A short story of TCP - or: I just wanted to download a file... -------------------------------------------------------------- The TCP/IP processing is not very easy to understand when you're a novice. The best way to learn it is to watch logs of connections and try to find out what was going on. Of course you should also have a good book that explains the structure of the data or at least the necessary RFCs (Request For Comments) that contain the definitions of the respective protocols. To make it a little easier to understand (and to have more fun when reading ;-) ), I have modelled the information exchange between the computers like a conversation between people. (If you don't like it, you can as well delete those comments.) At first some comments on the symbols and abbrevations: <- sending , -> receiving (from my computer's point of view) LCP: Link Control Protocol NCP: Network Control Protocol PAP: Password Authentication Protocol CHAP: Challenge Handshake Authentication Protocol VJ: Van Jacobson compression algorithm CCP: Compression Control Protocol IP: Internet Protocol TCP: Transmission Control Protocol UDP: User Datagram Protocol Originally all data were logged as hex bytes. Using some specifications, I translated them to mnemonical commands, that means that no string "ConfReq" was sent. When the bytes were ascii bytes, I translated them to a string enclosed in "..." (except the comments, of course). When the hex numbers represented a special value, I replaced them by this value and often enclosed them in '...', e.g. instead of 8d 02 1d 02 I write '141.2.29.2', or 'TCP' instead of 06. (Note that not all translated values were enclosed in '...'.) Now let's listen to my computer, called "polaris", who wants to download a file (on behalf of its user) from "www" at the department of the university where I work ("vsb.cs.uni-frankfurt.de"). My computer is connected to another computer, called "ascend2" or "141.2.29.2", which is used as the telephone line connection server. "polaris" begins. ================================================================ <- LCP ConfReq 01 len 4 "You at the other end. I want to configure our connection." -> LCP ConfReq 01 len 26 type 0 len 4: 00 00 type 'AuthProt' len 5: 'CHAP MD5' type 'ML-MRRU' len 4: 05 DC type 'ML-Endp' len 9: 03 00 C0 7B 52 3B CC "Hi over there. Let me configure: We take type 0, authenticate each other by CHAP with MD5 encryption, and do those multilink setting. Right?" <- LCP ConfRej 01 len 21 type 0 len 4: 00 00 type 'ML-MRRU' len 4: 05 DC type 'ML-Endp' len 9: 03 00 C0 7B 52 3B CC "Um, wait. '0' seems suspicious to me. So do these ML settings..." -> LCP ConfAck 01 len 4 "Ah yes. Well." -> LCP ConfReq 02 len 9 type 'AuthProt' len 5: 'CHAP MD5' "You there. Let me retry. What about the CHAP MD5?" <- LCP ConfNak 02 len 8 type 'AuthProt' len 4: 'PAP' "Er, no. I'd like to use PAP." -> LCP ConfReq 03 len 8 type 'AuthProt' len 4: 'PAP' "As you like. Now: I'm offering PAP." <- LCP ConfAck 03 len 8 type 'AuthProt' len 4: 'PAP' "Yo, that's good." <- PAP AuthReq 02 len <...length...> 04 "zapf" "" "My user identifies himself as 'zapf', with the password ..." -> PAP AuthAck 02 len 5 00 "" "Seems good to me." -> CCP ConfReq 01 len 10: type 'LZS' len 6: 00 01 01 03 "What about some compression to save time?" <- LCP ProtRej 03 len 6: 'CCP' "What do you mean by 'compression'?" -> NCP ConfReq 01 len 16: type 'IPCompProt' len 6: 'VJ' 0F01 type 'IPAddr' len 6: '141.2.29.2' "Now that our connection is OK, let's check some further upper-level settings. When we use IP, we'll compress with VJ. And you can call me '141.2.29.2'." <- NCP ConfRej 01 len 10: type 'IPCompProt' len 6: 'VJ' 0F01 "Sorry, I'm not told to use compression." -> NCP ConfReq 02 len 10: type 'IPAddr' len 6: '141.2.29.2' "Oh yeah. Anyway, believe me: I'm '141.2.29.2'." <- NCP ConfAck 02 len 10: type 'IPAddr' len 6: '141.2.29.2' "That might well be. OK, accepted." <- NCP ConfAck 01 len 10: type 'IPAddr' len 6: '0.0.0.0' "Hey, you, and I myself am '0.0.0.0'." -> NCP ConfNak 01 len 10: type 'IPAddr' len 6: '141.2.28.110' "Nonsense, you are definitely '141.2.28.110'." <- NCP ConfReq 02 len 10: type 'IPAddr' len 6: '141.2.28.110' "Really? Well, my user told me to believe you, so I should be '141.2.28.110'." -> NCP ConfAck 02 len 10: type 'IPAddr' len 6: '141.2.28.110' "Right you are." ------------------------------------------------------------------ Now that we listened to the interfaces of "polaris" and "ascend2", we turn to the TCP (and UDP) level. ------------------------------------------------------------------ <- IP 45 00 0061 C625 0000 40 'UDP' 67AA '141.2.28.110' '141.2.22.74' src_port 1107 dst_port 'domain' len 77 chks 0x9812 id 1 'query,recur' qcnt 1 acnt 0 aucnt 0 adcnt 0 query: 03 "www" 03 "vsb" 02 "cs" 0D "uni-frankfurt" 02 "de" 03 "vsb" 02 "cs" 0D "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPAddr' "Hello 141.2.22.74, I have a question: Tell me the IP address of a computer that calls itself www.vsb.cs.uni-frankfurt.de.vsb.cs.uni-frankfurt.de." (In fact, it is completely wrong, but it was told to append 'vsb.cs.uni-frankfurt.de' whenever a name was typed in without a trailing dot, and I typed "ftp www.vsb.cs.uni-frankfurt.de".) -> IP 45 00 00b0 24cc 0000 3a 'UDP' 0eb5 '141.2.22.74' '141.2.28.110' src_port 'domain' dst_port 1107 len 156 chks 0x853a id 1 'resp,auth,recur_avail,error' qcnt 1 acnt 0 aucnt 1 adcnt 0 query: 03 "www" 03 "vsb" 02 "cs" 0d "uni-frankfurt" 02 "de" 03 "vsb" 02 "cs" 0d "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPAddr' authority: 0d "uni-frankfurt" 02 "de" 00 type 'AuthZone' class 'IPAddr' TTL '1 day' len 51 primary: 07 "chaplin" 02 "rz" c045 ("uni-frankfurt.de") e-mail: 0f "netz-verwaltung" c069 ("rz.uni-frankfurt.de") serial: 0x05c86d76 refresh: 0x00002a30 ('3 h') retry: 0x00000e10 ('1 h') expire: 0x002dc6c0 ('3000000 s') minimum: 0x00015180 ('1 day') "Hello 141.2.28.110, this is 141.2.22.74. Sorry, but I don't know what computer you are referring to by www.vsb... The name domain uni-frankfurt.de is served by the computer chaplin.rz.uni-frankfurt.de (in fact itself). Here are some other data that you can pass to your user." <- IP 45 00 005D C626 0000 40 'UDP' 67AD '141.2.28.110' '141.2.22.74' src_port 1108 dst_port 'domain' len 73 chks 0x0EF1 id 2 'query,recur' qcnt 1 acnt 0 aucnt 0 adcnt 0 query: 03 "www" 03 "vsb" 02 "cs" 0D "uni-frankfurt" 02 "de" 02 "cs" 0D "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPaddr' "Hello 141.2.22.74, this is 141.2.28.110. Tell me the address of www.vsb.cs.uni-frankfurt.de.cs.uni-frankfurt.de." (Still wrong, but it tries the substrings.) -> IP 45 00 00ac 24cd 0000 3a 'UDP' 0eb8 '141.2.22.74' '141.2.28.110' src_port 'domain' dst_port 1108 len 152 chks 0xfc20 id 2 'resp,auth,recur_avail,error' qcnt 1 acnt 0 aucnt 1 adcnt 0 query: 03 "www" 03 "vsb" 02 "cs" 0d "uni-frankfurt" 02 "de" 02 "cs" 0d "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPAddr' authority: 0d "uni-frankfurt" 02 "de" 00 type 'AuthZone' class 'IPAddr' TTL '1 day' len 51 primary: 07 "chaplin" 02 "rz" c041 ("uni-frankfurt.de") e-mail: 0f "netz-verwaltung" c065 ("rz.uni-frankfurt.de") serial: 0x05c86d76 refresh: 0x00002a30 retry: 0x00000e10 expire: 0x002dc6c0 minimum: 0x00015180 "Hello 141.2.28.110, this is 141.2.22.74. Sorry, ..." (and so on, the same as above) <- IP 45 00 005A C627 0000 40 'UDP' 67AF '141.2.28.110' '141.2.22.74' src_port 1109 dst_port 'domain' len 70 chks 0x1BC1 id 3 'query,recur' qcnt 1 acnt 0 aucnt 0 adcnt 0 query: 03 "www" 03 "vsb" 02 "cs" 0D "uni-frankfurt" 02 "de" 0D "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPAddr' (again wrong) -> IP 45 00 00a9 24ce 0000 3a 'UDP' 0eba '141.2.22.74' '141.2.28.110' src_port 'domain' dst_port 1109 len 149 chks 0xef10 id 3 'resp,auth,recur_avail,error' qcnt 1 acnt 0 aucnt 1 adcnt 0 query: 03 "www" 03 "vsb" 02 "cs" 0d "uni-frankfurt" 02 "de" 0d "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPAddr' authority: 0d "uni-frankfurt" 02 "de" 00 type 'AuthZone' class 'IPAddr' TTL '1 day' len 51 primary: 07 "chaplin" 02 "rz" c03e ("uni-frankfurt.de") e-mail: 0f "netz-verwaltung" c062 ("rz.uni-frankfurt.de") serial: 0x05c86d76 refresh: 0x00002a30 retry: 0x00000e10 expire: 0x002dc6c0 minimum: 0x00015180 (again sorry) <- IP 45 00 0049 C628 0000 40 'UDP' 67BF '141.2.28.110' '141.2.22.74' src_port 1110 dst_port 'domain' len 53 chks 0xE442 id 4 'query,recur' qcnt 1 acnt 0 aucnt 0 adcnt 0 query: 03 "www" 03 "vsb" 02 "cs" 0D "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPAddr' "Hello 141.2.22.74, this is 141.2.28.110. Tell me the IP address of www.vsb.cs.uni-frankfurt.de ." -> IP 45 00 0159 24d0 0000 3a 'UDP' 0e08 '141.2.22.74' '141.2.28.110' src_port 'domain' dst_port 1110 len 325 chks 0x357c id 4 'resp,auth,recur_avail' qcnt 1 acnt 3 aucnt 4 adcnt 5 query: 03 "www" 03 "vsb" 02 "cs" 0d "uni-frankfurt" 02 "de" 00 type 'IPAddr' class 'IPAddr' answer: c00c ("www.vsb.cs.uni-frankfurt.de") type 'cname' class 'IPAddr' TTL '1 day' len 33 07 "diamant" 03 "vsb" 02 "cs" 0d "uni-frankfurt" 02 "de" 00 c039 ("diamant.vsb.cs.uni-frankfurt.de") type 'cname' class 'IPAddr' TTL '1 day' len 14 0b "diamant-atm" c041 ("vsb.cs.uni-frankfurt.de") c066 ("diamant-atm.vsb.cs.uni-frankfurt.de") type 'IPAddr' class 'IPAddr' TTL '1 day' len 4 '141.2.150.16' authority: c048 ("uni-frankfurt.de") type 'namesrv' class 'IPAddr' TTL '1 day' len 13 03 "noc" 06 "belwue" c056 ("de") c048 ("uni-frankfurt.de") type 'namesrv' class 'IPAddr' TTL '1 day' len 9 02 "ns" 03 "nic" c056 ("de") c048 ("uni-frankfurt.de") type 'namesrv' class 'IPAddr' TTL '1 day' len 13 07 "chaplin" 02 "rz" c048 ("uni-frankfurt.de") c048 ("uni-frankfurt.de") type 'namesrv' class 'IPAddr' TTL '1 day' len 22 04 "hera" 03 "rbi" 0a "informatik" c048 ("uni-frankfurt.de") additional_info: c090 ("noc.belwue.de") type 'IPAddr' class 'IPAddr' TTL 0x000389e7 len 4 '129.143.2.1' c0a9 ("ns.nic.de") type 'IPAddr' class 'IPAddr' TTL 0x0000e89f len 4 '193.196.32.1' c0be ("chaplin.rz.uni-frankfurt.de") type 'IPAddr' class 'IPAddr' TTL '1 day' len 4 '141.2.22.74' c0d7 ("hera.rbi.informatik.uni-frankfurt.de") type 'IPAddr' class 'IPAddr' TTL '1 day' len 4 '141.2.1.1' c0d7 ("hera.rbi.informatik.uni-frankfurt.de") type 'IPAddr' 00 (truncated) "Hello 141.2.28.110, this is 141.2.22.74. Good news, I know what you mean. The one you are referring to is normally called diamant.vsb.cs.uni-frankfurt.de or diamant-atm.vsb.cs.uni-frankfurt.de. Its IP address is 141.2.150.16. By the way, if you want to know more,..." (and so on) <- IP 45 00 002C C629 0000 40 'TCP' E81F '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27201 ack 0x00000000 SYN win 28672 chks 0xD3DC urg 0x0000 opt 0x020405B4 "Hello 141.2.150.16, this is 141.2.28.110. I want an FTP connection. Send the data to my port 1246." -> IP 45 00 002c a392 0000 39 'TCP' 11b7 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6801 ack 0x10d27202 ACK SYN win 64240 chks 0xe9d1 urg 0x0000 opt 0x0204200c "Hello 141.2.28.110, this is 141.2.150.16. To your service." <- IP 45 00 0028 C62A 0000 40 'TCP' E822 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27202 ack 0xDCAF6802 ACK win 32768 chks 0x96D7 urg 0x0000 "Roger." -> IP 45 10 0078 a394 0000 39 'TCP' 1159 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6802 ack 0x10d27202 ACK PSH win 64240 chks 0x1b17 urg 0x0000 "220 diamant FTP server (Version wu-2.4(7) Thu Oct 17 18:51:31 CST 1996) ready.\n" "141.2.28.110, here are some data. Probably a text." (How should it know ;-)) <- IP 45 00 0028 C62B 0000 40 'TCP' E821 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27202 ack 0xDCAF6852 ACK win 32737 chks 0x96A6 urg 0x0000 "Processed." <- IP 45 00 0038 C62C 0000 40 'TCP' E810 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27202 ack 0xDCAF6852 ACK PSH win 32768 chks 0x0E93 urg 0x0000 "USER anonymous\n" "141.2.150.16, the application of my user wants me to say 'USER anonymous' to you." -> IP 45 10 006c a39c 0000 39 'TCP' 115d '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6852 ack 0x10d27212 ACK PSH win 64240 chks 0x3196 urg 0x0000 "331 Guest login ok, send your complete e-mail address as password.\n" "I told my application what you said. It gave me some more data for you: '331 Guest...'." <- IP 45 00 0028 C62D 0000 40 'TCP' E81F '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27212 ack 0xDCAF6896 ACK win 32768 chks 0x9633 urg 0x0000 "OK." <- IP 45 00 0036 C62E 0000 40 'TCP' E810 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27212 ack 0xDCAF6896 ACK PSH win 32768 chks 0x97E6 urg 0x0000 "PASS zapf@em\n" "Now it wants me to say 'PASS...'." -> IP 45 10 0058 a3a0 0000 39 'TCP' 116d '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6896 ack 0x10d27220 ACK PSH win 64240 chks 0x6f16 urg 0x0000 "230 Guest login ok, access restrictions apply.\n" "And my application says '230...'." <- IP 45 00 0028 C62F 0000 40 'TCP' E81D '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27220 ack 0xDCAF68C6 ACK win 32768 chks 0x95F5 urg 0x0000 "Received." <- IP 45 00 0030 C630 0000 40 'TCP' E814 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27220 ack 0xDCAF68C6 ACK PSH win 32768 chks 0xC3F3 urg 0x0000 "TYPE I\n" "The application sends the string 'TYPE I' with a carriage return to its peer." -> IP 45 10 003c a3a6 0000 39 'TCP' 1183 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf68c6 ack 0x10d27228 ACK PSH win 64240 chks 0x87fd urg 0x0000 "200 Type set to I.\n" "Seemed to understand that. It says '200...'." <- IP 45 00 0028 C631 0000 40 'TCP' E81B '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27228 ack 0xDCAF68DA ACK win 32768 chks 0x95D9 urg 0x0000 "OK." <- IP 45 00 003B C632 0000 40 'TCP' E807 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27228 ack 0xDCAF68DA ACK PSH win 32768 chks 0x3BEC urg 0x0000 "CWD pub/people/mz\n" "Now it's 'CWD...'." -> IP 45 10 0045 a3e5 0000 39 'TCP' 113b '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf68da ack 0x10d2723b ACK PSH win 64240 chks 0x3d4c urg 0x0000 "250 CWD command successful.\n" "Whatever it means, but mine says '250...'." <- IP 45 00 0028 C633 0000 40 'TCP' E819 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D2723B ack 0xDCAF68F7 ACK win 32760 chks 0x95B1 urg 0x0000 "So far so good." <- IP 45 00 0041 C634 0000 40 'TCP' E7FF '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D2723B ack 0xDCAF68F7 ACK PSH win 32768 chks 0x0929 urg 0x0000 "PORT 141,2,28,110,4,223\n" "Here's some more: 'PORT...'." (4 * 256 + 223 = 1247) -> IP 45 10 0046 a3ee 0000 39 'TCP' 1131 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf68f7 ack 0x10d27254 ACK PSH win 64240 chks 0x5d92 urg 0x0000 "200 PORT command successful.\n" "And from above comes: '200...'." <- IP 45 00 003A C635 0000 40 'TCP' E805 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27254 ack 0xDCAF6915 ACK PSH win 32768 chks 0x1E61 urg 0x0000 "RETR speec12.xmo\n" "You hear me? 'RETR speec12.xmo', return." -> IP 45 08 003c a3ef 0000 39 'TCP' 1142 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce03c01 ack 0x00000000 SYN win 65535 chks 0xe0e1 urg 0x0000 opt 0x0204200c opt 0x01030301 opt 0x0101080a opt 0x33243251 opt 0x00000000 "141.2.28.110, this is still 141.2.150.16. Expect some data coming in at your port 1247, coming from my 'ftp-data' port." <- IP 45 00 002C C636 0000 40 'TCP' E812 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95001 ack 0xDCE03C02 ACK SYN win 32768 chks 0xCCC2 urg 0x0000 opt 0x020405B4 "141.2.150.16, this is 141.2.28.110. I understand. Proceed." -> IP 45 08 0028 a3f0 0000 39 'TCP' 1155 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce03c02 ack 0x10f95002 ACK win 64240 chks 0x698f urg 0x0000 "OK." -> IP 45 10 0070 a3f1 0000 39 'TCP' 1104 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6915 ack 0x10d27266 ACK PSH win 64240 chks 0x5218 urg 0x0000 "150 Opening BINARY mode data connection for speec12.xmo (26752 bytes).\n" "Here are further bytes for your other port. Seems be be information." <- IP 45 00 0028 C637 0000 40 'TCP' E815 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27266 ack 0xDCAF695D ACK win 32715 chks 0x954D urg 0x0000 "Got them." -> IP 45 08 05dc a3f2 0000 39 'TCP' 0b9f '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce03c02 ack 0x10f95002 ACK win 64240 chks 0x1647 urg 0x0000 07 "TIFILES" 00 68 ... "Do you listen? Now on your port 1247: 07 'TIFILES'..." <- IP 45 00 0028 C638 0000 40 'TCP' E814 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE041B6 ACK win 32768 chks 0xDECB urg 0x0000 "Got them." -> IP 45 08 05dc a3f3 0000 39 'TCP' 0b9e '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce041b6 ack 0x10f95002 ACK win 64240 chks 0x1e2b urg 0x0000 ... "..." -> IP 45 10 0040 a3f4 0000 39 'TCP' 1131 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf695d ack 0x10d27266 ACK PSH win 64240 chks 0x4b12 urg 0x0000 "226 Transfer complete.\n" "141.2.28.150, my application sends this to you: '226...'." <- IP 45 00 0028 C639 0000 40 'TCP' E813 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE0476A ACK win 32768 chks 0xD917 urg 0x0000 "OK for your FTP data." <- IP 45 00 0028 C63A 0000 40 'TCP' E812 '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27266 ack 0xDCAF6975 ACK win 32744 chks 0x9518 urg 0x0000 "And for your info data." -> IP 45 08 05dc a3f6 0000 39 'TCP' 0b9b '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce0476a ack 0x10f95002 ACK win 64240 chks 0x4234 urg 0x0000 ... "..." <- IP 45 00 0028 C63B 0000 40 'TCP' E811 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE04D1E ACK win 32768 chks 0xD363 urg 0x0000 "Yeah." -> IP 45 08 05dc a3f7 0000 39 'TCP' 0b9a '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce04d1e ack 0x10f95002 ACK win 64240 chks 0xc465 urg 0x0000 ... "..." <- IP 45 00 0028 C63C 0000 40 'TCP' E810 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE052D2 ACK win 32768 chks 0xCDAF urg 0x0000 "Right." -> IP 45 08 05dc a3f8 0000 39 'TCP' 0b99 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce052d2 ack 0x10f95002 ACK win 64240 chks 0x2890 urg 0x0000 ... "..." <- IP 45 00 0028 C63D 0000 40 'TCP' E80F '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE05886 ACK win 32768 chks 0xC7FB urg 0x0000 "Yes." -> IP 45 08 05dc a3f9 0000 39 'TCP' 0b98 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce05886 ack 0x10f95002 ACK win 64240 chks 0x952a urg 0x0000 ... "..." <- IP 45 00 0028 C63E 0000 40 'TCP' E80E '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE05E3A ACK win 32768 chks 0xC247 urg 0x0000 "OK." -> IP 45 08 05dc a3fa 0000 39 'TCP' 0b97 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce05e3a ack 0x10f95002 ACK win 64240 chks 0x5696 urg 0x0000 ... "..." <- IP 45 00 0028 C63F 0000 40 'TCP' E80D '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE063EE ACK win 32768 chks 0xBC93 urg 0x0000 "OK." -> IP 45 08 05dc a3fb 0000 39 'TCP' 0b96 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce063ee ack 0x10f95002 ACK win 64240 chks 0x9a14 urg 0x0000 ... "..." <- IP 45 00 0028 C640 0000 40 'TCP' E80C '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE069A2 ACK win 32768 chks 0xB6DF urg 0x0000 "OK." -> IP 45 08 05dc a3fc 0000 39 'TCP' 0b95 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce069a2 ack 0x10f95002 ACK win 64240 chks 0x37c5 urg 0x0000 ... "..." <- IP 45 00 0028 C641 0000 40 'TCP' E80B '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE06F56 ACK win 32768 chks 0xB12B urg 0x0000 "Yes." (and so on...) -> IP 45 08 05dc a3fd 0000 39 'TCP' 0b94 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce06f56 ack 0x10f95002 ACK win 64240 chks 0xb652 urg 0x0000 ... <- IP 45 00 0028 C642 0000 40 'TCP' E80A '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE0750A ACK win 32768 chks 0xAB77 urg 0x0000 -> IP 45 08 05dc a3fe 0000 39 'TCP' 0b93 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce0750a ack 0x10f95002 ACK win 64240 chks 0x5320 urg 0x0000 ... <- IP 45 00 0028 C643 0000 40 'TCP' E809 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE07ABE ACK win 32768 chks 0xA5C3 urg 0x0000 -> IP 45 08 05dc a3ff 0000 39 'TCP' 0b92 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce07abe ack 0x10f95002 ACK win 64240 chks 0xe7ec urg 0x0000 ... <- IP 45 00 0028 C644 0000 40 'TCP' E808 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE08072 ACK win 32768 chks 0xA00F urg 0x0000 -> IP 45 08 05dc a401 0000 39 'TCP' 0b90 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce08072 ack 0x10f95002 ACK win 64240 chks 0x1edd urg 0x0000 ... <- IP 45 00 0028 C645 0000 40 'TCP' E807 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE08626 ACK win 32768 chks 0x9A5B urg 0x0000 -> IP 45 08 05dc a402 0000 39 'TCP' 0b8f '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce08626 ack 0x10f95002 ACK win 64240 chks 0x598c urg 0x0000 ... <- IP 45 00 0028 C646 0000 40 'TCP' E806 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE08BDA ACK win 32768 chks 0x94A7 urg 0x0000 -> IP 45 08 05dc a403 0000 39 'TCP' 0b8e '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce08bda ack 0x10f95002 ACK win 64240 chks 0x96c9 urg 0x0000 ... <- IP 45 00 0028 C647 0000 40 'TCP' E805 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE0918E ACK win 32768 chks 0x8EF3 urg 0x0000 -> IP 45 08 05dc a404 0000 39 'TCP' 0b8d '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce0918e ack 0x10f95002 ACK win 64240 chks 0xa6b3 urg 0x0000 ... <- IP 45 00 0028 C648 0000 40 'TCP' E804 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE09742 ACK win 32768 chks 0x893F ack 0x0000 -> IP 45 08 05dc a405 0000 39 'TCP' 0b8c '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce09742 ack 0x10f95002 ACK win 64240 chks 0x3fdc urg 0x0000 ... <- IP 45 00 0028 C649 0000 40 'TCP' E803 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE09CF6 ACK win 32768 chks 0x838B urg 0x0000 -> IP 45 08 05dc a406 0000 39 'TCP' 0b8b '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce09cf6 ack 0x10f95002 ACK win 64240 chks 0x1d41 urg 0x0000 ... -> IP 45 08 0200 a407 0000 39 'TCP' 0f66 '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce0a2aa ack 0x10f95002 ACK PSH FIN win 64240 chks 0xa12f urg 0x0000 ... bc de 53 14 "And ... bc de 53 14. 141.2.28.110, the transmission to your port 1247 is terminated." <- IP 45 00 0028 C64A 0000 40 'TCP' E802 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE0A483 ACK win 32296 chks 0x7DD6 urg 0x0000 "Acknowledged." <- IP 45 00 0028 C64B 0000 40 'TCP' E801 '141.2.28.110' '141.2.150.16' src_port 1247 dst_port 'ftp-data' seq 0x10F95002 ack 0xDCE0A483 ACK FIN win 32768 chks 0x7BFD urg 0x0000 "141.2.150.16, herewith I terminate my connection to your 'ftp-data' port." (TCP connections are full-duplex, so that both have to close the connection.) -> IP 45 08 0028 a40a 0000 39 'TCP' 113b '141.2.150.16' '141.2.28.110' src_port 'ftp-data' dst_port 1247 seq 0xdce0a483 ack 0x10f95003 ACK win 64240 chks 0x010d urg 0x0000 "OK." <- IP 45 00 002E C64C 0000 40 'TCP' E7FA '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D27266 ack 0xDCAF6975 ACK PSH win 32768 chks 0xED3E urg 0x0000 "QUIT\n" "141.2.150.16, my application wants me to send you 'QUIT', return." -> IP 45 10 0036 a418 0000 39 'TCP' 1117 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6975 ack 0x10d2726c ACK PSH win 64240 chks 0x2b1c urg 0x0000 "221 Goodbye.\n" "141.2.28.160, your peer above me says '221...'." -> IP 45 10 0028 a419 0000 39 'TCP' 1124 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6983 ack 0x10d2726c ACK FIN win 64240 chks 0x19fb urg 0x0000 "141.2.28.160, I'm shutting down my FTP connection to you." <- IP 45 00 0028 C64D 0000 40 'TCP' E7FF '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D2726C ack 0xDCAF6984 ACK win 32762 chks 0x94F1 urg 0x0000 "OK." <- IP 45 00 0028 C64E 0000 40 'TCP' E7FE '141.2.28.110' '141.2.150.16' src_port 1246 dst_port 'ftp' seq 0x10D2726C ack 0xDCAF6984 ACK FIN win 32768 chks 0x94EA urg 0x0000 "141.2.150.16, no more data from me, I'm closing." -> IP 45 10 0028 a41a 0000 39 'TCP' 1123 '141.2.150.16' '141.2.28.110' src_port 'ftp' dst_port 1246 seq 0xdcaf6984 ack 0x10d2726d ACK win 64240 chks 0x19fa urg 0x0000 "Right." ------------------------------------------------------------------- Now both polaris (141.2.28.160) and www (141.2.150.16) sit there, idle. At least polaris, because www has most probably much more to do than to serve my computer. Looking in my current directory, I find the file 'speec12.xmo' on my computer. It is interesting to note that when there are no applications using the network, the connection is quiescent except for some rare control messages. When the connection is terminated, there is normally no special procedure. As there are no de-configuration commands, the connection is simply broken up. The telephone line server normally detects a hang-up of the phone line and shuts down the interface so that it can be provided to another caller. However, if you have started some activities on another computer, you should at first terminate them because they could continue to try sending information when there is no one who listens. =====================================================================