Ethereal-users: [Ethereal-users] Help Analysing Transaction

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Matt Smith" <gramps_dogg@xxxxxxxxxxx>
Date: Mon, 24 Oct 2005 17:55:09 -0400
I was hoping someone could help do an analysis on some tcp transactions. Maybee explain the sequence of events according the Syn's/Ack's/Psh's and fin's (especially if there are 3 in one packet set).  I have a basic understanding of them but not enough to understand what packet is being ack'd and such.  Any help would be greatly appreciated. Also, any sites with an advanced tutorial would be great.

Here are 2 examples, the first is the INVALID transaction and the second is one that worked (what they all "should" look like).  *.*.*.20 is the router(to client) and *.*.*.12 is the server.
Here is a basic explaination of what should happen.  The client connects, send a message, server processes the message then sends 2 messages back to the client.

No.     Time        Source     Destination     Info
      1 0.000000    *.*.*.20   *.*.*.12   3614 > 8100 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
      2 0.000038    *.*.*.12   *.*.*.20   8100 > 3614 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460
      3 0.110655    *.*.*.20   *.*.*.12   3614 > 8100 [ACK] Seq=1 Ack=1 Win=65535 Len=0
      4 1.113844    *.*.*.20   *.*.*.12   3614 > 8100 [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=200
      5 1.231208    *.*.*.12   *.*.*.20   8100 > 3614 [ACK] Seq=1 Ack=201 Win=65335 Len=0
      6 4.872452    *.*.*.20   *.*.*.12   3614 > 8100 [FIN, ACK] Seq=201 Ack=1 Win=65535 Len=0
      7 4.872488    *.*.*.12   *.*.*.20   8100 > 3614 [ACK] Seq=1 Ack=202 Win=65335 Len=0
      8 5.741186    *.*.*.12   *.*.*.20   8100 > 3614 [PSH, ACK] Seq=1 Ack=202 Win=65335 Len=3
      9 5.741844    *.*.*.12   *.*.*.20   8100 > 3614 [FIN, PSH, ACK] Seq=4 Ack=202 Win=65335 Len=194
     10 5.852781    *.*.*.20   *.*.*.12   3614 > 8100 [RST, ACK] Seq=202 Ack=4 Win=0 Len=0
     11 5.862991    *.*.*.20   *.*.*.12   3614 > 8100 [RST] Seq=202 Ack=2017669458 Win=0 Len=0

     12 21.076657   *.*.*.20   *.*.*.12   3616 > 8100 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
     13 21.076695   *.*.*.12   *.*.*.20   8100 > 3616 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460
     14 21.195579   *.*.*.20   *.*.*.12   3616 > 8100 [ACK] Seq=1 Ack=1 Win=65535 Len=0
     15 22.193907   *.*.*.20   *.*.*.12   3616 > 8100 [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=200
     16 22.353879   *.*.*.12   *.*.*.20   8100 > 3616 [ACK] Seq=1 Ack=201 Win=65335 Len=0
     17 24.279982   *.*.*.12   *.*.*.20   8100 > 3616 [PSH, ACK] Seq=1 Ack=201 Win=65335 Len=3
     18 24.557292   *.*.*.20   *.*.*.12   3616 > 8100 [ACK] Seq=201 Ack=4 Win=65532 Len=0
     19 24.557329   *.*.*.12   *.*.*.20   8100 > 3616 [PSH, ACK] Seq=4 Ack=201 Win=65335 Len=194
     20 24.885125   *.*.*.20   *.*.*.12   3616 > 8100 [ACK] Seq=201 Ack=198 Win=65338 Len=0
     21 34.280141   *.*.*.12   *.*.*.20   8100 > 3616 [FIN, ACK] Seq=198 Ack=201 Win=65335 Len=0
     22 34.392658   *.*.*.20   *.*.*.12   3616 > 8100 [ACK] Seq=201 Ack=199 Win=65338 Len=0
     23 34.396056   *.*.*.20   *.*.*.12   3616 > 8100 [FIN, ACK] Seq=201 Ack=199 Win=65338 Len=0
     24 34.396071   *.*.*.12   *.*.*.20   8100 > 3616 [ACK] Seq=199 Ack=202 Win=65335 Len=0
 
Thank you.