This is called half-close, which means one direction of TCP connection has
been close (FIN and ACK exchanged), while the other direction is still
open. This is
legitimate because TCP by design allows half-close, though few
applications take advantage of the feature. Well, it looks like the
application running on the server does implement the feature
Zhen
On Mon, 2 Jun 2008, wangyz wrote:
I want to understand the process of the closing tcp.
so i made this scen.
172.16.80.81 machine start telnet server.
172.16.80.80 telnet 172.16.80.81.
starup wiresharp on 172.16.80.80 and begin to catch the data.
exit telnet on 172.16.80.80.
then I got these data.
172.16.80.80 172.16.80.81 TCP compaq-https > telnet [ACK] Seq=7 Ack=16
Win=65279 Len=0
172.16.80.80 172.16.80.81 TCP compaq-https > telnet [FIN, ACK] Seq=7
Ack=16 Win=65279 Len=0
172.16.80.81 172.16.80.80 TCP telnet > compaq-https [ACK] Seq=16 Ack=8
Win=5840 Len=0
my question one :
how to understand [FIN, ACK].
my question two:
the process of closing tcp is four-way handshake.
why i only got three message.
thanks in advance
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
