Wireshark-users: Re: [Wireshark-users] how to understand the process of closing tcp connection
From: Zhenyu Zhao <[email protected]>
Date: Mon, 2 Jun 2008 08:56:48 -0400 (EDT)
This is called half-close, which means one direction of TCP connection has been close (FIN and ACK exchanged), while the other direction is still open. This is legitimate because TCP by design allows half-close, though few applications take advantage of the feature. Well, it looks like the application running on the server does implement the feature

On Mon, 2 Jun 2008, wangyz wrote:

I want to understand the process of the closing tcp.
so i made this scen. machine start telnet server. telnet
starup wiresharp on and begin to catch the data.
exit telnet on
then I got these data. TCP compaq-https > telnet [ACK] Seq=7 Ack=16
Win=65279 Len=0 TCP compaq-https > telnet [FIN, ACK] Seq=7
Ack=16 Win=65279 Len=0 TCP telnet > compaq-https [ACK] Seq=16 Ack=8
Win=5840 Len=0
my question one :
how to understand [FIN, ACK].

my question two:
the process of closing tcp is four-way handshake.
why i only got three message.
thanks in advance

Wireshark-users mailing list
[email protected]