Y
0x0070: a198 e5e1 38dd 4ebc 6618 d3ad eb18 f20d ....8.N.f.......
0x0080: c96d 3e4a 9420 c33c babd 6554 c6af 44b3 .m>J.........c..^.
0x00a0: e52a 67ce cd33 0c2a d789 5603 231f b3be .*g..3.*..V.#...
0x00b0: e83a 0859 b4ec 4535 f78a 5bff 66cf 50af .:.Y..E5..[.f.P.
0x00c0: c66d 578d 1978 b7b9 a2d1 57ea 1f9a 4baf .mW..x....W...K.
0x00d0: bac9 8e12 7ec6 bdff 1603 0100 040e 0000 ....~...........
0x00e0: 00 .
2015-03-31 11:32:18.152999 IP (tos 0x0, ttl 64, id 30787, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x6470 (correct), seq 337482805, ack 1742986417, win 205, length 0
0x0000: 4500 0028 7843 4000 4006 baf2 0a04 7a0e E..(xC#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9435 67e3 dcb1 ....6..D...5g...
0x0020: 5010 00cd 6470 0000 P...dp..
2015-03-31 11:32:18.166971 IP (tos 0x0, ttl 64, id 30788, offset 0, flags [DF], proto TCP (6), length 307)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x08c0 (incorrect -> 0xf8ac), seq 337482805:337483072, ack 1742986417, win 205, length 267
0x0000: 4500 0133 7844 4000 4006 b9e6 0a04 7a0e E..3xD#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9435 67e3 dcb1 ....6..D...5g...
0x0020: 5018 00cd 08c0 0000 1603 0101 0610 0001 P...............
0x0030: 0201 0086 f933 32c1 9576 1c51 5f32 c8b2 .....32..v.Q_2..
0x0040: 7b59 5d79 3fd1 45c4 43c7 2231 1336 ff4b {Y]y?.E.C."1.6.K
0x0050: 3cb9 2851 88dd 377a 3bfc b7cf 7e8c 0c2c w..nK_...T.
0x00c0: f7b0 587c 73ca 1cd5 f292 304b 8eb1 2151 ..X|s.....0K..!Q
0x00d0: ac45 ad62 4328 9ed0 dd74 6767 d5ea 986e .E.bC(...tgg...n
0x00e0: d14c def4 bcd2 ff1f a9e3 c047 acfe 0aee .L.........G....
0x00f0: 2652 4e89 cf1c f700 6da5 1827 213a 4b1b &RN.....m..'!:K.
0x0100: d447 a3fd 35d1 8282 743a 17a2 b27f c66a .G..5...t:.....j
0x0110: 7fd1 db43 facb 6d89 614c 4f0d 7fb6 d985 ...C..m.aLO.....
0x0120: 6ee1 b1c7 50ad 0dfe b218 dc21 9973 8894 n...P......!.s..
0x0130: c0f0 42 ..B
2015-03-31 11:32:18.167830 IP (tos 0x0, ttl 64, id 30789, offset 0, flags [DF], proto TCP (6), length 46)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x07bb (incorrect -> 0x4d53), seq 337483072:337483078, ack 1742986417, win 205, length 6
0x0000: 4500 002e 7845 4000 4006 baea 0a04 7a0e E...xE#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9540 67e3 dcb1 ....6..D...#g...
0x0020: 5018 00cd 07bb 0000 1403 0100 0101 P.............
2015-03-31 11:32:18.168755 IP (tos 0x0, ttl 64, id 30790, offset 0, flags [DF], proto TCP (6), length 81)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x07de (incorrect -> 0xf231), seq 337483078:337483119, ack 1742986417, win 205, length 41
0x0000: 4500 0051 7846 4000 4006 bac6 0a04 7a0e E..QxF#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9546 67e3 dcb1 ....6..D...Fg...
0x0020: 5018 00cd 07de 0000 1603 0100 24c4 5c80 P...........$.\.
0x0030: 8efa bc61 ecd8 bc27 0578 b2b9 36c2 4bad ...a...'.x..6.K.
0x0040: 9419 9bab 4c62 2259 84bf 1b60 f8e8 772c ....Lb"Y...`..w,
0x0050: fb .
2015-03-31 11:32:18.196123 IP (tos 0x0, ttl 247, id 24624, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x5247 (correct), seq 1742986417, ack 337483078, win 4581, length 0
0x0000: 4500 0028 6030 0000 f706 5c05 cefd b48a E..(`0....\.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dcb1 141d 9546 ..z..D6.g......F
0x0020: 5010 11e5 5247 0000 0000 0000 0000 P...RG........
2015-03-31 11:32:18.197205 IP (tos 0x0, ttl 247, id 24628, offset 0, flags [none], proto TCP (6), length 87)
ServerB.8004 > ServerA.14033: Flags [P.], cksum 0xc1b9 (correct), seq 1742986417:1742986464, ack 337483119, win 4622, length 47
0x0000: 4500 0057 6034 0000 f706 5bd2 cefd b48a E..W`4....[.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dcb1 141d 956f ..z..D6.g......o
0x0020: 5018 120e c1b9 0000 1403 0100 0101 1603 P...............
0x0030: 0100 24df dca5 f8a1 8b4f 71de 93db 5d12 ..$......Oq...].
0x0040: 9c44 cdd9 555b bb7b 76d5 6b22 30af b533 .D..U[.{v.k"0..3
0x0050: 8522 b2f0 eed6 11 .".....
2015-03-31 11:32:18.236557 IP (tos 0x0, ttl 64, id 30791, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x6307 (correct), seq 337483119, ack 1742986464, win 205, length 0
0x0000: 4500 0028 7847 4000 4006 baee 0a04 7a0e E..(xG#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 956f 67e3 dce0 ....6..D...og...
0x0020: 5010 00cd 6307 0000 P...c...
2015-03-31 11:32:28.200453 IP (tos 0x0, ttl 64, id 30792, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0x3a9c), seq 337483119:337483628, ack 1742986464, win 205, length 509
0x0000: 4500 0225 7848 4000 4006 b8f0 0a04 7a0e E..%xH#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 956f 67e3 dce0 ....6..D...og...
0x0020: 5018 00cd 09b2 0000 1703 0101 f8d4 7621 P.............v!
0x0030: 6c4f 7bf9 8de8 2ec8 048f fc38 37ee aa2a lO{........87..*
0x0040: ffe0 7052 95e1 3df8 a1fa 36c5 d1f2 bee9 ..pR..=...6.....
0x0050: 5b6f f4ab a895 5caf c024 2150 f52a dede [o....\..$!P.*..
0x0060: 4042 22bd a443 1d38 c85a 0c12 0cbc 2f07 #B"..C.8.Z..../.
0x0070: 7bf4 2cd4 f1f9 bacd 17d9 d456 f4be 47f1 {.,........V..G.
0x0080: 99c2 2f01 705f 2c8f 5b6c c4d9 041e 85b8 ../.p_,.[l......
0x0090: 7a44 6bde 499f b86b 8c46 d55a 5571 6026 zDk.I..k.F.ZUq`&
0x00a0: 6601 e57d b91b a45d e1c0 50c6 faaa 5eeb f..}...]..P...^.
0x00b0: afd7 4b72 3241 eb78 02a8 8787 35c7 214c ..Kr2A.x....5.!L
0x00c0: 9035 1741 dde5 3b40 3471 1627 575a 8235 .5.A..;#4q.'WZ.5
0x00d0: d256 2104 13c3 cdce cb9b abe2 4099 6e23 .V!.........#.n#
0x00e0: 6548 a2f8 6b89 78f2 c02f 6576 6f8b d96a eH..k.x../evo..j
0x00f0: 2e82 bfb8 b5eb 3319 6fdb 6acd 45d5 bf32 ......3.o.j.E..2
0x0100: b212 e525 e366 7483 35c9 a1a5 aadd b394 ...%.ft.5.......
0x0110: 7aa5 5b60 fb7a ab4d 77ef d883 c117 0bdf z.[`.z.Mw.......
0x0120: 58b7 8778 a85f c5e1 b197 61e7 fdc5 e877 X..x._....a....w
0x0130: b66c 1e7e 32be 4c86 266a 225f 5e9a ec30 .l.~2.L.&j"_^..0
0x0140: be10 5d58 0787 a207 7d69 0aec bea2 4328 ..]X....}i....C(
0x0150: 2402 ab9d 52b3 0b0d a65b 3002 4ca6 dbec $...R....[0.L...
0x0160: b03a abe0 1164 254f 70b3 0515 f42a c54a .:...d%Op....*.J
0x0170: 9f26 1264 b6af 042b 27ef 74a9 73a1 930b .&.d...+'.t.s...
0x0180: 7083 5780 1c9d 54b4 dec5 2794 0e7c 1c92 p.W...T...'..|..
0x0190: 84ff a204 252a f85c 3c99 8e72 92a2 6645 ....%*.\ ServerA.14033: Flags [.], cksum 0x4dcc (correct), seq 1742986464, ack 337483628, win 5131, length 0
0x0000: 4500 0028 7803 0000 f706 4432 cefd b48a E..(x.....D2....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 976c ..z..D6.g......l
0x0020: 5010 140b 4dcc 0000 0000 0000 0000 P...M.........
2015-03-31 11:32:28.352967 IP (tos 0x0, ttl 64, id 30793, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0x6c1d), seq 337483628:337484137, ack 1742986464, win 205, length 509
0x0000: 4500 0225 7849 4000 4006 b8ef 0a04 7a0e E..%xI#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 976c 67e3 dce0 ....6..D...lg...
0x0020: 5018 00cd 09b2 0000 1703 0101 f8a8 aec5 P...............
0x0030: 12bd 0d07 0766 9ae0 d9b4 ef64 21b5 51c4 .....f.....d!.Q.
0x0040: a9e1 2f5d c678 addc 7f3b 51c8 395e 2d18 ../].x...;Q.9^-.
0x0050: 782b 51ed 9fce cfb6 9221 d96f 6c1a de16 x+Q......!.ol...
0x0060: 2ad2 ef52 d984 c8a8 13c5 746d 99bc b4ed *..R......tm....
0x0070: c258 327e 0758 c5f6 6476 422c 3794 972d .X2~.X..dvB,7..-
0x0080: b018 e6e1 fa97 2b87 a8d4 d515 9799 ac35 ......+........5
0x0090: d5ae 878b b356 7b8d 4029 ec82 cc7b 408d .....V{.#)...{#.
0x00a0: 259a 9516 9104 91c9 1bd4 6957 2e31 a6a4 %.........iW.1..
0x00b0: 0232 1820 9424 f141 ef6a 13eb 3389 b012 .2...$.A.j..3...
0x00c0: 5643 d35e dd9f 0b62 296f e946 0efa 53de VC.^...b)o.F..S.
0x00d0: 20a2 fdcf cc38 55d1 57f8 f8f5 a76e 74d1 .....8U.W....nt.
0x00e0: 507a 7fc4 d09f 5882 4965 b222 6c3b 3c9e Pz....X.Ie."l;....H
0x01e0: eb32 a4aa 7036 3824 8e6b ca66 8e48 13fe .2..p68$.k.f.H..
0x01f0: 75e3 1ff2 a39c 3c20 bf6f 174f cb9b 6c02 u..... ServerA.14033: Flags [.], cksum 0x49d2 (correct), seq 1742986464, ack 337484137, win 5640, length 0
0x0000: 4500 0028 784a 0000 f706 43eb cefd b48a E..(xJ....C.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 9969 ..z..D6.g......i
0x0020: 5010 1608 49d2 0000 0000 0000 0000 P...I.........
2015-03-31 11:32:28.505265 IP (tos 0x0, ttl 64, id 30794, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0x2232), seq 337484137:337484646, ack 1742986464, win 205, length 509
0x0000: 4500 0225 784a 4000 4006 b8ee 0a04 7a0e E..%xJ#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9969 67e3 dce0 ....6..D...ig...
0x0020: 5018 00cd 09b2 0000 1703 0101 f84f 08ba P............O..
0x0030: f2eb 392d 0788 0e12 1914 8d29 db0b 61e4 ..9-.......)..a.
0x0040: 11c4 3e4d 0433 4eb5 758b 42ad 0581 d6b7 ..>M.3N.u.B.....
0x0050: a9ac 47e0 c858 5fbc 81b9 3991 8446 4b7d ..G..X_...9..FK}
0x0060: 3516 e09d 0202 ad55 67e6 d1da 6482 9e11 5......Ug...d...
0x0070: 1231 d4d4 bd77 264a 2117 549a fa15 9849 .1...w&J!.T....I
0x0080: 5019 1519 a62c 9e96 8623 c6d4 c669 ca4c P....,...#...i.L
0x0090: 1cdd c19c f8a9 95e6 4665 162e df93 e540 ........Fe.....#
0x00a0: 0fb7 955f b277 26b9 8723 adef d4de 9877 ..._.w&..#.....w
0x00b0: f96d 1e35 736a b821 d46d 549f adcd 6672 .m.5sj.!.mT...fr
0x00c0: 4986 d7a5 3339 64ba b88c fd16 88c8 3ac8 I...39d.......:.
0x00d0: 83b0 e533 0ff8 cbb1 7c45 680b 06ed 9c47 ...3....|Eh....G
0x00e0: 1f9d 3837 aedb da12 670c bf51 22d8 f48f ..87....g..Q"...
0x00f0: bf40 f88e d4ed 4a0b 1d36 4eb9 ace9 c007 .#....J..6N.....
0x0100: 4f2d 9647 aec1 3b5c 1bf9 22a5 86a7 9d92 O-.G..;\..".....
0x0110: b44b 077e 3e84 03f8 97ce f07f f535 2e13 .K.~>........5..
0x0120: 9dd1 914a 2c61 599f 4ed5 e492 b3d4 5f0f ...J,aY.N....._.
0x0130: 6c61 235c a38b 5b2b 753d b328 22a8 8f8b la#\..[+u=.("...
0x0140: cc1e 75a1 67b4 84f4 fa2e b235 5ee6 a845 ..u.g......5^..E
0x0150: 0754 9599 7f46 f761 77d7 6328 e0cc fe1a .T...F.aw.c(....
0x0160: 5775 e892 e68d 003f d2c4 2c8c 8c65 5395 Wu.....?..,..eS.
0x0170: 16ac 91e3 f18c 7117 dfb6 c216 9cad acde ......q.........
0x0180: 3594 5ea7 9401 50c8 f8b7 eb7c 3e11 ddbf 5.^...P....|>...
0x0190: eaef 20ad 3030 2865 2963 c837 6edc 3580 ....00(e)c.7n.5.
0x01a0: b79c b88b f34c df62 47c0 cfaf d328 8090 .....L.bG....(..
0x01b0: 1f90 7f15 a38e c5ea 1faa 2e53 0b29 5840 ...........S.)X#
0x01c0: 5b1e b5fb a7cb 8417 e62e 13ac b212 dc85 [...............
0x01d0: 2fb9 4708 0b72 ac9d 22bc 7c50 db62 0296 /.G..r..".|P.b..
0x01e0: 92f3 ad3e 279c e76b 2b1e 752b ac2b 100c ...>'..k+.u+.+..
0x01f0: 9290 09c7 1cd6 ba11 1e5c 13d3 b0c0 9d76 .........\.....v
0x0200: a6ab 0df5 10b3 7059 e74b 960d bc34 0371 ......pY.K...4.q
0x0210: 9715 4fcd f194 8fd7 28a2 feed faee 2f63 ..O.....(...../c
0x0220: a708 e77d 35 ...}5
2015-03-31 11:32:28.633819 IP (tos 0x0, ttl 247, id 30844, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x45d8 (correct), seq 1742986464, ack 337484646, win 6149, length 0
0x0000: 4500 0028 787c 0000 f706 43b9 cefd b48a E..(x|....C.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 9b66 ..z..D6.g......f
0x0020: 5010 1805 45d8 0000 0000 0000 0000 P...E.........
2015-03-31 11:32:28.656994 IP (tos 0x0, ttl 64, id 30795, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0xfbfb), seq 337484646:337485155, ack 1742986464, win 205, length 509
0x0000: 4500 0225 784b 4000 4006 b8ed 0a04 7a0e E..%xK#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9b66 67e3 dce0 ....6..D...fg...
0x0020: 5018 00cd 09b2 0000 1703 0101 f8b8 e319 P...............
0x0030: c5b4 1996 a85d 2940 86ce 5908 c91e f700 .....])#..Y.....
0x0040: 9f7a 9c04 920b bcd3 c4e8 d15d 1842 c5c5 .z.........].B..
0x0050: 27fd e7a9 81f2 9894 d746 a850 6c82 a3eb '........F.Pl...
0x0060: f372 cd30 9998 612e e54a 81b7 f044 85cb .r.0..a..J...D..
0x0070: dff8 7554 4fdf d253 cb23 c538 0ff4 e08b ..uTO..S.#.8....
0x0080: 60a5 bdaf 60c1 0c19 6c25 baa8 c4bd f0f3 `...`...l%......
0x0090: fb46 9d7e 58c1 87d8 8cdc 6e01 155e fec5 .F.~X.....n..^..
0x00a0: a03f 97c2 3455 5fb7 1b4d 6ad1 7234 7f18 .?..4U_..Mj.r4..
0x00b0: c9a9 8b3d f5f2 f4cf 5f03 8bd6 6259 8dc8 ...=...._...bY..
0x00c0: 23c6 9dab f6eb 3ade cb9d 9b21 2cb7 b21d #.....:....!,...
0x00d0: 0cdb 4b18 e192 9390 94c2 98dd 6ef4 43ad ..K.........n.C.
0x00e0: 7512 2996 af87 e106 ed1e b12b 31d0 8bbf u.)........+1...
0x00f0: f6b1 8b09 e636 6ae8 f9e9 1bf0 aea9 c8da .....6j.........
0x0100: c49b b54e 28d2 dc16 431e fd8d cb34 be14 ...N(...C....4..
0x0110: 88fc cc7b 2f6f 4bac 2d02 124b 5be2 c1a2 ...{/oK.-..K[...
0x0120: 64ed 4b18 361a c883 5982 a624 d13f b3e6 d.K.6...Y..$.?..
0x0130: 7161 cddf 99e6 9f80 f061 2df2 30cc e410 qa.......a-.0...
0x0140: eb45 319d 34c7 26a0 2d3b e636 230e b0d1 .E1.4.&.-;.6#...
0x0150: c0e6 a6e6 8279 9a13 7def 28be 2e27 2915 .....y..}.(..').
0x0160: 8e02 b350 cd67 c41d e9fb f880 5a34 de1a ...P.g......Z4..
0x0170: b621 8017 68d9 6eca 54bb acc6 85ec a7d5 .!..h.n.T.......
0x0180: 4a2e 637b 4d4a 8e76 193d 0478 8bbf d283 J.c{MJ.v.=.x....
0x0190: 2f5a 43c1 4df8 3ef7 3143 8406 4a1a fc91 /ZC.M.>.1C..J...
0x01a0: ec98 65b6 a607 b49a d13b 0923 41f2 58b6 ..e......;.#A.X.
0x01b0: 410c 2670 5e1b 8d2a 4c2f 3e07 01d6 dd8c A.&p^..*L/>.....
0x01c0: d46c 22a3 e4d2 863a 50fb f134 3602 9b44 .l"....:P..46..D
0x01d0: f881 802d 0402 0a77 fe2e 7e51 90e8 7783 ...-...w..~Q..w.
0x01e0: 083c e00a b2e2 71d2 69c9 60d6 4598 6606 ..;,
0x0220: adaf 85c3 9a .....
2015-03-31 11:32:28.787452 IP (tos 0x0, ttl 246, id 30877, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x41de (correct), seq 1742986464, ack 337485155, win 6658, length 0
0x0000: 4500 0028 789d 0000 f606 4498 cefd b48a E..(x.....D.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 9d63 ..z..D6.g......c
0x0020: 5010 1a02 41de 0000 0000 0000 0000 P...A.........
...
...
2015-03-31 11:32:30.442259 IP (tos 0x0, ttl 64, id 30806, offset 0, flags [DF], proto TCP (6), length 76)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x07d9 (incorrect -> 0x05c7), seq 337490003:337490039, ack 1742986464, win 205, length 36
0x0000: 4500 004c 7856 4000 4006 babb 0a04 7a0e E..LxV#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d b053 67e3 dce0 ....6..D...Sg...
0x0020: 5018 00cd 07d9 0000 1703 0100 1f19 7220 P.............r.
0x0030: 2042 f717 9a51 08ca d19b c82b 18bd 28db .B...Q.....+..(.
0x0040: 8d53 b59f afe6 a382 fd47 6f79 .S.......Goy
2015-03-31 11:32:30.442690 IP (tos 0x0, ttl 64, id 30807, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [F.], cksum 0x47fe (correct), seq 337490039, ack 1742986464, win 205, length 0
0x0000: 4500 0028 7857 4000 4006 bade 0a04 7a0e E..(xW#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d b077 67e3 dce0 ....6..D...wg...
0x0020: 5011 00cd 47fe 0000 P...G...
2015-03-31 11:32:30.471398 IP (tos 0x0, ttl 247, id 31726, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x1bb5 (correct), seq 1742986464, ack 337490040, win 11542, length 0
0x0000: 4500 0028 7bee 0000 f706 4047 cefd b48a E..({.....#G....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d b078 ..z..D6.g......x
0x0020: 5010 2d16 1bb5 0000 0000 0000 0000 P.-...........
2015-03-31 11:32:30.594848 IP (tos 0x0, ttl 246, id 31815, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [F.], cksum 0x1bb4 (correct), seq 1742986464, ack 337490040, win 11542, length 0
0x0000: 4500 0028 7c47 0000 f606 40ee cefd b48a E..(|G....#.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d b078 ..z..D6.g......x
0x0020: 5011 2d16 1bb4 0000 0000 0000 0000 P.-...........
2015-03-31 11:32:30.594865 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x47fd (correct), seq 337490040, ack 1742986465, win 205, length 0
0x0000: 4500 0028 0000 4000 4006 3336 0a04 7a0e E..(..#.#.36..z.
0x0010: cefd b48a 36d1 1f44 141d b078 67e3 dce1 ....6..D...xg...
0x0020: 5010 00cd 47fd 0000 P...G...
Not sure this helps.. but try following this link..
https://unix.stackexchange.com/questions/29367/tcpdump-packets-captured-vs-packets-received-by-filter
or try using a sniffer tool
http://research.protocollabs.com/captcp/
Server B is acking at least some packets:
ServerB.8004 > ServerA.14033: ..., seq 1742986464, ack 337484646, ...
ServerB.8004 > ServerA.14033: ..., seq 1742986464, ack 337485155, ...
you can see the acked sequence number increasing.