[Note: MAC and IP addresses, hostnames, username/password have
been modified to conceal true session]
Frames 2 through 4 illustrate
TCP’s Three Way Handshake
Frame 2 (66 bytes on wire, 66 bytes captured)
Arrival Time: May 15, 2003
11:42:30.350489000
Time delta from previous packet:
0.467980000 seconds
Time relative to first packet: 0.467980000
seconds
Frame Number: 2
Packet Length: 66 bytes
Capture Length: 66 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x2df7 (11767)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb4a2 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212145, Ack: 0,
Len: 0
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212145
Header length: 32 bytes
Flags: 0x0002
(SYN)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 60352
Checksum: 0xac39 (correct)
Options: (12 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 2 (multiply by 4)
NOP
NOP
SACK permitted
Frame 3 (60 bytes on wire, 60 bytes captured)
Arrival Time: May 15, 2003
11:42:30.350732000
Time delta from previous packet:
0.000243000 seconds
Time relative to first packet: 0.468223000
seconds
Frame Number: 3
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src: 00:90:7e:05:0f:ce,
Dst: 00:a0:cc:33:da:ef
Destination: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Source: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Type: IP (0x0800)
Trailer: 0000
Internet Protocol, Src
Addr: 172.18.0.3 (172.18.0.3), Dst Addr: 172.18.0.2 (172.18.0.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0xfa34 (64052)
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x286d (correct)
Source: 172.18.0.3 (172.18.0.3)
Destination: 172.18.0.2 (172.18.0.2)
Transmission Control
Protocol, Src Port: 21 (21), Dst Port: 3436 (3436), Seq: 1038849425, Ack:
2877212146, Len: 0
Source port: 21 (21)
Destination port: 3436 (3436)
Sequence number: 1038849425
Acknowledgement number: 2877212146
Header length: 24 bytes
Flags: 0x0012
(SYN, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 16352
Checksum: 0xad9c (correct)
Options: (4 bytes)
Maximum segment size: 1460 bytes
Frame 4 (54 bytes on wire, 54 bytes captured)
Arrival Time: May 15, 2003
11:42:30.350828000
Time delta from previous packet:
0.000096000 seconds
Time relative to first packet: 0.468319000
seconds
Frame Number: 4
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x2df8 (11768)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb4ad (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212146, Ack:
1038849426, Len: 0
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212146
Acknowledgement number: 1038849426
Header length: 20 bytes
Flags: 0x0010
(ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x053a (correct)
Frame 10 through 19 illustrate
how the FTP server application
makes use of TCP’s PUSH operation to force prompts and client user input
Frame 10 (103 bytes on
wire, 103 bytes captured)
Arrival Time: May 15, 2003
11:42:30.431604000
Time delta from previous packet:
0.080776000 seconds
Time relative to first packet: 0.549095000
seconds
Frame Number: 10
Packet Length: 103 bytes
Capture Length: 103 bytes
Ethernet II, Src:
00:90:7e:05:0f:ce, Dst: 00:a0:cc:33:da:ef
Destination: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Source: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.3 (172.18.0.3), Dst Addr: 172.18.0.2 (172.18.0.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 89
Identification: 0xfa3a (64058)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xe839 (correct)
Source: 172.18.0.3 (172.18.0.3)
Destination: 172.18.0.2 (172.18.0.2)
Transmission Control
Protocol, Src Port: 21 (21), Dst Port: 3436 (3436), Seq: 1038849426, Ack:
2877212146, Len: 49
Source port: 21 (21)
Destination port: 3436 (3436)
Sequence number: 1038849426
Next sequence number: 1038849475
Acknowledgement number: 2877212146
Header length: 20 bytes
Flags: 0x0018
(PSH, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16352
Checksum: 0x0753 (correct)
File Transfer Protocol
(FTP)
Response code: Service ready for new user (220)
Response arg: server Microsoft FTP Service
(Version 5.0).
Frame 11 (54 bytes on
wire, 54 bytes captured)
Arrival Time: May 15, 2003
11:42:30.614728000
Time delta from previous packet:
0.183124000 seconds
Time relative to first packet: 0.732219000
seconds
Frame Number: 11
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x2dfe (11774)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb4a7 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212146, Ack:
1038849475, Len: 0
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212146
Acknowledgement number: 1038849475
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65486
Checksum: 0x053a (correct)
Frame 14 (67 bytes on
wire, 67 bytes captured)
Arrival Time: May 15, 2003
11:42:31.980191000
Time delta from previous packet:
1.365463000 seconds
Time relative to first packet: 2.097682000
seconds
Frame Number: 14
Packet Length: 67 bytes
Capture Length: 67 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 53
Identification: 0x2e01 (11777)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb497 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212146, Ack:
1038849475, Len: 13
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212146
Next sequence number: 2877212159
Acknowledgement number: 1038849475
Header length: 20 bytes
Flags: 0x0018
(PSH, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65486
Checksum: 0x0a1e (correct)
File Transfer Protocol
(FTP)
Request command: USER
Request arg: user12
Frame 15 (89 bytes on
wire, 89 bytes captured)
Arrival Time: May 15, 2003
11:42:31.980983000
Time delta from previous packet:
0.000792000 seconds
Time relative to first packet: 2.098474000
seconds
Frame Number: 15
Packet Length: 89 bytes
Capture Length: 89 bytes
Ethernet II, Src:
00:90:7e:05:0f:ce, Dst: 00:a0:cc:33:da:ef
Destination: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Source: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.3 (172.18.0.3), Dst Addr: 172.18.0.2 (172.18.0.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 75
Identification: 0xfa3d (64061)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xe844 (correct)
Source: 172.18.0.3 (172.18.0.3)
Destination: 172.18.0.2 (172.18.0.2)
Transmission Control
Protocol, Src Port: 21 (21), Dst Port: 3436 (3436), Seq: 1038849475, Ack:
2877212159, Len: 35
Source port: 21 (21)
Destination port: 3436 (3436)
Sequence number: 1038849475
Next sequence number: 1038849510
Acknowledgement number: 2877212159
Header length: 20 bytes
Flags: 0x0018
(PSH, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16339
Checksum: 0x7c5b (correct)
File Transfer Protocol
(FTP)
Response code: User name okay, need
password (331)
Response arg: Password required for
user12.
Frame 16 (54 bytes on
wire, 54 bytes captured)
Arrival Time: May 15, 2003
11:42:32.119492000
Time delta from previous packet:
0.138509000 seconds
Time relative to first packet: 2.236983000
seconds
Frame Number: 16
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x2e02 (11778)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb4a3 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212159, Ack: 1038849510,
Len: 0
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212159
Acknowledgement number: 1038849510
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65451
Checksum: 0x052d (correct)
Frame 17 (69 bytes on
wire, 69 bytes captured)
Arrival Time: May 15, 2003
11:42:33.747551000
Time delta from previous packet:
1.628059000 seconds
Time relative to first packet: 3.865042000
seconds
Frame Number: 17
Packet Length: 69 bytes
Capture Length: 69 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 55
Identification: 0x2e03 (11779)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb493 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control Protocol,
Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212159, Ack: 1038849510,
Len: 15
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212159
Next sequence number: 2877212174
Acknowledgement number: 1038849510
Header length: 20 bytes
Flags: 0x0018
(PSH, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65451
Checksum: 0x88bc (correct)
File Transfer Protocol
(FTP)
Request command: PASS
Request arg: x&1w@aaz
Frame 18 (79 bytes on
wire, 79 bytes captured)
Arrival Time: May 15, 2003
11:42:33.748679000
Time delta from previous packet:
0.001128000 seconds
Time relative to first packet: 3.866170000
seconds
Frame Number: 18
Packet Length: 79 bytes
Capture Length: 79 bytes
Ethernet II, Src:
00:90:7e:05:0f:ce, Dst: 00:a0:cc:33:da:ef
Destination: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Source: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.3 (172.18.0.3), Dst Addr: 172.18.0.2 (172.18.0.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 65
Identification: 0xfa40 (64064)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xe84b (correct)
Source: 172.18.0.3 (172.18.0.3)
Destination: 172.18.0.2 (172.18.0.2)
Transmission Control
Protocol, Src Port: 21 (21), Dst Port: 3436 (3436), Seq: 1038849510, Ack:
2877212174, Len: 25
Source port: 21 (21)
Destination port: 3436 (3436)
Sequence number: 1038849510
Next sequence number: 1038849535
Acknowledgement number: 2877212174
Header length: 20 bytes
Flags: 0x0018
(PSH, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16324
Checksum: 0xc74f (correct)
File Transfer Protocol
(FTP)
Response code: User logged in, proceed
(230)
Response arg: Welcome to Server.
\r\n
Frame 19 (54 bytes on
wire, 54 bytes captured)
Arrival Time: May 15, 2003
11:42:33.925289000
Time delta from previous packet:
0.176610000 seconds
Time relative to first packet: 4.042780000
seconds
Frame Number: 19
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x2e04 (11780)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb4a1 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212174, Ack:
1038849535, Len: 0
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212174
Acknowledgement number: 1038849535
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65426
Checksum: 0x051e (correct)
Frames 40 through 45 illustrate
TCP’s Three Way “good-bye” Handshake
for Graceful Close (follows the user concluding the FTP session with QUIT)
Frame 40 (60 bytes on
wire, 60 bytes captured)
Arrival Time: May 15, 2003
11:42:36.482572000
Time delta from previous packet:
1.353459000 seconds
Time relative to first packet: 6.600063000
seconds
Frame Number: 40
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 46
Identification: 0x2e10 (11792)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb48f (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212204, Ack:
1038849765, Len: 6
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212204
Next sequence number: 2877212210
Acknowledgement number: 1038849765
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65196
Checksum: 0x5d3e (correct)
File Transfer Protocol
(FTP)
Request command: QUIT
Frame 41 (86 bytes on
wire, 86 bytes captured)
Arrival Time: May 15, 2003
11:42:36.483356000
Time delta from previous packet:
0.000784000 seconds
Time relative to first packet: 6.600847000
seconds
Frame Number: 41
Packet Length: 86 bytes
Capture Length: 86 bytes
Ethernet II, Src:
00:90:7e:05:0f:ce, Dst: 00:a0:cc:33:da:ef
Destination: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Source: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.3 (172.18.0.3), Dst Addr: 172.18.0.2 (172.18.0.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xfa57 (64087)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xe82d (correct)
Source: 172.18.0.3 (172.18.0.3)
Destination: 172.18.0.2 (172.18.0.2)
Transmission Control
Protocol, Src Port: 21 (21), Dst Port: 3436 (3436), Seq: 1038849765, Ack:
2877212210, Len: 32
Source port: 21 (21)
Destination port: 3436 (3436)
Sequence number: 1038849765
Next sequence number: 1038849797
Acknowledgement number: 2877212210
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16288
Checksum: 0x873c (correct)
File Transfer Protocol
(FTP)
Response code: Service closing control
connection (221)
Response arg: Thanks for stopping by...
Frame 42 (60 bytes on
wire, 60 bytes captured)
Arrival Time: May 15, 2003
11:42:36.484116000
Time delta from previous packet:
0.000760000 seconds
Time relative to first packet: 6.601607000
seconds
Frame Number: 42
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src:
00:90:7e:05:0f:ce, Dst: 00:a0:cc:33:da:ef
Destination: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Source: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src
Addr: 172.18.0.3 (172.18.0.3), Dst Addr: 172.18.0.2 (172.18.0.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xfa59 (64089)
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x284c (correct)
Source: 172.18.0.3 (172.18.0.3)
Destination: 172.18.0.2 (172.18.0.2)
Transmission Control
Protocol, Src Port: 21 (21), Dst Port: 3436 (3436), Seq: 1038849797, Ack:
2877212210, Len: 0
Source port: 21 (21)
Destination port: 3436 (3436)
Sequence number: 1038849797
Acknowledgement number: 2877212210
Header length: 20 bytes
Flags: 0x0011 (FIN, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 16288
Checksum: 0xc3e5 (correct)
Frame 43 (54 bytes on
wire, 54 bytes captured)
Arrival Time: May 15, 2003
11:42:36.484197000
Time delta from previous packet:
0.000081000 seconds
Time relative to first packet: 6.601688000
seconds
Frame Number: 43
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef (00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x2e11 (11793)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb494 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212210, Ack:
1038849798, Len: 0
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212210
Acknowledgement number: 1038849798
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65164
Checksum: 0x04f9 (correct)
Frame 44 (54 bytes on
wire, 54 bytes captured)
Arrival Time: May 15, 2003
11:42:36.492977000
Time delta from previous packet: 0.008780000 seconds
Time relative to first packet: 6.610468000
seconds
Frame Number: 44
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src:
00:a0:cc:33:da:ef, Dst: 00:90:7e:05:0f:ce
Destination: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Source: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Type: IP (0x0800)
Internet Protocol, Src
Addr: 172.18.0.2 (172.18.0.2), Dst Addr: 172.18.0.3 (172.18.0.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport
(ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x2e12 (11794)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xb493 (correct)
Source: 172.18.0.2 (172.18.0.2)
Destination: 172.18.0.3 (172.18.0.3)
Transmission Control
Protocol, Src Port: 3436 (3436), Dst Port: 21 (21), Seq: 2877212210, Ack:
1038849798, Len: 0
Source port: 3436 (3436)
Destination port: 21 (21)
Sequence number: 2877212210
Acknowledgement number: 1038849798
Header length: 20 bytes
Flags: 0x0011 (FIN, ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 65164
Checksum: 0x04f8 (correct)
Frame 45 (60 bytes on
wire, 60 bytes captured)
Arrival Time: May 15, 2003
11:42:36.493111000
Time delta from previous packet:
0.000134000 seconds
Time relative to first packet: 6.610602000
seconds
Frame Number: 45
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src: 00:90:7e:05:0f:ce,
Dst: 00:a0:cc:33:da:ef
Destination: 00:a0:cc:33:da:ef
(00:a0:cc:33:da:ef)
Source: 00:90:7e:05:0f:ce
(00:90:7e:05:0f:ce)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src
Addr: 172.18.0.3 (172.18.0.3), Dst Addr: 172.18.0.2 (172.18.0.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services
Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT):
0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xfa5a (64090)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xe84a (correct)
Source: 172.18.0.3 (172.18.0.3)
Destination: 172.18.0.2 (172.18.0.2)
Transmission Control
Protocol, Src Port: 21 (21), Dst Port: 3436 (3436), Seq: 1038849798, Ack:
2877212211, Len: 0
Source port: 21 (21)
Destination port: 3436 (3436)
Sequence number: 1038849798
Acknowledgement number: 2877212211
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced
(CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16287
Checksum: 0xc3e5 (correct)