Wireshark-users: Re: [Wireshark-users] how to understand the process of closing tcp connection
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Zhenyu Zhao <zzhao@xxxxxxxxxxxxxxx>
Date: Mon, 2 Jun 2008 08:56:48 -0400 (EDT)
This is called half-close, which means one direction of TCP connection has been close (FIN and ACK exchanged), while the other direction is still open. This is legitimate because TCP by design allows half-close, though few applications take advantage of the feature. Well, it looks like the application running on the server does implement the feature 

Zhen

On Mon, 2 Jun 2008, wangyz wrote:


I want to understand the process of the closing tcp.
so i made this scen.
172.16.80.81 machine start telnet server.
172.16.80.80 telnet 172.16.80.81.
starup wiresharp on 172.16.80.80 and begin to catch the data.
exit telnet on 172.16.80.80.
then I got these data.
172.16.80.80 172.16.80.81 TCP compaq-https > telnet [ACK] Seq=7 Ack=16
Win=65279 Len=0
172.16.80.80 172.16.80.81 TCP compaq-https > telnet [FIN, ACK] Seq=7
Ack=16 Win=65279 Len=0
172.16.80.81 172.16.80.80 TCP telnet > compaq-https [ACK] Seq=16 Ack=8
Win=5840 Len=0
my question one :
how to understand [FIN, ACK].

my question two:
the process of closing tcp is four-way handshake.
why i only got three message.
thanks in advance















_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users