Brief description of the packet capture process:
Set up filtering
cmd command line prompt input: ftp 10.41.1.2
Enter quit at the command line and press Enter
data analysis:
We can see the packet grabbed by wireshark , and finally there are four TCP packets, indicating that it is indeed disconnected via TCP .
The first handshake:
The client sends a TCP packet to the server to close the data transfer from the client to the server. Set the flag bits FIN and ACK to 1 , the serial number is 78 , and confirm that the serial number is 14.
sequence number:78
Acknowledgment:14
END = 1
ACK=1
Second handshake:
After receiving the FIN , the target machine returns an ACK , the flag bit is 1 , the confirmation number is the received sequence number plus 1 = 79 , and the received confirmation number must be 14
sequence number:14
Acknowledgment:79
ACK:1
END = 0
The third handshake:
The target machine closes the connection with the client and sends a FIN with FIN and ACK set to 1 .
sequence number:14
Acknowledgment:79
ACK:1
END = 1
Fourth handshake:
After receiving the FIN sent by the target, the client plays an ACK with the flag bit being 1 , confirming that the received sequence number is increased by 1 = 15 , and the sequence number is the received confirmation number 79 .
The ftp connection is disconnected.