Wireshark · Wireshark-users: Re: [Wireshark-users] [可能是垃圾邮件] Re: how to understand the process of closing tcp connection

[wangyz <wangyz@xxxxxxxxxxxx>]

Zhenyu Zhao wrote:
> This is called half-close, which means one direction of TCP connection has 
> been close (FIN and ACK exchanged), while the other direction is still 
> open. This is 
> legitimate because TCP by design allows half-close, though few 
> applications take advantage of the feature. Well, it looks like the 
> application running on the server does implement the feature
>
> Zhen
>
> On Mon, 2 Jun 2008, wangyz wrote:
>
>   
> > I want to understand the process of the closing tcp.
> > so i made this scen.
> > 172.16.80.81 machine start telnet server.
> > 172.16.80.80 telnet 172.16.80.81.
> > starup wiresharp on 172.16.80.80 and begin to catch the data.
> > exit telnet on 172.16.80.80.
> > then I got these data.
> > 172.16.80.80 172.16.80.81 TCP compaq-https > telnet [ACK] Seq=7 Ack=16
> > Win=65279 Len=0
> > 172.16.80.80 172.16.80.81 TCP compaq-https > telnet [FIN, ACK] Seq=7
> > Ack=16 Win=65279 Len=0
> > 172.16.80.81 172.16.80.80 TCP telnet > compaq-https [ACK] Seq=16 Ack=8
> > Win=5840 Len=0
> > my question one :
> > how to understand [FIN, ACK].
> >
> > my question two:
> > the process of closing tcp is four-way handshake.
> > why i only got three message.
> > thanks in advance
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> >     
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>   
in fact, this connetion had been closed. why said half-close.
in my option. tcp merge ack and fin into one message. and send back.