TCP characteristics
The TCP protocol resides on top of the IP protocol. It is a stateful protocol and has built-in functions to see that the data was received properly by the other end host.
The main goals of the TCP protocol is to see:
1. data is reliably received and sent;
2. the data is transported between the Internet layer and Application layer correctly;
3. the packet data reaches the proper program in the application layer;
4. the data reaches the program in the right order.
All of this is possible through the TCP headers of the packet.
SYN three-way handshake (S)SYN-> (D) SYNC/ACK -> (S) ACK
The TCP protocol looks at data as an continuous data stream with a start and a stop signal. The signal that indicates that a new stream is waiting to be opened is called a SYN three-way handshake in TCP, and consists of one packet sent with the SYN bit set. The other end then either answers with SYN/ACK or SYN/RST to let the client know if the connection was accepted or denied, respectively. If the client receives an SYN/ACK packet, it once again replies, this time with an ACK packet. At this point, the whole connection is established and data can be sent.
During this initial handshake, all of the specific options that will be used throughout the rest of the TCP connection is also negotiated, such as ECN, SACK, etcetera.
An example of TCP SYN 3-way handshake: (a complete transmission is attached at the end of the blog)
1 0.00000 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Syn Seq=3368322776 Len=0 Win=5840 Options=
2 0.00031 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Syn Ack=3368322777 Seq=1322806787 Len=0 Win=49232 Options=
3 0.00004 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322806788 Seq=3368322777 Len=0 Win=1460 Options=
2 0.00031 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Syn Ack=3368322777 Seq=1322806787 Len=0 Win=49232 Options=
3 0.00004 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322806788 Seq=3368322777 Len=0 Win=1460 Options=
4 0.00013 ipc4.shanjing.com -> sun1.shanjing.com PORTMAP C DUMP
The Sequence Number – The Reliability Part of TCP
While the datastream is alive, we have further mechanisms to see that the packets are actually received properly by the other end. This is the reliability part of TCP. This is done in a simple way, using a Sequence number in the packet (see above sample TCP's Seq number highlighted in black). Every time we send a packet, we give a new value to the Sequence number, and when the other end receives the packet, it sends an ACK packet back to the data sender. The ACK packet acknowledges that the packet was received properly. The sequence number also sees to it that the packet is inserted into the data stream in a good order.
Closing the connection – FIN -> FIN/ACK
Once the connection is closed, this is done by sending a FIN packet from either end-point. The other end then responds by sending a FIN/ACK packet. The FIN sending end can then no longer send any data, but the other end-point can still finish sending data. Once the second end-point wishes to close the connection totally, it sends a FIN packet back to the originally closing end-point, and the other end-point replies with a FIN/ACK packet. Once this whole procedure is done, the connection is torn down properly.
As you will also later see, the TCP headers contain a checksum as well. The checksum consists of a simple hash of the packet. With this hash, we can with rather high accuracy see if a packet has been corrupted in any way during transit between the hosts.
The TCP headers must be able to perform all of the tasks above.
Let’s look at the TCP headers in detail. Each row is a 32-bit word.
TCP header:
Source port - bit 0 - 15. This is the source port of the packet. The source port was originally bound directly to a process on the sending system. Today, we use a hash between the IP addresses, and both the destination and source ports to achieve this uniqueness that we can bind to a single application or program.
Destination port - bit 16 - 31. This is the destination port of the TCP packet. Just as with the source port, this was originally bound directly to a process on the receiving system. Today, a hash is used instead, which allows us to have more open connections at the same time. When a packet is received, the destination and source ports are reversed in the reply back to the originally sending host, so that destination port is now source port, and source port is destination port.
Sequence Number - bit 32 - 63. The sequence number field is used to set a number on each TCP packet so that the TCP stream can be properly sequenced (e.g., the packets winds up in the correct order). The Sequence number is then returned in the ACK field to ackonowledge that the packet was properly received.
Acknowledgment Number - bit 64 - 95. This field is used when we acknowledge a specific packet a host has received. For example, we receive a packet with one Sequence number set, and if everything is okey with the packet, we reply with an ACK packet with the Acknowledgment number set to the same as the original Sequence number.
Data Offset - bit 96 - 99. This field indicates how long the TCP header is, and where the Data part of the packet actually starts. It is set with 4 bits, and measures the TCP header in 32 bit words. The header should always end at an even 32 bit boundary, even with different options set. This is possible thanks to the Padding field at the very end of the TCP header.
Reserved - bit 100 - 103. These bits are reserved for future usage. In RFC 793 this also included the CWR and ECE bits. According to RFC 793 bit 100-105 (i.e., this and the CWR and ECE fields) must be set to zero to be fully compliant. Later on, when we started introducing ECN, this caused a lot of troubles because a lot of Internet appliances such as firewalls and routers dropped packets with them set. This is still true as of writing this.
CWR - bit 104. This bit was added in RFC 3268 and is used by ECN. CWR stands for Congestion Window Reduced, and is used by the data sending part to inform the receiving part that the congestion window has been reduced. When the congestion window is reduced, we send less data per timeunit, to be able to cope with the total network load.
ECE - bit 105. This bit was also added with RFC 3268 and is used by ECN. ECE stands for ECN Echo. It is used by the TCP/IP stack on the receiver host to let the sending host know that it has received an CE packet. The same thing applies here, as for the CWR bit, it was originally a part of the reserved field and because of this, some networking appliances will simply drop the packet if these fields contain anything else than zeroes. This is actually still true for a lot of appliances unfortunately.
URG - bit 106. This field tells us if we should use the Urgent Pointer field or not. If set to 0, do not use Urgent Pointer, if set to 1, do use Urgent pointer.
ACK - bit 107. This bit is set to a packet to indicate that this is in reply to another packet that we received, and that contained data. An Acknowledgment packet is always sent to indicate that we have actually received a packet, and that it contained no errors. If this bit is set, the original data sender will check the Acknowledgment Number to see which packet is actually acknowledged, and then dump it from the buffers.
PSH - bit 108. The PUSH flag is used to tell the TCP protocol on any intermediate hosts to send the data on to the actual user, including the TCP implementation on the receiving host. This will push all data through, unregardless of where or how much of the TCP Window that has been pushed through yet.
RST - bit 109. The RESET flag is set to tell the other end to tear down the TCP connection. This is done in a couple of different scenarios, the main reasons being that the connection has crashed for some reason, if the connection does not exist, or if the packet is wrong in some way.
SYN - bit 110. The SYN (or Synchronize sequence numbers) is used during the initial establishment of a connection. It is set in two instances of the connection, the initial packet that opens the connection, and the reply SYN/ACK packet. It should never be used outside of those instances.
FIN - bit 111. The FIN bit indicates that the host that sent the FIN bit has no more data to send. When the other end sees the FIN bit, it will reply with a FIN/ACK. Once this is done, the host that originally sent the FIN bit can no longer send any data. However, the other end can continue to send data until it is finished, and will then send a FIN packet back, and wait for the final FIN/ACK, after which the connection is sent to a CLOSED state.
Window - bit 112 - 127. The Window field is used by the receiving host to tell the sender how much data the receiver permits at the moment. This is done by sending an ACK back, which contains the Sequence number that we want to acknowledge, and the Window field then contains the maximum accepted sequence numbers that the sending host can use before he receives the next ACK packet. The next ACK packet will update accepted Window which the sender may use.
Checksum - bit 128 - 143. This field contains the checksum of the whole TCP header. It is a one's complement of the one's complement sum of each 16 bit word in the header. If the header does not end on a 16 bit boundary, the additional bits are set to zero. While the checksum is calculated, the checksum field is set to zero. The checksum also covers a 96 bit pseudoheader containing the Destination-, Source-address, protocol, and TCP length. This is for extra security.
Urgent Pointer - bit 144 - 159. This is a pointer that points to the end of the data which is considered urgent. If the connection has important data that should be processed as soon as possible by the receiving end, the sender can set the URG flag and set the Urgent pointer to indicate where the urgent data ends.
Options - bit 160 - **. The Options field is a variable length field and contains optional headers that we may want to use. Basically, this field contains 3 subfields at all times. An initial field tells us the length of the Options field, a second field tells us which options are used, and then we have the actual options. A complete listing of all the TCP Options can be found in TCP options.
Padding - bit **. The padding field pads the TCP header until the whole header ends at a 32-bit boundary. This ensures that the data part of the packet begins on a 32-bit boundary, and no data is lost in the packet. The padding always consists of only zeros.
A sample of TCP communication between two hosts in "rpcinfo -p" captured by tcpdump (or snoop in Solaris) utility:
1 0.00000 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Syn Seq=3368322776 Len=0 Win=5840 Options=
2 0.00031 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Syn Ack=3368322777 Seq=1322806787 Len=0 Win=49232 Options=
3 0.00004 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322806788 Seq=3368322777 Len=0 Win=1460 Options=
4 0.00013 ipc4.shanjing.com -> sun1.shanjing.com PORTMAP C DUMP
5 0.00022 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Ack=3368322821 Seq=1322806788 Len=0 Win=49188 Options=
6 0.00093 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322807580 Seq=3368322821 Len=0 Win=1856 Options=
7 0.00001 sun1.shanjing.com -> ipc4.shanjing.com PORTMAP R DUMP 38 map(s) found
8 0.01263 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Fin Ack=1322807580 Seq=3368322821 Len=0 Win=1856 Options=
9 0.00013 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Ack=3368322822 Seq=1322807580 Len=0 Win=49232 Options=
10 0.00032 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Fin Ack=3368322822 Seq=1322807580 Len=0 Win=49232 Options=
11 0.00013 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322807581 Seq=3368322822 Len=0 Win=1856 Options=
Details:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 22:24:53.67045
ETHER: Packet size = 74 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 60 bytes
IP: Identification = 5703
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a058
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322776
TCP: Acknowledgement number = 0
TCP: Data offset = 40 bytes
TCP: Flags = 0x02
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...0 .... = No acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 5840
TCP: Checksum = 0xc95d
TCP: Urgent pointer = 0
TCP: Options: (20 bytes)
TCP: - Maximum segment size = 1460 bytes
TCP: - SACK permitted option
TCP: - TS Val = 2134176, TS Echo = 0
TCP: - No operation
TCP: - Window scale = 2
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 22:24:53.67077
ETHER: Packet size = 78 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 64 bytes
IP: Identification = 27277
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c0e
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322806787
TCP: Acknowledgement number = 3368322777
TCP: Data offset = 44 bytes
TCP: Flags = 0x12
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0xeedf
TCP: Urgent pointer = 0
TCP: Options: (24 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134176
TCP: - Maximum segment size = 1460 bytes
TCP: - No operation
TCP: - Window scale = 0
TCP: - No operation
TCP: - No operation
TCP: - SACK permitted option
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 3 arrived at 22:24:53.67082
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5705
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a05e
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322777
TCP: Acknowledgement number = 1322806788
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1460
TCP: Checksum = 0xea46
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134177, TS Echo = 1532405
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 4 arrived at 22:24:53.67095
ETHER: Packet size = 110 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 96 bytes
IP: Identification = 5707
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a030
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111 (Sun RPC)
TCP: Sequence number = 3368322777
TCP: Acknowledgement number = 1322806788
TCP: Data offset = 32 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1460
TCP: Checksum = 0xe454
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134177, TS Echo = 1532405
TCP:
RPC: ----- SUN RPC Header -----
RPC:
RPC: Record Mark: last fragment, length = 40
RPC: Transaction id = 450618384
RPC: Type = 0 (Call)
RPC: RPC version = 2
RPC: Program = 100000 (PMAP), version = 2, procedure = 4
RPC: Credentials: Flavor = 0 (None), len = 0 bytes
RPC: Verifier : Flavor = 0 (None), len = 0 bytes
RPC:
PMAP: ----- Portmapper -----
PMAP:
PMAP: Proc = 4 (Dump the mappings)
PMAP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 5 arrived at 22:24:53.67117
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27278
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c19
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322806788
TCP: Acknowledgement number = 3368322821
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49188
TCP: Checksum = 0x2faa
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134177
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 6 arrived at 22:24:53.67211
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5709
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a05a
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322821
TCP: Acknowledgement number = 1322807580
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1856
TCP: Checksum = 0xe574
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134179, TS Echo = 1532405
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 7 arrived at 22:24:53.67212
ETHER: Packet size = 858 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 844 bytes
IP: Identification = 27279
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4900
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750 (Sun RPC)
TCP: Sequence number = 1322806788
TCP: Acknowledgement number = 3368322821
TCP: Data offset = 32 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0xf9c4
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134177
TCP:
RPC: ----- SUN RPC Header -----
RPC:
RPC: Record Mark: last fragment, length = 788
RPC: Transaction id = 450618384
RPC: Type = 1 (Reply)
RPC: This is a reply to frame 4
RPC: Status = 0 (Accepted)
RPC: Verifier : Flavor = 0 (None), len = 0 bytes
RPC: Accept status = 0 (Success)
RPC:
PMAP: ----- Portmapper -----
PMAP:
PMAP: Proc = 4 (Dump the mappings)
PMAP: Program Version Protocol Port
PMAP: 100000 4 6 111 PMAP
PMAP: 100000 3 6 111 PMAP
PMAP: 100000 2 6 111 PMAP
PMAP: 100000 4 17 111 PMAP
PMAP: 100000 3 17 111 PMAP
PMAP: 100000 2 17 111 PMAP
PMAP: 100024 1 17 32772 STATMON2
PMAP: 100024 1 6 32771 STATMON2
PMAP: 100133 1 17 32772 ?
PMAP: 100133 1 6 32771 ?
PMAP: 1073741824 1 6 32772 transient
PMAP: 100021 1 17 4045 NLM
PMAP: 100021 2 17 4045 NLM
PMAP: 100021 3 17 4045 NLM
PMAP: 100021 4 17 4045 NLM
PMAP: 100021 1 6 4045 NLM
PMAP: 100021 2 6 4045 NLM
PMAP: 100021 3 6 4045 NLM
PMAP: 100021 4 6 4045 NLM
PMAP: 100001 2 17 32773 RSTAT
PMAP: 100001 3 17 32773 RSTAT
PMAP: 100001 4 17 32773 RSTAT
PMAP: 100068 2 17 32774 CMSD
PMAP: 100068 3 17 32774 CMSD
PMAP: 100068 4 17 32774 CMSD
PMAP: 100068 5 17 32774 CMSD
PMAP: 100083 1 6 32775 ?
PMAP: 100002 2 6 32776 RUSERS
PMAP: 100002 3 6 32776 RUSERS
PMAP: 100002 2 17 32775 RUSERS
PMAP: 100002 3 17 32775 RUSERS
PMAP: 100011 1 17 32776 RQUOTA
PMAP: 300598 1 17 32779 ?
PMAP: 300598 1 6 32777 ?
PMAP: 805306368 1 17 32779 ?
PMAP: 805306368 1 6 32777 ?
PMAP: 100249 1 17 32780 ?
PMAP: 100249 1 6 32778 ?
PMAP: 38 maps
PMAP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 8 arrived at 22:24:53.68476
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5711
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a058
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322821
TCP: Acknowledgement number = 1322807580
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 1856
TCP: Checksum = 0xe562
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134196, TS Echo = 1532405
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 9 arrived at 22:24:53.68489
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27280
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c17
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322807580
TCP: Acknowledgement number = 3368322822
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0x2c51
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532406, TS Echo = 2134196
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 10 arrived at 22:24:53.68522
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27281
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c16
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322807580
TCP: Acknowledgement number = 3368322822
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 49232
TCP: Checksum = 0x2c50
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532406, TS Echo = 2134196
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 11 arrived at 22:24:53.68535
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 2
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = b6a5
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322822
TCP: Acknowledgement number = 1322807581
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1856
TCP: Checksum = 0xe55e
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134198, TS Echo = 1532406
TCP:
2 0.00031 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Syn Ack=3368322777 Seq=1322806787 Len=0 Win=49232 Options=
3 0.00004 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322806788 Seq=3368322777 Len=0 Win=1460 Options=
4 0.00013 ipc4.shanjing.com -> sun1.shanjing.com PORTMAP C DUMP
5 0.00022 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Ack=3368322821 Seq=1322806788 Len=0 Win=49188 Options=
6 0.00093 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322807580 Seq=3368322821 Len=0 Win=1856 Options=
7 0.00001 sun1.shanjing.com -> ipc4.shanjing.com PORTMAP R DUMP 38 map(s) found
8 0.01263 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Fin Ack=1322807580 Seq=3368322821 Len=0 Win=1856 Options=
9 0.00013 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Ack=3368322822 Seq=1322807580 Len=0 Win=49232 Options=
10 0.00032 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Fin Ack=3368322822 Seq=1322807580 Len=0 Win=49232 Options=
11 0.00013 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322807581 Seq=3368322822 Len=0 Win=1856 Options=
Details:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 22:24:53.67045
ETHER: Packet size = 74 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 60 bytes
IP: Identification = 5703
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a058
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322776
TCP: Acknowledgement number = 0
TCP: Data offset = 40 bytes
TCP: Flags = 0x02
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...0 .... = No acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 5840
TCP: Checksum = 0xc95d
TCP: Urgent pointer = 0
TCP: Options: (20 bytes)
TCP: - Maximum segment size = 1460 bytes
TCP: - SACK permitted option
TCP: - TS Val = 2134176, TS Echo = 0
TCP: - No operation
TCP: - Window scale = 2
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 22:24:53.67077
ETHER: Packet size = 78 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 64 bytes
IP: Identification = 27277
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c0e
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322806787
TCP: Acknowledgement number = 3368322777
TCP: Data offset = 44 bytes
TCP: Flags = 0x12
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0xeedf
TCP: Urgent pointer = 0
TCP: Options: (24 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134176
TCP: - Maximum segment size = 1460 bytes
TCP: - No operation
TCP: - Window scale = 0
TCP: - No operation
TCP: - No operation
TCP: - SACK permitted option
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 3 arrived at 22:24:53.67082
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5705
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a05e
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322777
TCP: Acknowledgement number = 1322806788
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1460
TCP: Checksum = 0xea46
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134177, TS Echo = 1532405
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 4 arrived at 22:24:53.67095
ETHER: Packet size = 110 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 96 bytes
IP: Identification = 5707
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a030
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111 (Sun RPC)
TCP: Sequence number = 3368322777
TCP: Acknowledgement number = 1322806788
TCP: Data offset = 32 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1460
TCP: Checksum = 0xe454
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134177, TS Echo = 1532405
TCP:
RPC: ----- SUN RPC Header -----
RPC:
RPC: Record Mark: last fragment, length = 40
RPC: Transaction id = 450618384
RPC: Type = 0 (Call)
RPC: RPC version = 2
RPC: Program = 100000 (PMAP), version = 2, procedure = 4
RPC: Credentials: Flavor = 0 (None), len = 0 bytes
RPC: Verifier : Flavor = 0 (None), len = 0 bytes
RPC:
PMAP: ----- Portmapper -----
PMAP:
PMAP: Proc = 4 (Dump the mappings)
PMAP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 5 arrived at 22:24:53.67117
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27278
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c19
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322806788
TCP: Acknowledgement number = 3368322821
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49188
TCP: Checksum = 0x2faa
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134177
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 6 arrived at 22:24:53.67211
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5709
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a05a
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322821
TCP: Acknowledgement number = 1322807580
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1856
TCP: Checksum = 0xe574
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134179, TS Echo = 1532405
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 7 arrived at 22:24:53.67212
ETHER: Packet size = 858 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 844 bytes
IP: Identification = 27279
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4900
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750 (Sun RPC)
TCP: Sequence number = 1322806788
TCP: Acknowledgement number = 3368322821
TCP: Data offset = 32 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0xf9c4
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134177
TCP:
RPC: ----- SUN RPC Header -----
RPC:
RPC: Record Mark: last fragment, length = 788
RPC: Transaction id = 450618384
RPC: Type = 1 (Reply)
RPC: This is a reply to frame 4
RPC: Status = 0 (Accepted)
RPC: Verifier : Flavor = 0 (None), len = 0 bytes
RPC: Accept status = 0 (Success)
RPC:
PMAP: ----- Portmapper -----
PMAP:
PMAP: Proc = 4 (Dump the mappings)
PMAP: Program Version Protocol Port
PMAP: 100000 4 6 111 PMAP
PMAP: 100000 3 6 111 PMAP
PMAP: 100000 2 6 111 PMAP
PMAP: 100000 4 17 111 PMAP
PMAP: 100000 3 17 111 PMAP
PMAP: 100000 2 17 111 PMAP
PMAP: 100024 1 17 32772 STATMON2
PMAP: 100024 1 6 32771 STATMON2
PMAP: 100133 1 17 32772 ?
PMAP: 100133 1 6 32771 ?
PMAP: 1073741824 1 6 32772 transient
PMAP: 100021 1 17 4045 NLM
PMAP: 100021 2 17 4045 NLM
PMAP: 100021 3 17 4045 NLM
PMAP: 100021 4 17 4045 NLM
PMAP: 100021 1 6 4045 NLM
PMAP: 100021 2 6 4045 NLM
PMAP: 100021 3 6 4045 NLM
PMAP: 100021 4 6 4045 NLM
PMAP: 100001 2 17 32773 RSTAT
PMAP: 100001 3 17 32773 RSTAT
PMAP: 100001 4 17 32773 RSTAT
PMAP: 100068 2 17 32774 CMSD
PMAP: 100068 3 17 32774 CMSD
PMAP: 100068 4 17 32774 CMSD
PMAP: 100068 5 17 32774 CMSD
PMAP: 100083 1 6 32775 ?
PMAP: 100002 2 6 32776 RUSERS
PMAP: 100002 3 6 32776 RUSERS
PMAP: 100002 2 17 32775 RUSERS
PMAP: 100002 3 17 32775 RUSERS
PMAP: 100011 1 17 32776 RQUOTA
PMAP: 300598 1 17 32779 ?
PMAP: 300598 1 6 32777 ?
PMAP: 805306368 1 17 32779 ?
PMAP: 805306368 1 6 32777 ?
PMAP: 100249 1 17 32780 ?
PMAP: 100249 1 6 32778 ?
PMAP: 38 maps
PMAP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 8 arrived at 22:24:53.68476
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5711
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a058
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322821
TCP: Acknowledgement number = 1322807580
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 1856
TCP: Checksum = 0xe562
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134196, TS Echo = 1532405
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 9 arrived at 22:24:53.68489
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27280
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c17
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322807580
TCP: Acknowledgement number = 3368322822
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0x2c51
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532406, TS Echo = 2134196
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 10 arrived at 22:24:53.68522
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27281
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c16
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322807580
TCP: Acknowledgement number = 3368322822
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 49232
TCP: Checksum = 0x2c50
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532406, TS Echo = 2134196
TCP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 11 arrived at 22:24:53.68535
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 2
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = b6a5
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322822
TCP: Acknowledgement number = 1322807581
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1856
TCP: Checksum = 0xe55e
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134198, TS Echo = 1532406
TCP:
