TCP connection states vs netstat output


TCP/IP 3-way handshake.




TCP Connection States



Following is a brief explanation of this handshake. In this context the "client" is the peer requesting a connection and the "server" is the peer accepting a connection. Note that this notation does not reflect Client/Server relationships as an architectural principal.

  1. Connection Establishment

    • The client sends a SYN message which contains the server's port and the client's Initial Sequence Number (ISN) to the server (active open).
    • The server sends back its own SYN and ACK (which consists of the client's ISN + 1).
    • The Client sends an ACK (which consists of the server's ISN + 1).

  2. Connection Tear-down (modified three way handshake).

    • The client sends a FIN (active close). This is a now a half-closed connection. The client no longer sends data, but is still able to receive data from the server. Upon receiving this FIN, the server enters a passive close state.
    • The server sends an ACK (which is the clients FIN sequence + 1)
    • The server sends its own FIN.
    • The client sends an ACK (which is server's FIN sequence + 1). Upon receiving this ACK, the server closes the connection.
A half-closed connection can be used to terminate sending data while sill receiving data. Socket applications can call shutdown with the second argument set to 1 to enter this state.

Netstat Output



The above TCP connection states can be monitored in a network trace under the TCP flags. It is also possible to determine the status of the connection by running the Netstat utility and looking at the State column.

State explanations as shown in Netstat:
State Explanation
------------ --------------------------------------------------------

SYN_SEND Indicates active open.

SYN_RECEIVED Server just received SYN from the client.

ESTABLISHED Client received server's SYN and session is established.

LISTEN Server is ready to accept connection.

NOTE: See documentation for listen() socket call. TCP sockets in listening state are not shown - this is a limitation of NETSTAT. For additional information, please see the following article in the Microsoft Knowledge Base:
134404 (http://support.microsoft.com/kb/134404/EN-US/ ) NETSTAT Does Not Show TCP Listen Sockets

FIN_WAIT_1 Indicates active close.

TIME_WAIT Client enters this state after active close.

CLOSE_WAIT Indicates passive close. Server just received first FIN from a client.

FIN_WAIT_2 Client just received acknowledgment of its first FIN from the server.

LAST_ACK Server is in this state when it sends its own FIN.

CLOSED Server received ACK from client and connection is closed.
As an example, consider the following scenario:

A socket application has been terminated, but Netstat reports the socket in a CLOSE_WAIT state. This could indicate that the client properly closed the connection (FIN has been sent), but the server still has its socket open. This could be the result of one instance (among all threads or processes) of the socket not being closed.

NOTE: It is normal to have a socket in the TIME_WAIT state for a long period of time. The time is specified in RFC793 as twice the Maximum Segment Lifetime (MSL). MSL is specified to be 2 minutes. So, a socket could be in a TIME_WAIT state for as long as 4 minutes. Some systems implement different values (less than 2 minutes) for the MSL. See below for details:


Code:

   Client                                                   Server
   ======                                                   ======
   ESTABLISHED                                              ESTABLISHED
   (client closes)
   ESTABLISHED                                              ESTABLISHED
                 ------->>
   FIN_WAIT_1
                <<-------- 
   FIN_WAIT_2                                               CLOSE_WAIT
                <<--------   (server closes)
                                                            LAST_ACK
                , ------->>
   TIME_WAIT                                                CLOSED
   (2*msl elapses...)
   CLOSED

Note: the +1 on the sequence numbers is because the FIN counts as one byte of data. (The above diagram is equivalent to fig. 13 from RFC 793).






Additional references:



Below is a tcpdump (Solaris' snoop) verbose output of an rpcinfo -p query made by a linux host to Sun Solaris server. It shows details of TCP/IP 3-way handshake SYN -> SYN/ACK -> ACK between a Linux host (ipc4) and a Solaris server (sun1).

To understand rpc, please see my blog article Understand Remote Procedure Call in 1 Minute

Summary:

1 0.00000 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Syn Seq=3368322776 Len=0 Win=5840 Options=
2 0.00031 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Syn Ack=3368322777 Seq=1322806787 Len=0 Win=49232 Options=
3 0.00004 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322806788 Seq=3368322777 Len=0 Win=1460 Options=
4 0.00013 ipc4.shanjing.com -> sun1.shanjing.com PORTMAP C DUMP
5 0.00022 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Ack=3368322821 Seq=1322806788 Len=0 Win=49188 Options=
6 0.00093 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322807580 Seq=3368322821 Len=0 Win=1856 Options=
7 0.00001 sun1.shanjing.com -> ipc4.shanjing.com PORTMAP R DUMP 38 map(s) found
8 0.01263 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Fin Ack=1322807580 Seq=3368322821 Len=0 Win=1856 Options=
9 0.00013 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Ack=3368322822 Seq=1322807580 Len=0 Win=49232 Options=
10 0.00032 sun1.shanjing.com -> ipc4.shanjing.com TCP D=750 S=111 Fin Ack=3368322822 Seq=1322807580 Len=0 Win=49232 Options=
11 0.00013 ipc4.shanjing.com -> sun1.shanjing.com TCP D=111 S=750 Ack=1322807581 Seq=3368322822 Len=0 Win=1856 Options=

Details:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 22:24:53.67045
ETHER: Packet size = 74 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 60 bytes
IP: Identification = 5703
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a058
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322776
TCP: Acknowledgement number = 0
TCP: Data offset = 40 bytes
TCP: Flags = 0x02
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...0 .... = No acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 5840
TCP: Checksum = 0xc95d
TCP: Urgent pointer = 0
TCP: Options: (20 bytes)
TCP: - Maximum segment size = 1460 bytes
TCP: - SACK permitted option
TCP: - TS Val = 2134176, TS Echo = 0
TCP: - No operation
TCP: - Window scale = 2
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 22:24:53.67077
ETHER: Packet size = 78 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 64 bytes
IP: Identification = 27277
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c0e
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322806787
TCP: Acknowledgement number = 3368322777
TCP: Data offset = 44 bytes
TCP: Flags = 0x12
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0xeedf
TCP: Urgent pointer = 0
TCP: Options: (24 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134176
TCP: - Maximum segment size = 1460 bytes
TCP: - No operation
TCP: - Window scale = 0
TCP: - No operation
TCP: - No operation
TCP: - SACK permitted option
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 3 arrived at 22:24:53.67082
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5705
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a05e
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322777
TCP: Acknowledgement number = 1322806788
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1460
TCP: Checksum = 0xea46
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134177, TS Echo = 1532405
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 4 arrived at 22:24:53.67095
ETHER: Packet size = 110 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 96 bytes
IP: Identification = 5707
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a030
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111 (Sun RPC)
TCP: Sequence number = 3368322777
TCP: Acknowledgement number = 1322806788
TCP: Data offset = 32 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1460
TCP: Checksum = 0xe454
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134177, TS Echo = 1532405
TCP:
RPC: ----- SUN RPC Header -----
RPC:
RPC: Record Mark: last fragment, length = 40
RPC: Transaction id = 450618384
RPC: Type = 0 (Call)
RPC: RPC version = 2
RPC: Program = 100000 (PMAP), version = 2, procedure = 4
RPC: Credentials: Flavor = 0 (None), len = 0 bytes
RPC: Verifier : Flavor = 0 (None), len = 0 bytes
RPC:
PMAP: ----- Portmapper -----
PMAP:
PMAP: Proc = 4 (Dump the mappings)
PMAP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 5 arrived at 22:24:53.67117
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27278
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c19
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322806788
TCP: Acknowledgement number = 3368322821
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49188
TCP: Checksum = 0x2faa
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134177
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 6 arrived at 22:24:53.67211
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5709
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a05a
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322821
TCP: Acknowledgement number = 1322807580
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1856
TCP: Checksum = 0xe574
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134179, TS Echo = 1532405
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 7 arrived at 22:24:53.67212
ETHER: Packet size = 858 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 844 bytes
IP: Identification = 27279
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4900
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750 (Sun RPC)
TCP: Sequence number = 1322806788
TCP: Acknowledgement number = 3368322821
TCP: Data offset = 32 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0xf9c4
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532405, TS Echo = 2134177
TCP:
RPC: ----- SUN RPC Header -----
RPC:
RPC: Record Mark: last fragment, length = 788
RPC: Transaction id = 450618384
RPC: Type = 1 (Reply)
RPC: This is a reply to frame 4
RPC: Status = 0 (Accepted)
RPC: Verifier : Flavor = 0 (None), len = 0 bytes
RPC: Accept status = 0 (Success)
RPC:
PMAP: ----- Portmapper -----
PMAP:
PMAP: Proc = 4 (Dump the mappings)
PMAP: Program Version Protocol Port
PMAP: 100000 4 6 111 PMAP
PMAP: 100000 3 6 111 PMAP
PMAP: 100000 2 6 111 PMAP
PMAP: 100000 4 17 111 PMAP
PMAP: 100000 3 17 111 PMAP
PMAP: 100000 2 17 111 PMAP
PMAP: 100024 1 17 32772 STATMON2
PMAP: 100024 1 6 32771 STATMON2
PMAP: 100133 1 17 32772 ?
PMAP: 100133 1 6 32771 ?
PMAP: 1073741824 1 6 32772 transient
PMAP: 100021 1 17 4045 NLM
PMAP: 100021 2 17 4045 NLM
PMAP: 100021 3 17 4045 NLM
PMAP: 100021 4 17 4045 NLM
PMAP: 100021 1 6 4045 NLM
PMAP: 100021 2 6 4045 NLM
PMAP: 100021 3 6 4045 NLM
PMAP: 100021 4 6 4045 NLM
PMAP: 100001 2 17 32773 RSTAT
PMAP: 100001 3 17 32773 RSTAT
PMAP: 100001 4 17 32773 RSTAT
PMAP: 100068 2 17 32774 CMSD
PMAP: 100068 3 17 32774 CMSD
PMAP: 100068 4 17 32774 CMSD
PMAP: 100068 5 17 32774 CMSD
PMAP: 100083 1 6 32775 ?
PMAP: 100002 2 6 32776 RUSERS
PMAP: 100002 3 6 32776 RUSERS
PMAP: 100002 2 17 32775 RUSERS
PMAP: 100002 3 17 32775 RUSERS
PMAP: 100011 1 17 32776 RQUOTA
PMAP: 300598 1 17 32779 ?
PMAP: 300598 1 6 32777 ?
PMAP: 805306368 1 17 32779 ?
PMAP: 805306368 1 6 32777 ?
PMAP: 100249 1 17 32780 ?
PMAP: 100249 1 6 32778 ?
PMAP: 38 maps
PMAP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 8 arrived at 22:24:53.68476
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 5711
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = a058
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322821
TCP: Acknowledgement number = 1322807580
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 1856
TCP: Checksum = 0xe562
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134196, TS Echo = 1532405
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 9 arrived at 22:24:53.68489
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27280
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c17
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322807580
TCP: Acknowledgement number = 3368322822
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49232
TCP: Checksum = 0x2c51
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532406, TS Echo = 2134196
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 10 arrived at 22:24:53.68522
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:e5:d:fb,
ETHER: Source = 0:c:29:2e:ed:c1,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 27281
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 4c16
IP: Source address = 192.168.1.100, sun1.shanjing.com
IP: Destination address = 192.168.1.104, ipc4.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 111
TCP: Destination port = 750
TCP: Sequence number = 1322807580
TCP: Acknowledgement number = 3368322822
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 49232
TCP: Checksum = 0x2c50
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 1532406, TS Echo = 2134196
TCP:

ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 11 arrived at 22:24:53.68535
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:c:29:2e:ed:c1,
ETHER: Source = 0:c:29:e5:d:fb,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 52 bytes
IP: Identification = 2
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 64 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = b6a5
IP: Source address = 192.168.1.104, ipc4.shanjing.com
IP: Destination address = 192.168.1.100, sun1.shanjing.com
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 750
TCP: Destination port = 111
TCP: Sequence number = 3368322822
TCP: Acknowledgement number = 1322807581
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 1856
TCP: Checksum = 0xe55e
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 2134198, TS Echo = 1532406
TCP:
Posted by Shan Jing
Labels: