[ACN Assignment: 2 – Snoop] THIS FILE BELONGS TO RAMAKRISHNAN VENKITARAMAN (RXV024000@UTDALLAS.EDU) Analysis of the packets. (Analysis.txt) In the Snoop trace the first field indicates the packet number, the second field indicated the time lapsed between this packet and the previous packet. The next 2 fields represent the source and the destination of the packet respectively. The next field represents the protocol and the fields that follow the protocol field correspond to the protocol specific fields for that layer/packet. Note: in most places in the explanation below grand will refer to grant.utdallas.edu, nic will refer to nic.merit.edu and csweb will refer to csweb.cs.utsa.edu _______________________________ 1 0.00000 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 62 bytes 1 0.00000 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=48, ID=2861 1 0.00000 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Syn Seq=875401197 Len=0 Win=24820 Options= 1 0.00000 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 IP: The source is grant.utdallas.edu (129.110.49.28) and the destination is nic.merit.edu(198.108.1.48). The unique identification number of this packet is 2861. TCP: This is the first packet of the TCP 3 way handshake between the grant.utdallas.edu and nic.merit.edu. This can be identified by the noting that the SYN flag has been set in the TCP header. grant.utdallas.edu also tells nic.merit.edu using the packet that the initial sequence number that it will use is 875401197.. Moreover the value Win=24820 indicates that the window size at the sender side is 24820 bytes. The source port# is 45202 and the destination port# is 21. The options field indicates that selective acknowledgements are allowed and that the maximum segment size allowed is 1460 bytes. FTP: Also the FTP protocol requests a control connection at the client port#45202 and the server control port at 21. port 21 is normally reserved for use with the FTP control connection. ______________________________ 2 0.04306 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 2 0.04306 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=44, ID=24473 2 0.04306 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Syn Ack=875401198 Seq=674185963 Len=0 Win=1460 Options= 2 0.04306 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 IP: The IP packet is from nic to grant. TCP: This is the second packet in the 3 way handshake between nic.merit.edu and grant.utdallas.edu. The ack field indicates that nic is expecting packet#875401198 as the next packet and this implicitly acts as the ack for the packet that it received with the seq#875401197 from grant(packet#1). This TCP packet has the seq#674185963 and it also advertises the window size of nic to grant as 1460. The options field also indicates that the maximum segment size thats allowed is 1460 bytes. ________________________________ 3 0.00002 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 3 0.00002 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2862 3 0.00002 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674185964 Seq=875401198 Len=0 Win=24820 3 0.00002 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 This is the 3rd packet in the 3 way hand shake that takes place between the grand and nic and in this packet, grand is sending the ack for the syn from nic in packet#2. Also note that the seq# of the TCP packet from grant to nic has been incremented by 1 as its this is the second packet that grant is sending to nic. We are still using the control connection as indicated by the value of the port number 21. ________________________________ 4 0.12673 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 142 bytes 4 0.12673 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=128, ID=24474 4 0.12673 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401198 Seq=674185964 Len=88 Win=2920 4 0.12673 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 220 nic.merit.edu FT This TCP packet carries Ack=875401198 and Seq=674185964. But the seq number of the packet#3 that was sent from grant to nic is 875401198. If packet#3 had been received by grant nic then the ack field should have been 875401199. Since its not, we can conclude that the PACKET#3 WAS LOST AND WAS NOT RECEIVED BY NIC. Well then we are yet to finish the 3 way handshake phase and now we find NIC already sending payload of 88 bytes with packet#4. I had the doubt whether this is right in the sense that can NIC send data even before the completion of the 3 way handshake and referred teh TCP RFC at http://www.ietf.org/rfc/rfc0793.txt and it says that its fine but the receiving end of the data must not deliver the data to the user until its sure that the connection is established.. FTP: The FTP protocol sends a code of 220 indicating that the Service ready for new user and now the user must in the subsequent packets send the username like... ________________________________ 5 0.00009 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 5 0.00009 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2863 5 0.00009 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186052 Seq=875401198 Len=0 Win=24820 5 0.00009 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 In this packet, grant is sending nic an ack# of 674186052 and this means this will serve as the cumulative ack for the lost packet#3 and the packet#4 with 88 bytes that was sent by nic to grant. The 3 way hand shake is fully complete now. ________________________________ 6 5.28230 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 70 bytes 6 5.28230 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=56, ID=2864 6 5.28230 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186052 Seq=875401198 Len=16 Win=24820 6 5.28230 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 USER anonymous\r\n grant now sends the user name that was typed by the user and in this case its the anonymous... ________________________________ 7 0.04206 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 7 0.04206 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=40, ID=24475 7 0.04206 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401214 Seq=674186052 Len=0 Win=2920 7 0.04206 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 nic acks the reception of the username packet#6 ________________________________ 8 0.00708 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 122 bytes 8 0.00708 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=108, ID=24476 8 0.00708 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401214 Seq=674186052 Len=68 Win=2920 8 0.00708 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 331 Guest login ok, nic after getting the anonymous username responds with code #331 which in the rfc for FTP(http://www.ietf.org/rfc/rfc959.txt) stands for User name okay, need password. In this case since the user name is anonymous we have the guest login. ________________________________ 9 0.09476 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 9 0.09476 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2865 9 0.09476 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186120 Seq=875401214 Len=0 Win=24820 9 0.09476 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 grant acks packet#8. ________________________________ 10 5.27213 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 80 bytes 10 5.27213 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=66, ID=2866 10 5.27213 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186120 Seq=875401214 Len=26 Win=24820 10 5.27213 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 PASS ksarac@utdallas grant then sends the password that it got from the user and in this case as its the guest login, the password is some valid email address. In this case its our professors :) ________________________________ 11 0.19963 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 11 0.19963 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=46, ID=24477 11 0.19963 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401240 Seq=674186120 Len=6 Win=2920 11 0.19963 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 230-\r\n nic acks pkt#10 and sends one packet with len=6. nic responds with the FTP code of 230 which means "User logged in, proceed." followed by a carriage return and and a new line feed. ________________________________ 12 0.09827 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 12 0.09827 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2867 12 0.09827 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186126 Seq=875401240 Len=0 Win=24820 12 0.09827 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 grand acks pkt#11 ________________________________ 13 0.04219 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 405 bytes 13 0.04219 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=391, ID=24478 13 0.04219 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401240 Seq=674186126 Len=351 Win=2920 13 0.04219 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 230- NOTICE: This Nic sends some contents/notice and this packet also implicitly acks packet#12 ________________________________ 14 0.09777 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 14 0.09777 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2868 14 0.09777 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186477 Seq=875401240 Len=0 Win=24820 14 0.09777 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 grant acks packet#13 ________________________________ 15 4.39407 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 82 bytes 15 4.39407 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=68, ID=2869 15 4.39407 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186477 Seq=875401240 Len=28 Win=24820 15 4.39407 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 PORT 129,110,49,28,1 The port command is used to open the data connection. To open this second connection, the client sends a port command to the server machine. This command includes the parameters that tell the server which ip address to connect to and which port to open on that address. Since the port command is being executed we can get to know that FTP is being used in ACTIVE mode. ________________________________ 16 0.04466 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 84 bytes 16 0.04466 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=70, ID=24479 16 0.04466 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401268 Seq=674186477 Len=30 Win=2920 16 0.04466 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 200 PORT command suc nic sends grant an ack for packet 15 and also says that the port command was successful. The FTP RFC says that the code 200 stands for "200 Command okay". ________________________________ 17 0.00022 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 71 bytes 17 0.00022 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=57, ID=2870 17 0.00022 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186507 Seq=875401268 Len=17 Win=24820 17 0.00022 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 RETR index.html\r\n Ack for packet#16 A RETR request asks the server to send the contents of a file index.html over the data connection already established by the client. The RETR parameter is an encoded pathname of the file. The "\r" stands for carriage return and the "\n" stands for the new line character ________________________________ 18 0.04580 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 18 0.04580 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=44, ID=24480 18 0.04580 nic.merit.edu -> grant.utdallas.edu TCP D=45203 S=20 Syn Seq=676845208 Len=0 Win=8760 Options= 18 0.04580 nic.merit.edu -> grant.utdallas.edu FTP-DATA R port=45203 This is the SYN command for the data connection also acks packet#17. A new data connection is opened between nic and grant and this will be the connection through which the transfer of the data will be taking place. This is the first part of the 3 way handshake between nic and grant for the data connection. note that the port #20 is used for the data connection ________________________________ 19 0.00004 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 58 bytes 19 0.00004 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=44, ID=2871 19 0.00004 grant.utdallas.edu -> nic.merit.edu TCP D=20 S=45203 Syn Ack=676845209 Seq=879462933 Len=0 Win=24820 Options= 19 0.00004 grant.utdallas.edu -> nic.merit.edu FTP-DATA C port=45203 Now grant sends an syn+ack to nic, where the ack is for packet#18 and the syn is for the data connection This packet corresponds to the second phase of the 3 way handshake ________________________________ 20 0.04210 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 20 0.04210 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=40, ID=24481 20 0.04210 nic.merit.edu -> grant.utdallas.edu TCP D=45203 S=20 Ack=879462934 Seq=676845209 Len=0 Win=1460 20 0.04210 nic.merit.edu -> grant.utdallas.edu FTP-DATA R port=45203 This is the ack from nic to grant for packet 19 and is completes the 3rd phase of the 3 way handshake as soon as grant receives this packet, its done with the establishment of the data connection between nic and grant. ________________________________ 21 0.00075 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 123 bytes 21 0.00075 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=109, ID=24482 21 0.00075 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401285 Seq=674186507 Len=69 Win=2920 21 0.00075 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 150 Opening ASCII mo The code 150 as defined by the FTP RFC means that "150 File status okay; about to open data connection." and in this case it also says that its opening a connection in ASCII mode and its the default mode for FTP. the server responds with a mark using code 150. It then stops accepting new connections, attempts to send the contents of the file over the data connection until it closes the data connection. ________________________________ 22 0.00268 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 1424 bytes 22 0.00268 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=1410, ID=24483 22 0.00268 nic.merit.edu -> grant.utdallas.edu TCP D=45203 S=20 Ack=879462934 Seq=676845209 Len=1370 Win=2920 22 0.00268 nic.merit.edu -> grant.utdallas.edu FTP-DATA R port=45203 grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 23 0.00009 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=40, ID=24484 23 0.00009 nic.merit.edu -> grant.utdallas.edu TCP D=45203 S=20 Fin Ack=879462934 Seq=676846579 Len=0 Win=8760 23 0.00009 nic.merit.edu -> grant.utdallas.edu FTP-DATA R port=45203 Since the transmission of the data is over the server is sending the client a Fin message and is essentially trying to close the data connection ________________________________ 24 0.00004 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 24 0.00004 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2872 24 0.00004 grant.utdallas.edu -> nic.merit.edu TCP D=20 S=45203 Ack=676846579 Seq=879462934 Len=0 Win=24820 24 0.00004 grant.utdallas.edu -> nic.merit.edu FTP-DATA C port=45203 grant sends an ack for the data that it had received through the data connection from the server(nic) ack pkt#22. ________________________________ 25 0.00002 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 25 0.00002 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2873 25 0.00002 grant.utdallas.edu -> nic.merit.edu TCP D=20 S=45203 Ack=676846580 Seq=879462934 Len=0 Win=24820 25 0.00002 grant.utdallas.edu -> nic.merit.edu FTP-DATA C port=45203 ack fin. ________________________________ 26 0.00695 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 26 0.00695 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2874 26 0.00695 grant.utdallas.edu -> nic.merit.edu TCP D=20 S=45203 Fin Ack=676846580 Seq=879462934 Len=0 Win=24820 26 0.00695 grant.utdallas.edu -> nic.merit.edu FTP-DATA C port=45203 Send a Fin saying ok to close the data connection. ________________________________ 27 0.04206 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 27 0.04206 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=40, ID=24485 27 0.04206 nic.merit.edu -> grant.utdallas.edu TCP D=45203 S=20 Ack=879462935 Seq=676846580 Len=0 Win=8760 27 0.04206 nic.merit.edu -> grant.utdallas.edu FTP-DATA R port=45203 ack the fin from the client ________________________________ 28 0.04054 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 28 0.04054 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2875 28 0.04054 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186576 Seq=875401285 Len=0 Win=24820 28 0.04054 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 ack pkt#27 using the contol connection(port#21). note that the data connection is already closed. ________________________________ 29 0.04258 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 78 bytes 29 0.04258 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=64, ID=24486 29 0.04258 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401285 Seq=674186576 Len=24 Win=2920 29 0.04258 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 226 Transfer complet Sends a transfer complete command to the client. The ack value shows that the packet#28 is yet to reach nic. RFC of FTP says the following about code 226 accepts the RETR request with code 226 if the entire file was successfully written to the server's TCP buffers;The server is obliged to close the data connection in this case. The client is not expected to look for a response from the server until the client sees that the data connection is closed. ________________________________ 30 0.09739 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 30 0.09739 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2876 30 0.09739 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186600 Seq=875401285 Len=0 Win=24820 30 0.09739 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 ack pkt#29 ________________________________ 31 5.26500 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 60 bytes 31 5.26500 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=46, ID=2877 31 5.26500 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186600 Seq=875401285 Len=6 Win=24820 31 5.26500 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 QUIT\r\n The client at grant decides to close the ftp connection and sends a quit command to the server ________________________________ 32 0.04280 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 103 bytes 32 0.04280 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=89, ID=24487 32 0.04280 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401291 Seq=674186600 Len=49 Win=2920 32 0.04280 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 221-You have transfe the code 221 indicates a basic response from the server and it says the # of bytes that were transferred also acks pkt#31. ________________________________ 33 0.09225 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 33 0.09225 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2878 33 0.09225 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186649 Seq=875401291 Len=0 Win=24820 33 0.09225 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 ack pkt#32 ________________________________ 34 0.04376 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 194 bytes 34 0.04376 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=180, ID=24488 34 0.04376 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Fin Ack=875401291 Seq=674186649 Len=140 Win=8760 34 0.04376 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 221-Total traffic fo this is a FIN message. The server sends the client the code 221 which means Service closing control connection. Basically its closing the contol connection. It also sends some info reg the total traffic b/w client and the server. ________________________________ 35 0.00009 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 35 0.00009 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2879 35 0.00009 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Ack=674186790 Seq=875401291 Len=0 Win=24820 35 0.00009 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 This is an ack for pkt#34 ________________________________ 36 0.00041 grant.utdallas.edu -> nic.merit.edu ETHER Type=0800 (IP), size = 54 bytes 36 0.00041 grant.utdallas.edu -> nic.merit.edu IP D=198.108.1.48 S=129.110.49.28 LEN=40, ID=2880 36 0.00041 grant.utdallas.edu -> nic.merit.edu TCP D=21 S=45202 Fin Ack=674186790 Seq=875401291 Len=0 Win=24820 36 0.00041 grant.utdallas.edu -> nic.merit.edu FTP C port=45202 now the client sends a fin to close the control connection. ________________________________ 37 0.04275 nic.merit.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 37 0.04275 nic.merit.edu -> grant.utdallas.edu IP D=129.110.49.28 S=198.108.1.48 LEN=40, ID=24489 37 0.04275 nic.merit.edu -> grant.utdallas.edu TCP D=45202 S=21 Ack=875401292 Seq=674186790 Len=0 Win=8760 37 0.04275 nic.merit.edu -> grant.utdallas.edu FTP R port=45202 The server acks pkt#36 namely the fin from the client. THIS MARKS THE END OF THE CONNECTION CLOSING PHASE BETWEEN NIC AND GRANT AND HENCE THE FTP TRANSFER IS COMPLETE. EVEN IF THIS PKT DOES NOT REACH GRANT, GRANT WILL TIME OUT AND THE CONNECTION WILL COME TO AN END. ________________________________ -------------- % HTTP % -------------- 38 13.55915 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 62 bytes 38 13.55915 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=48, ID=32229 38 13.55915 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45204 Syn Seq=884224527 Len=0 Win=24820 Options= 38 13.55915 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45204 grant sends a request to csweb for a http connection through its syn message. This forms the phase one of the 3 way hand shake signal and grant tells csweb that the initial seq# that it will use will be Seq=884224527. ________________________________ 39 0.01770 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 62 bytes 39 0.01770 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=48, ID=60631 39 0.01770 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45204 S=80 Syn Ack=884224528 Seq=4175916251 Len=0 Win=1460 Options= 39 0.01770 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP R port=45204 This forms the phase2 of the 3 way hand shake and also acts as the ack for packet 38. csweb also sends a syn and tells that the initial seq# that it will be using is Seq=4175916251 note that the connection is opened at port 80 in the http server side and its the port that the http server normally uses. also note that other detains like the window size, MSS and like are also shared ________________________________ 40 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 40 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32230 40 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45204 Ack=4175916252 Seq=884224528 Len=0 Win=24820 40 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45204 ack pkt#39 ________________________________ 41 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 586 bytes 41 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=572, ID=32231 41 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45204 Ack=4175916252 Seq=884224528 Len=532 Win=24820 41 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP GET /~korkmaz HTTP/1.0 send a http get request asking for the webpage /~korkmaz in the server and using the http 1.0 version of the protocol ________________________________ 42 0.01748 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 42 0.01748 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=40, ID=60632 42 0.01748 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45204 S=80 Ack=884225060 Seq=4175916252 Len=0 Win=11680 42 0.01748 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP R port=45204 ack pkt#41 ________________________________ 43 0.06487 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 598 bytes 43 0.06487 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=584, ID=60633 43 0.06487 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45204 S=80 Ack=884225060 Seq=4175916252 Len=544 Win=11680 43 0.06487 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP HTTP/1.1 301 Moved Permanently The server sends an error code as indicated by the code 301 saying that the requested site has been moved permanently. and the protocol thats being used is the HTTP version 1.1 ________________________________ 44 0.00010 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 44 0.00010 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=40, ID=60634 44 0.00010 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45204 S=80 Fin Ack=884225060 Seq=4175916796 Len=0 Win=24820 44 0.00010 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP R port=45204 The server also sends a fin message to the client asking it to close the connection ________________________________ 45 0.00003 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 45 0.00003 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32232 45 0.00003 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45204 Ack=4175916796 Seq=884225060 Len=0 Win=24820 45 0.00003 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45204 ack for packet#43 ________________________________ 46 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 46 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32233 46 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45204 Ack=4175916797 Seq=884225060 Len=0 Win=24820 46 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45204 fin ack for pck#44 ________________________________ 47 0.00329 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 47 0.00329 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32234 47 0.00329 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45204 Fin Ack=4175916797 Seq=884225060 Len=0 Win=24820 47 0.00329 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45204 The client also sends a fin message to the server basically saying that its ready to close the connection ________________________________ 48 0.01807 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 48 0.01807 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=40, ID=60635 48 0.01807 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45204 S=80 Ack=884225061 Seq=4175916797 Len=0 Win=24820 48 0.01807 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP R port=45204 The server sends a fin ack and this is for the packet number#47 ________________________________ 49 0.98314 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 62 bytes 49 0.98314 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=48, ID=32235 49 0.98314 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Syn Seq=884688729 Len=0 Win=24820 Options= 49 0.98314 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45205 The client in this case grant now again tries to establish the connection with the server as the prev connection had to be closed due to the error code 3##. It also sends the other details that are shared as a part of the 3 way hand shake signal. This is the first packet thats sent as a part of the 3 way hand shake. ________________________________ 50 0.01704 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 62 bytes 50 0.01704 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=48, ID=60636 50 0.01704 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Syn Ack=884688730 Seq=4176351346 Len=0 Win=1460 Options= 50 0.01704 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP R port=45205 The server also responds with a syn message and also acks the pkt#49 the syn that was received from the client ________________________________ 51 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 51 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32236 51 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Ack=4176351347 Seq=884688730 Len=0 Win=24820 51 0.00004 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45205 The client responds with a syn ack which is the ack for the message pkt#50 ________________________________ 52 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 587 bytes 52 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=573, ID=32237 52 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Ack=4176351347 Seq=884688730 Len=533 Win=24820 52 0.00045 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP GET /~korkmaz/ HTTP/1.0 The client now requests for the webpage and this time it includes the "/" at the end of the URI that it requested last time.. note that last time the request resulted in a 3## error as it did not have a "/" at the end of the URI. ________________________________ 53 0.02192 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 53 0.02192 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=40, ID=60637 53 0.02192 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Ack=884689263 Seq=4176351347 Len=0 Win=11680 53 0.02192 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP R port=45205 The server acknowledges the reception of the pkt#52 ________________________________ 54 0.02065 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 324 bytes 54 0.02065 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=310, ID=60638 54 0.02065 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Ack=884689263 Seq=4176351347 Len=270 Win=11680 54 0.02065 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP HTTP/1.1 200 OK The server responds with a code of 200 which basically means that every thing is fine. ________________________________ 55 0.00014 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 55 0.00014 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32238 55 0.00014 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Ack=4176351617 Seq=884689263 Len=0 Win=24820 55 0.00014 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45205 the client acks for pkt#54 ________________________________ 56 0.00959 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 1244 bytes 56 0.00959 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=1230, ID=60639 56 0.00959 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Ack=884689263 Seq=4176351617 Len=1190 Win=11680 56 0.00959 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP (body) The server now sends the body part of the file that was requested by the client. ________________________________ 57 0.00734 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 324 bytes 57 0.00734 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=310, ID=60640 57 0.00734 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Ack=884689263 Seq=4176352807 Len=270 Win=11680 57 0.00734 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP I was awarded with a government scholarship The server continues to send the body of the file requested. ________________________________ 58 0.00157 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 58 0.00157 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32239 58 0.00157 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Ack=4176353077 Seq=884689263 Len=0 Win=24820 58 0.00157 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45205 ack pkt#57 ________________________________ 59 0.01957 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 1514 bytes 59 0.01957 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=1500, ID=60641 59 0.01957 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Ack=884689263 Seq=4176353077 Len=1460 Win=11680 59 0.01957 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP EF="http://www.cis.syr.edu/"> Department of Computer and Information The body part of the page is continuously being sent from the sender to the client ________________________________ 60 0.00034 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 1514 bytes 60 0.00034 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=1500, ID=60642 60 0.00034 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Ack=884689263 Seq=4176354537 Len=1460 Win=11680 60 0.00034 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP in Distributed Systems, Internet Related Technologies, The body part of the page is continuously being sent from the sender to the client ________________________________ 61 0.00003 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 91 bytes 61 0.00003 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=77, ID=60643 61 0.00003 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Fin Ack=884689263 Seq=4176355997 Len=37 Win=24820 61 0.00003 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP (body) The server after transmitting the page sends a FIN message asking a connection close. ________________________________ 62 0.00010 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 62 0.00010 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32240 62 0.00010 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Ack=4176355997 Seq=884689263 Len=0 Win=24820 62 0.00010 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45205 ack for pkt#60 ________________________________ 63 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 63 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32241 63 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Ack=4176356035 Seq=884689263 Len=0 Win=24820 63 0.00002 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45205 ack for pkt#61 ________________________________ 64 0.04002 grant.utdallas.edu -> csweb.cs.utsa.edu ETHER Type=0800 (IP), size = 54 bytes 64 0.04002 grant.utdallas.edu -> csweb.cs.utsa.edu IP D=129.115.29.8 S=129.110.49.28 LEN=40, ID=32242 64 0.04002 grant.utdallas.edu -> csweb.cs.utsa.edu TCP D=80 S=45205 Fin Ack=4176356035 Seq=884689263 Len=0 Win=24820 64 0.04002 grant.utdallas.edu -> csweb.cs.utsa.edu HTTP C port=45205 now the client is sending a fin message and is also sending a request for the termination of the connection. ________________________________ 65 0.01653 csweb.cs.utsa.edu -> grant.utdallas.edu ETHER Type=0800 (IP), size = 60 bytes 65 0.01653 csweb.cs.utsa.edu -> grant.utdallas.edu IP D=129.110.49.28 S=129.115.29.8 LEN=40, ID=60644 65 0.01653 csweb.cs.utsa.edu -> grant.utdallas.edu TCP D=45205 S=80 Ack=884689264 Seq=4176356035 Len=0 Win=24820 65 0.01653 csweb.cs.utsa.edu -> grant.utdallas.edu HTTP R port=45205 The server sends a FIN ack. THIS MARKS THE END OF THE CONNECTION CLOSING PHASE BETWEEN CSWEB AND GRANT AND HENCE THE HTTP TRANSFER IS COMPLETE. EVEN IF THIS PKT DOES NOT REACH GRANT, GRANT WILL TIME OUT AND THE CONNECTION WILL COME TO AN END.